Requirements Should have complete understanding and hands-on experience on IT security maintenance and monitoring, patching, desktop/laptop, on-premises networking, Firewalls, VPN, IT and compliance policies, etc. Should be able to manage and develop end-to-end IT security policies, rules, and regulations, related training and awareness programmes in the organization. Knowledge and hands-on on Office 365 features, policies, and Data loss prevention, Mobile device management service Microsoft INTUNE. Checking and maintaining end-to-end security parameters in the organization and creating and maintaining policies for different processes to secure the network and systems. Monitoring Security audits and different log messages from the network and the organization's IT resources. Investigate and escalate security breaches or unauthorized access. Biometric and Access control management. FortiGate and another industry firewall good knowledge and hands-on experience, along with monitoring and security policies implementation. Remote access management to the user's system with complete security. Office 365 admin panel hands-on (managing users/devices/licenses and tracing methods for security implementation), Azure AD, email security, and policy knowledge and implementation. Inventory management of all IT equipment, basic CCTV camera and printers' knowledge. Troubleshooting of SQL Server, Anaconda, Python, and other software used in the organization. Should be able to research and develop an understanding of emerging and required IT security tools that need to be implemented in the organization. Must have led and handled complete IT Security audits in the organization and their remediation steps to ensure high-end security at all levels, Network and User-endpoints. Should be aware of ISO 27001 NIST, or COSO framework practices and GRC infrastructure. Hands-on PowerApps and Power BI applications to develop tools and programs. More than 5 years of industry experience supporting mid to large enterprise customers on their Network Security & IT infrastructure is a necessary requirement Should have experience in implementing and managing cybersecurity and technical standards. Must have effective communication, technical skills, with email etiquette Must have managed stakeholder handling skills One or more IT Technical/Cyber Security Certifications required (any combination) as below: CISSP: Certified Information Systems Security Professional. CISM: Certified Information Security Manager. CISA: Certified Information Systems Auditor ISO 27001 Certified. This job was posted by Subhanjana Pandey from Indxx. Show more Show less

Share this job About The Company The Hitachi Energy India Operations Center (INOPC) houses over 3,000 energy transition technologists in three locations from grid automation, transformers, high voltage products, grid integration and service businesses. Spread over 3,00,000 sq feet, with nearly 50,000 sq feet of dedicated lab space, the center brings under one roof diverse engineering capability that has been built over the years, fostering collaboration to advance the world’s energy system to be more sustainable, flexible and secure. INOPC supports Hitachi Energy units across 40+ countries to deliver projects in 80+ countries. We are technology leaders at the forefront of evolving the world’s future energy system. The rising energy consumption with changing lifestyles and rapid urbanization, is driving the need for affordable, reliable and sustainable energy. Our innovative technologies help to make the energy system more resilient, secure and safe. Electricity will be the backbone of the carbon-neutral future and together, with customers and partners, we are co-creating solutions that are helping to accelerate the energy transition. Customers count on our technologies to help them to integrate huge volumes of renewable energy into the world’s grids and manage increasing levels of complexity; and our technologies are also instrumental to the electrification of transportation, industry and smart life sectors. The center equally focuses on catering to grow complexity in domestic and international grids and is a key lever for Hitachi Energy’s growth globally. How You’ll Make An Impact Responsible for Cybersecurity requirement from Tender till Project Handover. Coordinate with CSSL/CSSO to fulfill Hitachi Energy requirement and Customer requirement Ensure the project delivered to customer is inline and complaint with the Hitachi Energy security requirement and Customer Security requirement. Make sure Hitachi Energy is protected from a legal and brand perspective. Align and comply with Customer requirement and Hitachi Energy’s internal cyber security requirements for Delivery projects. Assess, identify deviation and Risks in Customer requirement and required standard & regulatory requirement during Tender. Coordinate with Tender Responsible for Success Cybersecurity related Tender Submittal. Ensure required inputs are captured in tender to comply with mandatory Business CS standard and Customer requirement. Support in Company Risk Review and make sure HE is protected with regards to Cybersecurity Ensure Fulfillment of the Secure Project Deployment requirement for all the delivery projects. Acts a liaison with the Customer about Hitachi Energy’s automation solution’s adherence to customer requirements and required standard & regulation. Perform Cyber Security Risk assessment for the project. Review Project Cybersecurity deliverables is implemented and delivered as agreed. For platforms certified with IEC 62443-3-3, make sure that the delivery project is within the requirements of the standard to the extent possible Support to enhance and maintain the CS documentation for project deliverables Ensure the Vulnerability Management in delivery projects Support in Business in achieving IEC 62443 2-4 Certification and in IEC 62443 3-3 certification. Support in maintaining and improving the Cybersecurity solution Contribute to Cybersecurity Assurance process definition and improvement in Customer Delivery Projects. Ensure Test area Asset security Management and Security tools. Living Hitachi Energy’s core values of safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business Your Background Should have a minimum 6+ years of IT/OT Industry Experience in Control System Automation ( 3+ years of Cybersecurity with emphasis on OT) OR Should have at least 5 + years as an OT Cyber Security Implementer or Architect Engineering degree in (Instrumentation/ Electrical or Electronics) Added Plus to have Masters in Cybersecurity or Accredited Cybersecurity Certification and experienced working in OT environment components and OT security. Advanced Knowledge OT Networking and Network security and knowledge of Cybersecurity Regulation, Standards and Framework - (IEC62443, NERC–CIP, BDEW, NIST Publication). Awareness on current Cybersecurity controls and solutions – Endpoint Security, AAA, Security logging, Hardening benchmarks and knowledge on Security tool (NESSUS, CIS CAT, Nmap) Understanding on Computer networks and network security – Firewall, IDS and Basic knowledge Operating systems security - Windows Operating system Desirable with ISA 99 / 62443 – Cybersecurity Fundamentals Specialist, GIAC, GICSP, CEH certification Work experience with Cyber Security in Critical Infrastructure is a plus and emerging OT Cybersecurity-related technologies Communicate, present and report to relevant internal and external stakeholders Risk Assessment on the Delivery System and Mentor and train Project Engineers on Cyber Security area. Monitor every Project and ensure the compliance to Cybersecurity requirement before delivery and Emphasis Secure work culture of self or peers Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams. Attention to detail and a commitment to delivering high-quality digital solutions Apply now Location Chennai, Tamil Nadu, India Job type Full time Experience Experienced Job function Engineering & Science Contract Regular Publication date 2025-05-29 Reference number R0089249 Show more Show less

About Temenos Temenos powers a world of banking that creates opportunities for billions of people and businesses everywhere. We have been doing this for over 30 years through the pioneering spirit of our Temenosians who are passionate about making banking better, together. We serve over 3000 clients from the largest to challengers and community banks in 150+ countries. We collaborate with clients to build new banking services and state-of-the-art customer experiences on our open banking platform, helping them operate more sustainably. At Temenos, we have an open-minded and inclusive culture, where everyone has the power to create their own destiny and make a positive contribution to the world of banking and society. THE ROLE The Cloud Security Engineer will act as the most senior technical authority within the Cloud Security Operations team based in India. The role will ensure the security of our banking clients in public and private cloud as part of our SaaS banking services. The role will ensure that our cloud deployments and cloud infrastructure and associated services meets our cloud security standards including defining and maintaining security controls. The role is pivotal in ensuring that our client projects are deployed successfully to cloud with strong security posture. The role will support and interact with other Temenos teams both within and external to the Cloud Security global team including Cloud Operations, Cloud Architecture, Cyber Defence Centre, Information security, Regional Engineering teams, SRE, Product Security, SaaS Design and Build and our Compliance/Audit/Risk teams. This role may also require interfacing with our SaaS clients directly and the incumbent should be comfortable in such environments, being able to communicate confidently both verbally and in writing. OPPORTUNITIES You will Understand and contribute to cloud security architecture and design patterns. You will Review and validation of cloud security controls across public and private cloud infrastructure including Azure (essential) and AWS (desirable). Any other cloud security experience beneficial. You will Support the team by focussing on developing effective automation solutions to common, repetitive manual tasks, ensuring proper attention to quality and achieving positive business outcomes are achieved. You will Security solution advisory and consulting (e.g., integration with 3rd party systems, architecture reviews, documentation of security processes) You will Support Cloud security operations including security alerts, incident, change control and reporting, aligning to Temenos SOC activities. Security assurance - vulnerability management, application security/cloud infrastructure penetration testing and managing associated remediation plans. You will Technical experience in cloud security services – network and storage encryption, key management, tokenisation, API security, micro services, firewalls, application gateways, network security groups, web security and identity and access management. You will Support the delivery of client projects in the region and collaborate on planning and execution activities requiring cloud security involvement. You will Conduct security assessments for cloud infrastructure and cloud service providers. You will Support internal and external audits, risk and compliance initiatives. You will Ensure cloud security standards and patterns are followed and adhered to You will Documentation and maintenance of cloud security standards and processes. Skills You should have At least 5 years’ experience in information/cyber security with recent cloud security experience. Proven experience in a senior technical/senior engineer/team lead role. MS Defender and Sentinel is mandatory. Oversight for more junior members of the team, demonstrated ability to coach, develop and mentor team members sharing technical skills and experience to develop team capabilities. You should Recent hands-on experience with securing cloud infrastructure in either Azure and/or AWS. You should Have hands-on security engineering experience and demonstrable ability to develop automation solutions where appropriate (e.g. scripting languages, python, KQL, powershell, azure policy, terraform etc). Any other development experience highly regarded. You should DevOps and automation experience to help manage transition to DevSecOps. You should Strong knowledge of common cloud security design patterns/frameworks. You should Good understanding of cloud technologies and associated deployment patterns. You should Good knowledge of WAF and Firewall technologies. You should Can communicate effectively both orally and in written format. You should Able to provide cloud security support to clients and operations in a fast-paced environment. You should Solid understanding of current and recent tactics/techniques and procedures for preventing common attack types Bachelor’s degree in Computer Science, Engineering or related discipline Desirable (knowledge/experience): You should Recognised industry certifications/qualifications in cloud/security e.g., CCSP, CCSK, CISSP etc. You should Cloud Security controls and standards (CCM, ISO, NIST, SOC2, MCSB etc.) You should Hands on experience in threat modelling security infrastructure and applications You should Previous experience in security incident response in a public cloud environment You should Experience in the banking, financial services, or security/intelligence industry You should Knowledge and experience in core and digital banking services, markets, and products You should Regulatory compliance knowledge and experience (GDPR, FFIEC, FINMA etc) VALUES Care You will be a caring leader who puts people first. Commit You will be comfortable committing time to the job when required – with flexibility to work to meet global demands. Collaborate You will be a consensus builder and a collaborator, able to break through challenges with organizational silos. Challenge You will not be happy with just meeting targets but always demonstrate a stretch mindset. Please make sure to read our Recruitment Privacy Policy Show more Show less

Job Summary The Director, TSG Information Security, Cyber Threat Management is a position within Bain's Cyber Security Department, whose mission is to define and enable strategies to safeguard the digital assets and integrity of the organization. In this role, the Director understands how security measures align with the overall organizational strategy and will begin to organize and lead in the development and implementation of security controls that adhere to regulatory requirements and best practices. The Director combines a strong level of technical and managerial skills and business alignment to build and guide a growing team and resources across a spectrum of capabilities. The position primarily focuses on the efficient, effective and reliable resolution of Bain's defensive strategy as well as focuses on improving our offensive strategy to help the company meet its overall business objectives. The position therefore must have the technical skills to troubleshoot and resolve complex issues as well as excellent communication and upward management. These measures require taking a leadership position in coordinating activities across the team working with Technical, IT and Cybersecurity leadership. The Director role has expertise and experience in multiple disciplines, including Threat Intelligence programs, Detection and Deterrence systems, Threat Exposure Management, Incident Response, Forensics and Evidence gather and Pro-Active Security probing capabilities (Red/Blue/Purple teaming & Penetration Testing). Principal Accountabilities Monitoring & Detection • Oversee and strategize on developing advanced security monitoring, analysis, and correlation platforms to detect cybersecurity events. • Direct cross-functional efforts in the identification and in-depth analysis of sophisticated security threats, including malware, APTs (Advanced Persistent Threats), and targeted attacks. • Enable a wide range of security tools and technologies, including SIEM, IDS/IPS, or next gen/advanced threat detection solutions. • Partner with organizations and vendors to identify and integrate new data sources. Incident Response & Analysis • Oversee the ongoing management and evolution of security runbooks and champion for ongoing automation or AI/ML based technologies to increase speed/efficiency. • Strengthen Bain’s capability in-depth log analysis, data correlation, and forensic investigations to identify root causes of incidents and improve security measures. • Provide strong and clear communications on cyber events and situations with sr. leadership. • Ensure alignment in security policies and practices adhere to industry standards and compliance requirements and oversee the validation of the controls. • Serve as a subject matter expert in security discussions and decision-making and enable and grow team members skills and experience. • Work with the primary goal of building efficiencies in Cyber Threat Management responses and driving down MTTR and reducing overall risk. Threat Intelligence • Enable a threat intelligence capability, including open-source intelligences (OSINT), dark web forums, and industry reports to drive awareness and improvement in our defensive posture. • Utilize threat intelligence platforms and tools to aggregate and correlate threat data. • Drive coordination with intelligence and incident response teams to investigate and analyze security incidents. • Develop and refine threat intelligence methodologies and tools. • Stay current with industry best practices and new methodologies to enhance the teams capabilities. Vulnerability Management & Threat Exposure Management • Work cross-functionally across IT teams and provide leadership and guidance in mitigating threats to Bain. Serve as a subject matter expert in security discussions and decision-making. • Build processes to enable regular vulnerability scans on the organization's network, applications, and systems using industry-standard tools Pro- Active Security Testing • Experience implementing and operationalizing vulnerability management tools, processes, and best practices. • Oversee the classification and prioritization of vulnerabilities based on risk and potential impact. • Stay informed about emerging trends and technologies in cybersecurity. • Work collaboratively with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture. Pro- Active/Enhanced Security Testing • Partner with colleagues to expand controlled penetration testing technologies and capabilities on networks, applications, and systems to identify security vulnerabilities. • Investigate and keep up to date with changes in tooling and advanced attacks in network, cloud and application testing. • Analyze and interpret results to identify potential risk as well as evaluate potential impact. • Red Team, Blue Team, Purple team exercise leadership experience. Professional Development and Innovation • Stay informed about emerging trends and technologies in cybersecurity. • Drive collaboration and defensive standards/expertise across Bain, working with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture. • Explore Professional Certifications and work with leadership to plan trainings. Knowledge, Skills, and Abilities Security Monitoring & Incident Detection and Response • Strong knowledge of Splunk (or other SIEM tools),CrowdStrike or equivalent EDR/MDR platforms, Windows Defender, Palo Alto Networks, Other AV/EDR tool configuration, Cyberhaven (or other DLP tools) • Knowledge of Vulnerability & Attack Surface Management toolsets, Threat Intelligence and Analysis tools, Vendor technical Risk Scoring tools, Deception technologies • Knowledge of ticketing, triage and forensics capabilities and toolsets General Skills • Great communication skills, with the ability to document and explain technical information clearly. • Analytical mindset, with a focus on learning and problem-solving. • Ability to work independently and well in a team, showing strong interpersonal skills. • Eagerness to learn and adapt to new challenges in cybersecurity. • Entrepreneurial spirit, open to trying new approaches and learning from them. Team Management • Drive and expand the training and professional development of Security Operations staff. Qualification and Experience Bachelor's degree in a related field (e.g., Computer Science, Cybersecurity, Information Technology) or an equivalent combination of education, training, and experience 10-15 years of relevant experience Experience with Information Security technologies (Firewall, IPS, IDS, SIEM, EDR, CASB, AV, DLP, etc.) Experience with common information security controls frameworks (i.e. ISO, NIST, CIS, or CSA) Global company or equivalent Experience deploying systems or applications Ability to work independently and with teams on complex problems Complex problem solving Ability to work in a fast paced, dynamic environment. Show more Show less

Job Description: About Us At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities, and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We are devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! Global Business Services Global Business Services delivers Technology and Operations capabilities to Lines of Business and Staff Support Functions of Bank of America through a centrally managed, globally integrated delivery model and globally resilient operations. Global Business Services is recognized for flawless execution, sound risk management, operational resiliency, operational excellence and innovation. In India, we are present in five locations and operate as BA Continuum India Private Limited (BACI), a non-banking subsidiary of Bank of America Corporation and the operating company for India operations of Global Business Services. Process Overview The Global Information Security (GIS) is responsible for protecting Bank information systems, confidential and proprietary data, and customer information. The team develops the Bank’s Information Security strategy and policy, manages the Information Security program and identifies and addresses vulnerabilities, Develops, deploys and manages a risk-based controls portfolio, Manages and operates global security operations center that monitor, detects and responds to cybersecurity incidents. GIS Identity & Access management (IAM) Team goal is to ensure that the control processes and effectiveness are within the identified risk tolerance. Manage the performance and effectiveness of the working control through the establishment of metrics with thresholds. Validate the reasonability of Laws, Rules and Regulations mapping alignment to the controls, as aligned by the GIS Policy team. Job Description The IAM Identity Defense aims to protect digital identities which allow access to the Bank's internal network, resources and applications. An Identity Defense GBS Specialist is responsible for supporting solutions to prevent and detect anomalous use of accounts. Identity Defense Specialist will support the broader Identity Defense team in monitoring alerting, and escalation frameworks focused on core account protections. Leveraging your knowledge of both common and emerging threats related to account take-over, will have an opportunity to proactively develop, implement, and influence controls and policy within the digital identity domain. The Specialist should be a data-driven individual, with an investigative mindset, who can adapt their thinking based on the evidence presented. The role will require regular collaboration with experts in and out of our team, both in country and in other regions, so excellent communication skills are very important. The role will also involve discussion with employees as part of alert analysis and disposition. If you are seeking a demanding role within Global Information Security (GIS) and have the required skills, this will be a great opportunity for you. Responsibilities* Actively investigate alerts related to potentially anomalous behavior/activity. Confidently and professionally interview/question users to determine or confirm root cause. Communicate effectively with response and business partners. Monitor Splunk alerting and dashboards. Identify areas for further process automation, simplification, and improvement. Provide status updates for stakeholders in non-technical terms encompassing risk, impact, containment, remediation, etc. Risk management. Comprehensively document analysis, investigative activities, actions, etc. Ability to work non-standard hours, to include nights, weekends, and holidays. Generate reports to perform in-depth analysis and data collection for issues associated with IAM. Requirements Education BE/BTECH/MCA/MSC (IT) equivalent (Any Technical Degree) Certifications (If Any) CISA/CISM, CEH, Security+ Experience Range : 6 + Years Foundational Skills Strong understanding of Identity Access Management architecture, technology and standards Strong quantitative, Analytical, data intuition and problem-solving skills A minimum of 5+ years of experience in Identity and Access Management domain is required Understanding of IAM Controls and Information Security 5+ year of experience with Information Security related activities. (required) 5+ year of experience in an operations focused information security role. (desired) Ability to handle multiple competing priorities in a fast-paced environment. (required) Be decisive and quickly take appropriate action. (required) Working knowledge of the following cyber security principles: (desired) security vulnerabilities & exploits identity & access management social engineering TTPs the incident response lifecycle cyber kill-chain networking fundamentals cloud (desired) Ability to build queries and alerts in Splunk, then adapt them based on new data. (desired) Experience writing clear and concise case notes within a case mgmt. tool. (required) Able to adapt communication style to the audience. (required) Experience working in a global team environment (desired) Ability to work collaboratively and independently. (required) CompTIA Security+ or equivalent certification, or ability to demonstration a similar level of cyber security knowledge. (desired) Expectation to gain Security+ within first 6 months. Desired Skills Familiarity with Laws, Rules, and Regulations (LRRs) attendant Financial Institutions Information Security requirements including Privacy LRRs e.g., GDPR, NYDFS, SEC Guidelines, MAS Requirements, CCPA, etc. Familiarity with NIST CSF, NIST IR Lifecycle, and NIST NICE. Familiarity with MITRE ATT&CK and Cyber Kill Chain. College Degree - (B.S, M.S.) in Digital Forensics, Computer Science, Information Security, or a related field. Work Timings 9:30 AM - 6:30 PM IST / 12:30 PM – 9:30 PM (Week Days) 5:30 AM – 5:30 PM IST (Weekends) Job Location Hyderabad / Mumbai /Gurugram Show more Show less

India - Hyderabad JOB ID: R-203993 LOCATION: India - Hyderabad WORK LOCATION TYPE: On Site DATE POSTED: Jan. 07, 2025 CATEGORY: Information Systems Join Amgen’s Mission of Serving Patients At Amgen, if you feel like you are part of something bigger, it’s because you are. Our shared mission—to serve patients living with serious illnesses—drives all that we do. Since 1980, we’ve helped pioneer the world of biotech in our fight against the world’s toughest diseases. With our focus on four therapeutic areas –Oncology, Inflammation, General Medicine, and Rare Disease– we reach millions of patients each year. As a member of the Amgen team, you’ll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives. Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, you’ll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career. What you will do Let’s do this. Let’s change the world. In this vital role you will be responsible for identifying, analyzing, and mitigating IT-related risks to the organization. This role will involve working closely with various groups to ensure that risk controls are in place, policies are adhered to, and security standards are met. The IT Risk Analyst will assist in developing and maintaining risk management frameworks, performing assessments, and supporting regulatory compliance efforts. Roles & Responsibilities: Risk Identification and Assessment : Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies. Assist in the identification and evaluation of risks associated with third-party vendors and partners. Maintain the IT risk register, documenting risks, issues, and remediation actions. Risk Mitigation and Monitoring : Recommend risk mitigation strategies and implement risk management controls across IT infrastructure. Collaborate with IT, cybersecurity, and business teams to track and resolve identified risks and vulnerabilities. Monitor and report on the effectiveness of existing IT risk controls and recommend enhancements as needed. Compliance and Regulatory Support: Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, SOX, PCI-DSS, NIST). Assist in the preparation for audits by internal and external parties, providing documentation and evidence of IT risk management practices. Support the development and implementation of IT governance, risk, and compliance frameworks. Vendor Risk Management : Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies. Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications Education: Bachelor’s degree in information technology, Cybersecurity, Risk Management, or a related field. Certifications such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional) are highly desirable. Experience: 2 - 4 years of experience in IT risk management, IT auditing, or information security. Hands-on experience with risk management tools and frameworks (e.g., ISO 27001, NIST, COBIT). Skills and Competencies: Solid understanding of IT infrastructure, systems, and security standard processes. Ability to assess technical and business risk related to information systems. Excellent problem-solving, analytical, and communication skills. Ability to communicate complex risk concepts to non-technical collaborators. Ability to assess and interpret security-related clauses in third-party contracts, such as Security Requirements Schedules (SRS). Familiarity with regulatory frameworks and compliance standards (e.g., GDPR, HIPAA, SOX, PCI-DSS). Technical Knowledge: Proficiency with risk management tools, GRC (Governance, Risk, and Compliance) software, and security incident management tools. Experience with security controls related to networks, databases, and cloud environments. Soft Skills: Excellent analytical and fixing skills. Strong verbal and written communication skills. Ability to work effectively with global, virtual teams . High degree of initiative and self-motivation. Ability to manage multiple priorities. Team oriented, with a focus on achieving team goals. Strong presentation and public speaking skills. Collaboration with distributed team. What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

India - Hyderabad JOB ID: R-208865 LOCATION: India - Hyderabad WORK LOCATION TYPE: On Site DATE POSTED: Mar. 04, 2025 CATEGORY: Information Systems Join Amgen’s Mission of Serving Patients At Amgen, if you feel like you’re part of something bigger, it’s because you are. Our shared mission—to serve patients living with serious illnesses—drives all that we do. Since 1980, we’ve helped pioneer the world of biotech in our fight against the world’s toughest diseases. With our focus on four therapeutic areas –Oncology, Inflammation, General Medicine, and Rare Disease– we reach millions of patients each year. As a member of the Amgen team, you’ll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives. Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, you’ll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career. AWS Cloud Engineer What you will do The AWS Cloud Engineer will be responsible for maintaining scalable, secure, and reliable AWS cloud infrastructure. This is a hands-on engineering role requiring deep expertise in Infrastructure as Code (IaC), automation, cloud networking, and security . The ideal candidate should have strong AWS knowledge and be capable of writing and maintaining Terraform, CloudFormation, and CI/CD pipelines to streamline cloud deployments. AWS Infrastructure Design & Implementation Implement, and manage highly available AWS cloud environments . Maintain VPCs, Subnets, Security Groups, and IAM policies to enforce security best practices. Optimize AWS costs using reserved instances, savings plans, and auto-scaling . Infrastructure as Code (IaC) & Automation Maintain, and enhance Terraform & CloudFormation templates for cloud provisioning. Automate deployment, scaling, and monitoring using AWS-native tools & scripting. Implement and manage CI/CD pipelines for infrastructure and application deployments. Cloud Security & Compliance Enforce best practices in IAM, encryption, and network security. Ensure compliance with SOC2, ISO27001, and NIST standards. Implement AWS Security Hub, GuardDuty, and WAF for threat detection and response. Monitoring & Performance Optimization Set up AWS CloudWatch, Prometheus, Grafana, and logging solutions for proactive monitoring. Implement autoscaling, load balancing, and caching strategies for performance optimization. Troubleshoot cloud infrastructure issues and conduct root cause analysis. Collaboration & DevOps Practices Work closely with software engineers, SREs, and DevOps teams to support deployments. Maintain GitOps standard processes for cloud infrastructure versioning. Support on-call rotation for high-priority cloud incidents. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Bachelor’s degree and 0 to 3 years of computer science, IT, or related field experience OR Diploma and 4 to 7 years of computer science, IT, or related field experience Hands-on experience with AWS (EC2, S3, RDS, Lambda, VPC, IAM, ECS/EKS, API Gateway, etc.) . Expertise in Terraform & CloudFormation for AWS infrastructure automation. Strong knowledge of AWS networking (VPC, Direct Connect, Transit Gateway, VPN, Route 53) . Experience with Linux administration, scripting (Python, Bash), and CI/CD tools (Jenkins, GitHub Actions, CodePipeline, etc.) . Troubleshooting and debugging skills in cloud networking, storage, and security . Preferred Qualifications: Experience with Kubernetes (EKS) and service mesh architectures . Knowledge of AWS Lambda and event-driven architectures . Familiarity with AWS CDK, Ansible, or Packer for cloud automation. Exposure to multi-cloud environments (Azure, GCP) . Familiarity with HPC, DGX Cloud . Professional Certifications (preferred): AWS Certified Solutions Architect – Associate or Professional AWS Certified DevOps Engineer – Professional Soft Skills: Strong analytical and problem-solving skills. Ability to work effectively with global, virtual teams Effective communication and collaboration with multi-functional teams. Ability to work in a fast-paced, cloud-first environment. Shift Information: This position is required to be onsite and participate in 24/5 and weekend on call in rotation fashion and may require you to work a later shift. Candidates must be willing and able to work off hours, as required based on business requirements. What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

India - Hyderabad JOB ID: R-208801 LOCATION: India - Hyderabad WORK LOCATION TYPE: On Site DATE POSTED: Mar. 21, 2025 CATEGORY: Information Systems Join Amgen’s Mission of Serving Patients At Amgen, if you feel like you’re part of something bigger, it’s because you are. Our shared mission—to serve patients living with serious illnesses—drives all that we do. Since 1980, we’ve helped pioneer the world of biotech in our fight against the world’s toughest diseases. With our focus on four therapeutic areas –Oncology, Inflammation, General Medicine, and Rare Disease– we reach millions of patients each year. As a member of the Amgen team, you’ll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives. Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, you’ll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career. Sr. User Experience (UX) Designer What you will do The AWS Cloud Engineer will be responsible for maintaining scalable, secure, and reliable AWS cloud infrastructure. This is a hands-on engineering role requiring deep expertise in Infrastructure as Code (IaC), automation, cloud networking, and security . The ideal candidate should have strong AWS knowledge and be capable of writing and maintaining Terraform, CloudFormation, and CI/CD pipelines to streamline cloud deployments. AWS Infrastructure Design & Implementation Implement, and manage highly available AWS cloud environments . Maintain VPCs, Subnets, Security Groups, and IAM policies to enforce security best practices. Optimize AWS costs using reserved instances, savings plans, and auto-scaling . Infrastructure as Code (IaC) & Automation Maintain, and enhance Terraform & CloudFormation templates for cloud provisioning. Automate deployment, scaling, and monitoring using AWS-native tools & scripting. Implement and manage CI/CD pipelines for infrastructure and application deployments. Cloud Security & Compliance Enforce best practices in IAM, encryption, and network security. Ensure compliance with SOC2, ISO27001, and NIST standards. Implement AWS Security Hub, GuardDuty, and WAF for threat detection and response. Monitoring & Performance Optimization Set up AWS CloudWatch, Prometheus, Grafana, and logging solutions for proactive monitoring. Implement autoscaling, load balancing, and caching strategies for performance optimization. Troubleshoot cloud infrastructure issues and conduct root cause analysis. Collaboration & DevOps Practices Work closely with software engineers, SREs, and DevOps teams to support deployments. Maintain GitOps standard processes for cloud infrastructure versioning. Support on-call rotation for high-priority cloud incidents. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Master’s degree and 1 to 3 years of computer science, IT, or related field experience OR Bachelor’s degree and 3 to 5 years of computer science, IT, or related field experience OR Diploma and 7 to 9 years of computer science, IT, or related field experience Hands-on experience with AWS (EC2, S3, RDS, Lambda, VPC, IAM, ECS/EKS, API Gateway, etc.) . Expertise in Terraform & CloudFormation for AWS infrastructure automation. Strong knowledge of AWS networking (VPC, Direct Connect, Transit Gateway, VPN, Route 53) . Experience with Linux administration, scripting (Python, Bash), and CI/CD tools (Jenkins, GitHub Actions, CodePipeline, etc.) . Troubleshooting and debugging skills in cloud networking, storage, and security . Preferred Qualifications: Experience with Kubernetes (EKS) and service mesh architectures . Knowledge of AWS Lambda and event-driven architectures . Familiarity with AWS CDK, Ansible, or Packer for cloud automation. Exposure to multi-cloud environments (Azure, GCP) . Familiarity with HPC, DGX Cloud . Professional Certifications (preferred): AWS Certified Solutions Architect – Associate or Professional AWS Certified DevOps Engineer – Professional Soft Skills: Strong analytical and problem-solving skills. Ability to work effectively with global, virtual teams Effective communication and collaboration with multi-functional teams. Ability to work in a fast-paced, cloud-first environment. Shift Information: This position is required to be onsite and participate in 24/5 and weekend on call in rotation fashion and may require you to work a later shift. Candidates must be willing and able to work off hours, as required based on business requirements. What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

India - Hyderabad JOB ID: R-203119 LOCATION: India - Hyderabad WORK LOCATION TYPE: On Site DATE POSTED: Dec. 09, 2024 CATEGORY: Information Systems Join Amgen’s Mission of Serving Patients At Amgen, if you feel like you’re part of something bigger, it’s because you are. Our shared mission—to serve patients living with serious illnesses—drives all that we do. Since 1980, we’ve helped pioneer the world of biotech in our fight against the world’s toughest diseases. With our focus on four therapeutic areas –Oncology, Inflammation, General Medicine, and Rare Disease– we reach millions of patients each year. As a member of the Amgen team, you’ll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives. Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, you’ll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career. Cyber and 3rd party risk analyst About Amgen Amgen harnesses the best of biology and technology to fight the world’s toughest diseases, and make people’s lives easier, fuller and longer. We discover, develop, manufacture and deliver innovative medicines to help millions of patients. Amgen helped establish the biotechnology industry more than 40 years ago and remains on the cutting-edge of innovation, using technology and human genetic data to push beyond what’s known today. What you will do Role Description: The role is responsible for identifying, analyzing, and mitigating IT-related risks to the organization. This role will involve working closely with various departments to ensure that risk controls are in place, policies are adhered to, and security standards are met. The IT Risk Analyst will assist in developing and maintaining risk management frameworks, performing assessments, and supporting regulatory compliance efforts. Roles & Responsibilities: Risk Identification and Assessment : Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies. Assist in the identification and evaluation of risks associated with third-party vendors and partners. Maintain the IT risk register, documenting risks, issues, and remediation actions. Risk Mitigation and Monitoring : Recommend risk mitigation strategies and implement risk management controls across IT infrastructure. Collaborate with IT, cybersecurity, and business teams to track and resolve identified risks and vulnerabilities. Monitor and report on the effectiveness of existing IT risk controls and recommend enhancements as needed. Compliance and Regulatory Support: Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, SOX, PCI-DSS, NIST). Assist in the preparation for audits by internal and external parties, providing documentation and evidence of IT risk management practices. Support the development and implementation of IT governance, risk, and compliance frameworks. Vendor Risk Management : Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies. Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary. What we expect of you Basic Qualifications and Experience: Education : Bachelor’s degree in information technology, Cybersecurity, Risk Management, or a related field. Certifications such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional) are highly desirable. Experience: 2 - 4 years of experience in IT risk management, IT auditing, or information security. Hands-on experience with risk management tools and frameworks (e.g., ISO 27001, NIST, COBIT). Skills and Competencies : Strong understanding of IT infrastructure, systems, and security best practices. Ability to assess technical and business risk related to information systems. Excellent problem-solving, analytical, and communication skills. Ability to communicate complex risk concepts to non-technical stakeholders. Ability to assess and interpret security-related clauses in third-party contracts, such as Security Requirements Schedules (SRS) Familiarity with regulatory frameworks and compliance standards (e.g., GDPR, HIPAA, SOX, PCI-DSS). This role involves second shifts: 2pm-11pm IST Technical Knowledge : Proficiency with risk management tools, GRC (Governance, Risk, and Compliance) software, and security incident management tools. Experience with security controls related to networks, databases, and cloud environments. Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills Collaboration across global teams What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

India - Hyderabad JOB ID: R-208432 LOCATION: India - Hyderabad WORK LOCATION TYPE: On Site DATE POSTED: Mar. 12, 2025 CATEGORY: Information Systems Join Amgen’s Mission of Serving Patients At Amgen, if you feel like you’re part of something bigger, it’s because you are. Our shared mission—to serve patients living with serious illnesses—drives all that we do. Since 1980, we’ve helped pioneer the world of biotech in our fight against the world’s toughest diseases. With our focus on four therapeutic areas –Oncology, Inflammation, General Medicine, and Rare Disease– we reach millions of patients each year. As a member of the Amgen team, you’ll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives. Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, you’ll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career. What you will do Let’s do this. Let’s change the world. In this vital role you will Guide and support junior team members by offering technical advice, conducting code reviews, and sharing knowledge to promote their professional development. Perform security testing (e.g., penetration testing, code reviews) and ensure continuous security monitoring across the organization’s IT landscape. Identify vulnerabilities in networks, systems, applications, and infrastructure through hands-on penetration testing. Attempt to exploit discovered vulnerabilities to demonstrate their impact and prove their existence (e.g., retrieving sensitive data, elevating user privileges, or gaining access to admin functionality). Perform assessments on web applications, cloud environments, and network infrastructure. Use automated tools and manual techniques to identify security weaknesses. Conduct advanced post-exploitation tasks to simulate real-world attack scenarios. Work with third-party security vendors for audits, product testing, and external assessments when required. Use automated tools (e.g., Burp Suite, OWASP ZAP, or Acunetix) to identify common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and others. Document identified vulnerabilities in detail, explaining how they were found, their severity, and their potential impact. Include proof-of-concept (PoC) for critical vulnerabilities. Offer actionable, practical solutions for fixing the vulnerabilities, such as secure coding practices, configuration changes, or security controls. Use risk-based prioritization, categorizing issues by their severity and business impact (e.g., high, medium, low) to help the organization focus on the most critical issues. Continuously learn about the latest vulnerabilities, exploits, and security trends. Present the findings to stakeholders, security teams, and management, explaining the business risk and potential impacts of the vulnerabilities discovered. Familiarity with industry standards and compliance requirements (e.g., PCI-DSS, NIST, ISO 27001) and their relevance to penetration testing. What we expect of you We are all different, yet we all use our unique contributions to serve patients. This role has a strong focus on ensuring the organization's infrastructure, applications, and systems are secure from external and internal threats. This role is responsible for conducting authorized security tests on IT infrastructure to evaluate the strength of its systems against potential cyberattacks. A variety of automated tools and manual techniques are leveraged to simulate real-world attacks. The penetration tester then works with the organization to prioritize, remediate and report on identified issues, strengthening the overall security posture. Basic Qualifications: Bachelor’s degree with 6 - 8 years of experience in Computer Science, Cybersecurity or Information Systems related field . Preferred Qualifications: Must-Have Skills: Strong knowledge of common vulnerabilities (e.g., OWASP Top 10, SANS Top 25), network protocols, encryption standards, application security and common penetration testing methodologies (ISSAF, OSSTMM, PTES). Familiarity with tools like Burp Suite, OWASP ZAP and Metasploit. A deep understanding of web application architecture, databases, and authentication mechanisms. Ability to think critically and creatively when testing and attempting to exploit vulnerabilities. Good-to-Have Skills: Experience with threat intelligence and incorporating emerging threats into penetration testing practices Proficiency in scripting and automation (e.g., Python, Bash) is a plus Professional Certifications (please mention if the certification is preferred or mandatory for the role): Preferred: eJPT, eCPPT, eWPT, OSCP, OSWA, GWAPT What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

India - Hyderabad JOB ID: R-214166 LOCATION: India - Hyderabad WORK LOCATION TYPE: On Site DATE POSTED: Apr. 29, 2025 CATEGORY: Information Systems Join Amgen’s Mission of Serving Patients At Amgen, if you feel like you’re part of something bigger, it’s because you are. Our shared mission—to serve patients living with serious illnesses—drives all that we do. Since 1980, we’ve helped pioneer the world of biotech in our fight against the world’s toughest diseases. With our focus on four therapeutic areas –Oncology, Inflammation, General Medicine, and Rare Disease– we reach millions of patients each year. As a member of the Amgen team, you’ll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives. Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, you’ll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career. Information Security GxP Specialist What you will do Let’s do this. Let’s change the world. In this lead role you will support the GRC Governance / Policy & Audit team working closely with Technology teams to help ensure that GxP controls are in place, GxP deviations are managed and monitored, and security standards are met. The GxP Specialist will assist in owning and maintaining GxP deviation records, performing GxP assessments, managing controlled documents, and supporting regulatory compliance efforts. Roles & Responsibilities: GxP Governance Leadership: Support the GRC organization in leading a team of GxP and/or policy analysts performing tasks related to governance, GxP deviation management, document management, and policy exception processes. GxP Deviation and CAPA Management : Manage and own technology related GxP deviations, CAPA, and CAPA-EV records Manage GxP reporting and monitoring metrics for Technology/IT records Collaborate with record owners and QA to ensure timely record resolution Assist in the identification and evaluation of risks associated with GxP deviation records. Identify and support new record owners across IT/Technology (e.g. office hours, ad-hoc meetings, document management support). Attend enterprise network meetings as needed to represent the Technology / IT function. GxP Deviation Monitoring and Improvements: Recommend deviation management improvement strategies across Technology/IT. Collaborate with Quality, IT application, cybersecurity, and business teams to supervise and resolve identified risks and vulnerabilities associated with deviations and CAPA’s. Assist in conducting CAPA applicability assessments, time studies, and related initiatives to identify impacts and improvement opportunities in IT systems, processes, and policies. Supervise, monitor, and report on the efficiency of existing GxP records, trends, and recommend improvements as needed. Governance and Regulatory Support: Ensure compliance with relevant industry standards and regulatory requirements (e.g., GxP, GDPR, SOX, NIST). Assist in proactive measures to facilitate compliance, such as collaborating with stakeholders to initiate periodic reviews Assist in the preparation for audits and inspections by internal and external parties, providing documentation and evidence of IT GxP deviation management practices. Support the development and implementation of IT governance, risk, and compliance frameworks and continuous improvements. Support the development and implementation of IT governance, risk, and compliance policies as well as supporting documentation, and their continuous improvements. Track and monitor document reviews, and support document owners to ensure timely periodic review completion. What we expect of you We are all different, yet we all use our unique contributions to serve patients. The GxP security professional we seek is collaborative and action-oriented with these qualifications. Basic Qualifications: 5+ years of experience in IT GxP deviation management, IT quality management, IT auditing, or information security. Hands-on experience with deviation management tools and associated frameworks (e.g., ISO 27001, NIST, COBIT). Master’s degree and 4 to 6 years of information technology, Cybersecurity, Risk Management, or a related field experience OR Bachelor’s degree and 6 to 8 years of information technology, Cybersecurity, Risk Management, or a related field experience OR Diploma and 10 to 12 years of information technology, Cybersecurity, Risk Management, or a related field experience Preferred Qualifications: Good understanding of GxP deviation management, controlled document management, IT infrastructure & systems, and security standard methodologies. Ability to assess technical and business risk related to information systems. Excellent problem-solving, analytical, and communication skills. Ability to communicate complex GxP and risk concepts to non-technical collaborators. Familiarity with regulatory frameworks and compliance standards (e.g., GxP, GDPR, HIPAA, SOX). Technical Knowledge : Proficiency with GxP deviation management tools, GRC (Governance, Risk, and Compliance) software, controlled document management tools, enterprise change management tools, and security incident management tools. Experience with security controls related to networks, databases, and cloud environments. Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. and make a lasting impact with the Amgen team. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

India - Hyderabad JOB ID: R-208431 LOCATION: India - Hyderabad WORK LOCATION TYPE: On Site DATE POSTED: Feb. 28, 2025 CATEGORY: Information Systems ABOUT AMGEN Amgen harnesses the best of biology and technology to fight the world’s toughest diseases, and make people’s lives easier, fuller and longer. We discover, develop, manufacture and deliver innovative medicines to help millions of patients. Amgen helped establish the biotechnology industry more than 40 years ago and remains on the cutting-edge of innovation, using technology and human genetic data to push beyond what’s known today. ABOUT THE ROLE Role Description: This role has a strong focus on ensuring the organization's infrastructure, applications, and systems are secure from external and internal threats. This role is responsible for conducting authorized security tests on IT infrastructure to evaluate the strength of its systems against potential cyberattacks. Avariety of automated tools and manual techniques are leveraged to simulate real-world attacks. The penetration tester then works with the organization to prioritize, remediate and report on identified issues, strengthening the overall security posture. Roles & Responsibilities: Perform security testing (e.g., penetration testing, code reviews) and ensure continuous security monitoring across the organization’s IT landscape. Identify vulnerabilities in networks, systems, applications, and infrastructure through hands-on penetration testing. Attempt to exploit discovered vulnerabilities to demonstrate their impact and prove their existence (e.g., retrieving sensitive data, elevating user privileges, or gaining access to admin functionality). Perform assessments on web applications, cloud environments, and network infrastructure. Use automated tools and manual techniques to identify security weaknesses. Conduct advanced post-exploitation tasks to simulate real-world attack scenarios. Work with third-party security vendors for audits, product testing, and external assessments when required. Use automated tools (e.g., Burp Suite, OWASP ZAP, or Acunetix) to identify common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and others. Document identified vulnerabilities in detail, explaining how they were found, their severity, and their potential impact. Include proof-of-concept (PoC) for critical vulnerabilities. Offer actionable, practical solutions for fixing the vulnerabilities, such as secure coding practices, configuration changes, or security controls. Use risk-based prioritization, categorizing issues by their severity and business impact (e.g., high, medium, low) to help the organization focus on the most critical issues. Continuously learn about the latest vulnerabilities, exploits, and security trends. Present the findings to stakeholders, security teams, and management, explaining the business risk and potential impacts of the vulnerabilities discovered. Familiarity with industry standards and compliance requirements (e.g., PCI-DSS, NIST, ISO 27001) and their relevance to penetration testing. Basic Qualifications and Experience: Master’s degree with a 1 - 2 years of experience in Computer Science, Cybersecurity or Information Systems related field OR Bachelor’s degree with 2 - 4 years of experience in Computer Science, Cybersecurity or Information Systems related field OR Diploma with 4-6 years of experience in Computer Science, Cybersecurity or Information Systems related field Functional Skills: Must-Have Skills: Strong knowledge of common vulnerabilities (e.g., OWASP Top 10, SANS Top 25), network protocols, encryption standards, application security and common penetration testing methodologies (ISSAF, OSSTMM, PTES). Familiarity with tools like Burp Suite, OWASP ZAP and Metasploit. A deep understanding of webapplication architecture, databases, and authentication mechanisms. Ability to think critically and creatively when testing and attempting to exploit vulnerabilities. Good-to-Have Skills: Experience with threat intelligence and incorporating emerging threats into penetration testing practices Proficiency in scripting and automation (e.g., Python, Bash) is a plus Professional Certifications: Preferred: eJPT,eCPPT,eWPT, OSCP, OSWA, GWAPT Soft Skills: Strong analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Teamoriented, with a focus on achieving team goals Strong presentation and public speaking skills EQUAL OPPORTUNITY STATEMENT Amgen is an Equal Opportunity employer and will consider you without regard to your race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. We will ensure that individuals with disabilities are provided with reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request an accommodation. for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Job description Some careers shine brighter than others. If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of SENIOR SOC ANALYST In this role, you will: The primary responsibilities of the Senior SOC Analyst are: Monitoring the entire global HSBC technology and information estate for new attacks and log them to appropriate systems. Triaging potentially malicious events to determine severity and criticality of the event. Responding to alerts from the various monitoring/detection systems and platforms within defined SLAs. Following detailed processes and procedures to analyse, respond to and/or escalate cyber security incidents. Supporting cyber security incidents through to eradication and feedback lessons learned, in to improved cyber resilience. Analysing network traffic using a variety of analysis tools. Monitoring security appliance health and perform basic troubleshooting of security devices; notify security engineering as necessary for malfunctioning equipment. Analysing malicious artefacts obtained from network monitoring with a focus on generation of threat intelligence and service improvement. Identifying and developing new ideas to enhance our detection capability (Use cases) and mitigations (Playbooks) across the security platforms. Reviewing and validating new Use Cases and Playbooks created by Cybersecurity colleagues. Researching emerging threats and vulnerabilities to aid in the identification of cyber incidents. Applying structured analytical methodologies to maximize threat intelligence growth and service efficacy. Supporting handovers to other teams and countries at the start and end of the working shift. Contributing to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes. Training, developing and mentoring colleagues in area(s) of specialism. Collaborating with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose. Identifying processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources. Promoting a “self-critical” and continuous assessment and improvement culture whereby identification of weaknesses in the bank’s control plane (people, process, and technology) are brought to light and addressed in an effective and timely manner. Supporting engagement in support of HSBC Global Businesses and Functions to drive a global up-lift in cyber-security awareness and help to evangelise HSBC Cybersecurity efforts and success. Requirements To be successful in this role, you should meet the following requirements: Experience working with Microsoft Identity technologies. Good investigative skills and insatiable curiosity. Instinctive and creative, with an ability to think like the enemy. Strong problem-solving and trouble-shooting skills. Strong communication and interpersonal skills, with proven ability to communicate technical topics to diverse audiences. Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. Ability to learn quickly through hands on experience. Experience defining and refining operational procedures, workflows, and processes to support the team in consistent, quality execution of monitoring and detection. An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business. An understanding of organizational mission, values and goals and consistent application of this knowledge. Self-motivated and possessing of a high sense of urgency and personal integrity. Highest ethical standards and values. Knowledge of cyber security principles, global financial services business models, regional compliance regulations and laws. Good understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards You’ll achieve more when you join HSBC. www.hsbc.com/careers HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website. Issued by – HSBC Software Development India

WHO WE ARE: Zinnia is the leading technology platform for accelerating life and annuities growth. With innovative enterprise solutions and data insights, Zinnia simplifies the experience of buying, selling, and administering insurance products. All of which enables more people to protect their financial futures. Our success is driven by a commitment to three core values: be bold, team up, deliver value – and that we do. Zinnia has over $180 billion in assets under administration, serves 100+ carrier clients, 2500 distributors and partners, and over 2 million policyholders. WHO YOU ARE: You are a well-rounded internal auditor with a strong foundation in IT General Controls (ITGC), cybersecurity, and infrastructure risk. You’ve led IT-focused audits, but you also enjoy contributing to integrated audits that touch finance, operations, and compliance. You ask smart questions, connect the dots across systems and processes, and never lose sight of the bigger picture. You’re comfortable working with engineers and business leaders alike — translating technical issues into practical risk insights. You care about helping others grow, and you’re confident mentoring junior auditors to raise the quality of control testing. You thrive in fast-paced environments, enjoy variety in your audit work, and take pride in being both detail-oriented and adaptable. WHAT YOU’LL DO : You will be responsible for working with leadership to plan, execute, and deliver outcomes. Lead ITGC audit efforts across domains like user access, change management, backup, and segregation of duties. Provide coaching, review, and oversight to junior auditors executing ITGC testing. Collaborate with engineering, legal, and business units to review risks in APIs, digital platforms, and third-party services. Conduct and document walkthroughs, control testing, and remediation tracking aligned to audit standards. Support SOC 2 readiness assessments, including control evaluation against Trust Services Criteria. Evaluate cybersecurity, privacy, and infrastructure risks, including in cloud-native platforms (AWS, GCP). Participate in integrated audits that include financial, operational, and compliance components — even outside your core expertise. Help build audit procedures that link business processes to IT risks and technical control testing. Review API integrations, CI/CD pipelines, and DevOps practices for control coverage and potential gaps. Contribute to audit automation and data-driven testing efforts, including use of tools like SQL, Python, or Excel. Communicate audit results, risks, and recommendations clearly to stakeholders at multiple levels. WHAT YOU’LL NEED: Bachelor’s degree in Information Systems, Accounting, Finance, Engineering, or a related field. 5–8 years of progressive experience in internal audit or IT risk, including leading ITGC audits. Demonstrated ability to mentor junior auditors and ensure quality execution of control testing. Strong working knowledge of: ITGC domains: access controls, change management, backups, SDLC Cloud environments (AWS, GCP, Azure): IAM, encryption, monitoring DevOps / CI-CD practices, third-party risk, and infrastructure security Identity and access management (IAM) Logging and monitoring Vulnerability management Encryption and backup Familiarity with one or more frameworks: SOC 2, NIST CSF, ISO 27001, HIPAA, CCPA Experience participating in multi-disciplinary audits (e.g., combining financial and IT testing) Experience in working with or auditing security, DevOps, or engineering teams is strongly preferred. High-quality documentation and communication skills, including audit reporting and issue articulation. Proficiency with Microsoft Excel; experience with SQL, Python, Tableau, or GRC platforms is a plus. PROFESSIONAL CERTIFICATIONS (One or more preferred): CISA – Certified Information Systems Auditor CISSP – Certified Information Systems Security Professional CCSK – Certificate of Cloud Security Knowledge CIPP/US – Certified Information Privacy Professional – U.S. CRISC – Certified in Risk and Information Systems Control WHAT’S IN IT FOR YOU? We’re looking for the best and brightest innovators in the industry to join our team. At Zinnia, you collaborate with smart, creative professionals who are dedicated to delivering cutting-edge technologies, deeper data insights, and enhanced services to transform how insurance is done. Visit our website at www.zinnia.com for more information. Apply by completing the online application on the careers section of our website. We are an Equal Opportunity employer committed to a diverse workforce. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability. #LI-UM1

Offensive Security Professional Job Req ID: 47405 Posting Date: 29 May 2025 Function: Cyber Security Unit: Location: 25A DLF City Phase-III,, Gurugram, India Salary: Competitive Hiring Manager: Abhishar Balodhi Recruiter: Archana SM Location: Gurugram Carrer Level: E Why BT We’ve always been an organisation with a purpose; to use the power of communication to make a better world. You can trace this back to our beginning as pioneers of the world’s firs telecommunications company. At our heart we’re a technology company with research and innovation in our bones and a desire to be personal, simple, and brilliant for our customers - those are the values we live by whilst also creating an inclusive working environment where people from all backgrounds can succeed.Our pursuit of progress over the past 180 years has established BT as a strong, successful brand, with huge scale capable of achieving great things. From supporting emergency services, hospitals, banks and keeping economies around the world online, safe and secure, to delivering large scale technology infrastructure like the creation of BT Sport. Today in this fast-changing, always on, digital world our purpose remains true. Yet the market conditions, regulations and competition we face are tougher than ever before. So, if you have the drive, optimism and resilience to help propel us forward we’ll offer unrivalled personal development, a wealth of opportunities to learn, experience new things and pursue new careers. If that’s you and what you’re looking for, we’d love you to be part of our future. Why this job matters As an experienced Information Security Services provider, we will help lead a highly motivated team laser-focused on analysing, designing, developing and delivering solutions built to stop adversaries and strengthen your operations Our Competent individuals and Skilled leadership will provide you incident response, risk reviews and vulnerability assessments, identifying threats, all of which ladder up to driving secure solutions. What I’ll be doing – your accountabilities Accountable for delivering vulnerability assessments and penetration tests. Responsible for increasing individual technical skill whilst also delivering BAU. Accountable for increasing capability of the penetration testing team through web application, network & mobile skill acquisition. Accountable for support leadership in setting strategy for the team moving forward. Responsible for contributing to the positive research and technical capability of BT security. To support and maintain the BT Business Support – Protect BT ISO27001 certificate for Offensive Security team The skills you need Pentest Skills – Web application pen test (OWASP, NIST framework), Network pen test (Linux, windows), API & Mobile pen test. Networking Skills – TCP/IP packet level understanding, Routing, Switching, firewall understanding. Linux Skills – Linux directory structure & basic command line knowledge from pentest/vulnerability assessment standpoint. Vulnerability management- This requires understanding of vulnerability assessment framework (CVE/CVSS) and Security assessment tools (such as Nmap, Metasploit, Burp Suite, SQL map, Nessus) Regulatory Understanding- PCI DSS guidelines, GDPR. Leadership accountabilities Accountabilities of the job: Solution focused achiever: We need this person to focus on delivering exceptional penetration testing services Customer champion: we are transforming how we communicate with our customers and need responsible person with a customer-focused attitude. Change agent: We need a tester who sees our processes and immediately thinks of better ways to do what we are doing and then leads that change. Experience you would be expected to have Mandatory 2-4 Years experience in the field on pen testing. Mandatory Bachelor’s degree or higher preferred. CEH, OSCP, CREST, LPT certifications are highly preferred. Ability to understand packet level TCP/IP knowledge. Good scripting knowledge (e.g. Python) will be highly preferred. Capable of working successfully with end customers PREFERRED. BT is part of BT Group, along with EE, Openreach, and Plusnet. Millions of people rely on us every day to help them live their lives, power their businesses, and keep their public services running. We connect friends to family, clients to colleagues, people to possibilities. We keep the wheels of business spinning, and the emergency services responding. We value diversity and celebrate difference. ‘We embed diversity and inclusion into everything that we do. It’s fundamental to our purpose: we connect for good.’ We all stick to the same values: Personal, Simple, and Brilliant. From day one, you’ll get stuck in to tough challenges, pitch in with ideas, make things happen. But you won’t be alone: we’ll be there with help and support, learning and development. This is your chance to make a real difference to the world: to be part of the digital transformation of countless lives and businesses. Grab it.

About The Role Grade Level (for internal use): 10 The Team The Customer Experience, a new shared capability within Market Intelligence, partners closely with the Sales organization to deliver a differentiated customer experience. This group enables our sales team and businesses by overseeing customer success, sales operations, and implementation of commercial technology. This includes Salesforce, alignment to targets in strategic growth areas, and empowers accelerated growth and delivery by putting the customer at the core of everything we do – driving a full customer experience that differentiates us from our competitors. The Proposal & Customer Assessment Team is part of the broader commercial solutions. An enabling function to assist with due diligence questionnaires, risk assessments, audits, and other customer inquiries. Our goal is to enable new revenue generation via RFX & deliver superior customer satisfaction by providing high-quality proposals & relevant information during pre/post-sales. We serve a vast array of clients across geographies and are committed to the client-first mindset. Responsibilities And Impact This position within the Proposal & Assessment Team is integral to supporting Market Intelligence commercial teams in responding to the growing volume of client audits and inquiries. The person will collaborate closely with product, risk, compliance, legal, and functional teams, to ensure client requirements are met effectively. Responding/Managing client audits and risk assessments from end to end, maintaining awareness of internal controls and audit trends to uphold the efficacy of the audit process. Serving as the primary point of contact for our top customers, assisting them in meeting their vendor management requirements. Cultivating partnerships and closely collaborating with corporate and divisional groups to seek information and influence approaches and outcomes. Developing familiarity with Market Intelligence's audit processes and the company's cyber security policies, standards, processes, and controls. Tracking assessment and audit outcomes, management responses to address findings, and follow-up activities, and producing reports for executives and management. Undertaking additional tasks and responsibilities as directed by the team manager, while continuously enhancing the overall process to align with evolving industry standards. What We’re Looking For Bachelor's degree in a related field, or equivalent professional experience in Third-Party Risk Management (TPRM), Audit, and Risk. 6-7+ years of relevant experience in conducting audits or responding to audits, within a SaaS-related business environment. Demonstrated understanding of client-initiated audits and organizational controls. Familiarity with CISA, ISO Standards, NIST, and SOC standards. Proven track record of building strong relationships resulting in successful outcomes. Ability to collaborate effectively with a global team spanning multiple time zones. Competencies Exceptional communication and interpersonal skills, adept at engaging and influencing stakeholders across all levels. Demonstrated flexibility and negotiation prowess to achieve optimal outcomes. Proficient in efficiently managing multiple concurrent projects, with a keen ability to adapt as priorities evolve. Exhibits creativity and perseverance in devising solutions. Possesses strong analytical and problem-solving capabilities, proficient in assessing complex information and formulating actionable strategies. Fosters robust working relationships with internal colleagues, facilitating collaboration and synergy within teams. About S&P Global Market Intelligence At S&P Global Market Intelligence, a division of S&P Global we understand the importance of accurate, deep and insightful information. Our team of experts delivers unrivaled insights and leading data and technology solutions, partnering with customers to expand their perspective, operate with confidence, and make decisions with conviction. For more information, visit www.spglobal.com/marketintelligence. What’s In It For You? Our Purpose Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress. Our People We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference. Our Values Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global. Our Benefits Include Health & Wellness: Health care coverage designed for the mind and body. Flexible Downtime: Generous time off helps keep you energized for your time on. Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills. Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference. For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries Global Hiring And Opportunity At S&P Global At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf 20 - Professional (EEO-2 Job Categories-United States of America), SLSGRP202.1 - Middle Professional Tier I (EEO Job Group) Job ID: 309385 Posted On: 2025-05-30 Location: Gurgaon, Haryana, India Show more Show less

OP is looking for a seasoned Solutions Architect to join our dynamic Architecture team and help shape the future of digital transformation. You’ll work alongside visionary technology leaders to craft cutting-edge solutions that address complex business challenges. Ideal candidates will have strong experience in digital, mobile, and cloud technologies and the ability to lead high-impact initiatives from ideation through execution. This is an opportunity to make a tangible difference by delivering next-generation applications that drive business success. Responsibilities Oversee the solution architecture and design for key projects, delivering accurate estimates and coordinating with architects and designers across solution, infrastructure, and data disciplines to effectively address business challenges. Collaborate with delivery teams, production support, and Shared Services partners (such as Quality Assurance, Infrastructure Engineering, and Reference Architecture) to ensure alignment of solution strategies and estimates. Work closely with business stakeholders to identify problems, create new business capabilities, and design technology solutions that drive success, ensuring all solutions align with business requirements while emphasizing performance, scalability, security, and cost-efficiency. Provide architectural guidance by collaborating with portfolio teams, IT departments, and external partners. Present strategies, incorporate feedback, and foster collaboration with cross-functional technical teams. Embed within Scrum teams by engaging in daily standups and ceremonies, providing architectural direction, and guiding and mentoring technical teams through complex architectural challenges while ensuring alignment with best practices and project goals. Continuously assess and recommend specific tools, platforms, and frameworks that meet evolving project needs, ensuring high compatibility and efficiency. Promote and implement modular design principles to facilitate independent component development and testing, while consistently applying best security practices such as least privilege and data protection across all systems. Conduct quality and security assurance, developing metrics to drive and maintain code quality standards, and ensuring adherence to automated code review processes. Evaluate design options by creating high-level cost estimates for various architectural approaches, ensuring solutions are scalable, secure, and high-performing with a focus on cost-efficiency. Design and review high availability and disaster recovery architectures, proactively identifying areas for improvement and remediating issues to meet project and enterprise standards. Qualifications Bachelor’s or Master’s degree in Computer Science, Information Technology, or a related field. 10+ years of IT experience, with at least 3 years as a developer and 3 years as a solution architect. AWS Certified Solution Architect certification strongly preferred. TOGAF certification is a plus. Experience Application Programming languages such as Java, Python, .NET, or similar. Java preferred. JavaScript frameworks such as Angular, React are used for building user interfaces. RESTful APIs, GraphQL, and SOAP for interaction between applications and services. Event streaming and messaging brokers like Apache Kafka, AWS Kinesis, AWS SNS, and SQS, or ActiveMQ. Batch Processing (e.g., ETL and Spring Batch) Microservices architecture Serverless, including AWS Lambda Containerization, including Docker and Kubernetes Design patterns like MVC (Model-View-Controller), Strangler, and SOA (Service-Oriented Architecture) API gateway and management tools like Apigee and Amazon API Gateway Domain Driven Design Integration platforms like Spring Integration for connecting diverse systems. Mobile app development frameworks (e.g., Ionic, Capacitor, React Native, Flutter, or Swift) Workflow and process engines such as AWS Step Functions, Camunda, Flowable, and Pega. Document management systems like Hyland Alfresco. Content management platforms like Adobe AEM and a general eCommerce experience. Testing tools like Selenium, JUnit, or TestNG for creating automated unit, integration, and performance tests. Cloud and DevOps Architecture and detailed design of solutions using cloud platforms like AWS, Microsoft Azure, or Google Cloud. DevOps, including CI/CD pipelines (e.g., GitHub Actions) Infrastructure as Code (e.g., Terraform and OpenTofu) Data SQL databases such as Oracle, PostgreSQL, or Microsoft SQL Server for structured data storage. NoSQL databases like DynamoDB are used for handling unstructured or semi-structured data. Normalizing data models and understanding the trade-offs of denormalization in large-scale systems. Enterprise data architecture includes operational data stores, data replication, data lakes, and data warehousing. Cyber and Privacy Security frameworks like ISO 27001, NIST, or GDPR compliance. Compliance standards like CCPA, GDPR, particularly important when dealing with sensitive business data. Secure coding practices and principles, such as OWASP, encryption techniques, and identity management. Authentication protocols (OAuth, JWT) and identity management solutions (e.g., Azure AD, ForgeRock, SailPoint). Benefits Health Insurance, Accident Insurance. The salary will be determined based on several factors, including, but not limited to, location, relevant education, qualifications, experience, technical skills, and business needs. Additional Responsibilities Participate in OP monthly team meetings, and participate in team-building efforts. Contribute to OP technical discussions, peer reviews, etc. Contribute content and collaborate via the OP-Wiki/Knowledge Base. Provide status reports to OP Account Management as requested. About Us OP is a technology consulting and solutions company, offering advisory and managed services, innovative platforms, and staffing solutions across a wide range of fields — including AI, cyber security, enterprise architecture, and beyond. Our most valuable asset is our people: dynamic, creative thinkers, who are passionate about doing quality work. As a member of the OP team, you will have access to industry-leading consulting practices, strategies & and technologies, innovative training & education. An ideal OP team member is a technology leader with a proven track record of technical excellence and a strong focus on process and methodology. Show more Show less

Experience: 10+ years Job Type: Full-Time | Permanent Job Summary: We are hiring a Chief Information Security Officer (CISO) with 10+ years of experience to lead our cybersecurity strategy. The ideal candidate will drive risk management, security architecture, compliance, and incident response across the organization. Key Responsibilities: Define and implement a company-wide information security strategy . Conduct risk assessments and ensure mitigation plans. Lead incident response and disaster recovery planning . Ensure compliance with ISO 27001, GDPR, PCI-DSS , etc. Oversee security audits, vulnerability assessments , and penetration testing . Collaborate with IT, Legal, HR, and external vendors. Manage SIEM, firewalls, EDR, IAM, and cloud security tools. Report security metrics and KPIs to top leadership. Required Skills & Experience: 10+ years in information security, with 3+ years in leadership roles. Strong expertise in network, cloud (AWS/Azure), and application security . Solid knowledge of NIST, CIS, or COBIT frameworks. Excellent leadership and communication skills. Preferred Certifications: CISSP, CISM, CEH, ISO 27001 LA/LI, CCSP, or similar. Job Type: Full-time Pay: ₹357,019.46 - ₹1,593,562.92 per year Schedule: Rotational shift Work Location: In person

Key Responsibilities JOB DESCRIPTION Leadership and Team Management: Lead and manage the Internal Red Team and SOC Operations teams, ensuring effective collaboration and alignment with organizational security objectives. Provide mentorship and guidance to team members, fostering a culture of continuous learning and professional development. Conduct regular performance reviews and provide ongoing feedback and coaching. Red Team Operations: Plan, execute, and oversee red team exercises to identify and exploit vulnerabilities in systems, networks, and applications. Develop and maintain red team methodologies, tools, and documentation. Work closely with other security teams to remediate identified vulnerabilities and improve security defenses. SOC Operations Management: Oversee the daily operations of the SOC, ensuring efficient and effective monitoring, detection, and response to security incidents. Develop and maintain SOC processes, procedures, and documentation to ensure consistent and high-quality operations. Ensure the SOC is staffed 24/7, including managing schedules, shifts, and on-call rotations. Incident Response and Management: Coordinate and lead the response to major security incidents, including investigation, containment, eradication, and recovery. Develop and maintain an incident response plan and ensure the team is well-trained and prepared to handle incidents. Conduct post-incident reviews and develop lessons learned to improve future response efforts. Threat Intelligence and Analysis: Oversee the collection, analysis, and dissemination of threat intelligence to inform security operations and red team activities. Ensure the SOC team utilizes advanced threat detection tools and techniques to identify and mitigate threats. Collaborate with other teams to enhance threat intelligence capabilities and integrate with existing processes. Security Monitoring and Reporting: Ensure continuous monitoring of network traffic, system logs, and security alerts using SIEM (Security Information and Event Management) solutions. Develop and maintain metrics and dashboards to report on SOC and red team performance and security posture. Present regular reports and briefings to senior management on the state of security operations and key incidents. Policy and Compliance: Develop and enforce security policies, procedures, and standards in alignment with industry best practices and regulatory requirements. Ensure compliance with relevant regulations, such as GDPR, and PCI-DSS. Participate in security audits and assessments, and coordinate with external auditors as needed. Qualifications Bachelor’s degree in Computer Science, Information Security, or a related field. Equivalent work experience may be considered. Minimum of 7 years of experience in cybersecurity, with at least 3 years in a management or leadership role overseeing red team and/or SOC operations. Strong understanding of offensive security practices, including penetration testing and red teaming methodologies. Experience with SOC operations, including incident response, threat detection, and SIEM tools such as Splunk, ArcSight, or QRadar. Knowledge of common attack vectors and techniques, such as phishing, malware, and ransomware. Familiarity with regulatory requirements and frameworks, such as NIST, ISO 27001, and GDPR. Relevant certifications, such as CISSP, CISM, OSCP, CEH, or GIAC, are highly desirable. Excellent leadership, communication, and interpersonal skills. Ability to work effectively under pressure and manage multiple priorities. About The Team eClerx is a global leader in productized services, bringing together people, technology and domain expertise to amplify business results. Our mission is to set the benchmark for client service and success in our industry. Our vision is to be the innovation partner of choice for technology, data analytics and process management services. Since our inception in 2000, we've partnered with top companies across various industries, including financial services, telecommunications, retail, and high-tech. Our innovative solutions and domain expertise help businesses optimize operations, improve efficiency, and drive growth. With over 18,000 employees worldwide, eClerx is dedicated to delivering excellence through smart automation and data-driven insights. At eClerx, we believe in nurturing talent and providing hands-on experience. eClerx is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or protected veteran status, or any other legally protected basis, per applicable law. Show more Show less

Senior Analyst IT Risk Senior Analyst - IT Risk You will be part of the Global Asset Management Technology Risk team that oversees control operation across the Asset Management technology team. The role will require subject matter expert in technology controls to engage with technology, compliance, and audit partners to implement and maintain an integrated operating model that effectively drives technology performance while meeting stakeholder needs. Key responsibilities: Partnering with technology, business, compliance, and audit partners to operationalize technology risk framework. Lead and participate in IT focused audits demonstrating a solid working understanding of IT Controls Assurance process end-to-end. Acting as a liaison between audit owners and technology teams to facilitate ongoing audits including SOX, SOC2, and ISAE. Producing reporting packs for all levels of management to increase awareness of the status of core workstreams. Developing training and awareness materials to facilitate the inclusion of risk principles across the technology organization. Reviewing the setup of complex systems and technology governance frameworks in line with industry leading practices (e.g. ITIL, COBIT, NIST, ISO, etc.) Contribute by providing insights and recommendations to further improve overall technology risk management. Be responsible for the successful end-to-end delivery of multiple engagements including supporting team members. Develop strong relationships with stakeholders and potentially identify new risks and suggesting mitigating controls. Required qualifications: Bachelor’s or master’s degree preferably in computer science/ engineering. Minimum 5 to 7 years of experience in IT, project management/ service delivery, IT risk management or consulting. Expertise in ITGC, SOC, SOx, 3rd party risk management, project management. Excellent communication and writing skills. Good people, analytical and reporting skills with positive and problem-solving mindset. Ability to work autonomously with a focus on getting things done. CISA certification preferred. Other professional certifications such as CISM, COBIT, ISO27001 are a plus. Knowledge and experience of emerging technology, FinTech, Cloud Services and Cybersecurity will be preferred. About Our Company Ameriprise India LLP has been providing client based financial solutions to help clients plan and achieve their financial objectives for 130 years. We are a U.S. based financial planning company headquartered in Minneapolis with a global presence. The firm’s focus areas include Asset Management and Advice, Retirement Planning and Insurance Protection. Be part of an inclusive, collaborative culture that rewards you for your contributions and work with other talented individuals who share your passion for doing great work. You’ll also have plenty of opportunities to make your mark at the office and a difference in your community. So if you're talented, driven and want to work for a strong ethical company that cares, take the next step and create a career at Ameriprise India LLP. Ameriprise India LLP is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, genetic information, age, sexual orientation, gender identity, disability, veteran status, marital status, family status or any other basis prohibited by law. About Our Company Ameriprise India LLP has been providing client based financial solutions to help clients plan and achieve their financial objectives for 125 years. We are a U.S. based financial planning company headquartered in Minneapolis with a global presence. The firm’s focus areas include Asset Management and Advice, Retirement Planning and Insurance Protection. Be part of an inclusive, collaborative culture that rewards you for your contributions and work with other talented individuals who share your passion for doing great work. You’ll also have plenty of opportunities to make your mark at the office and a difference in your community. So if you're talented, driven and want to work for a strong ethical company that cares, take the next step and create a career at Ameriprise India LLP. Ameriprise India LLP is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, genetic information, age, sexual orientation, gender identity, disability, veteran status, marital status, family status or any other basis prohibited by law. Full-Time/Part-Time Full time Timings (2:00p-10:30p) India Business Unit AWMPO AWMP&S President's Office Job Family Group Technology

Job Summary: Provide professional expertise and advise IT and senior leadership in matters relating to technology-related compliance with all applicable laws, regulations, industry standards and corporate compliance requirements. Assess changes in the regulatory, business and technology environment and recommend and implement or guide appropriate changes to IT policies, controls, and processes to address security and technology issues. Manage and coordinate IT audit activities by working with IT leaders, team members, external auditors, regulators, and other organizations that review and assess IT processes and controls. Lead and execute cybersecurity risk management activities include internal compliance and risk management activities as well as third-party vendor security oversight and response to customer security inquiries. Responsibilities: Provide professional expertise and advise leadership in complying with all applicable laws, regulations, and accreditations, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), FedRAMP, HITRUST, ISO 27001, and EU General Data Protection Regulation (GDPR). Facilitate, oversee, and provide point of contact for all IT audits, assessments, and other reviews of processes and technology. Work with teams to coordinate schedules for activity. Work with IT teams to deliver requested evidence, documentation, conduct interviews, walk through processes, test controls, and negotiate issues. Manage and monitor development and execution of action plans by reviewing and evaluating reports for trends, working with leadership to prioritize findings, and track progress toward agreed upon timeframes. Ensure issues are appropriately documented, relevant, and understood. Perform IT risk and controls assurance assessments of internal and third-party technology-related processes and solutions, working with IT leaders, security architects, Procurement, and other subject matter experts. Perform recurring assessments of information security and technology functions to measure maturity against industry standard baselines, identifying improvement areas, registering risks, and assisting with action plans to move processes to a higher level of maturity. Develop and maintain operational metrics to ensure information security and technology risk and the performance of the IT risk and compliance program is measured sufficiently to enable success. Mentor and coach team members through risk assessments, including scoping of an assessment, resolving conflict, and prioritization of issues. Perform peer review of work product and deliverables. Continuously look to optimize processes, technology and capabilities through tactical and strategic development. Other duties as assigned. Knowledge and Skills: Strong analytical skills; Demonstration of ability to solve problems using best practices and systematic approach Relationship builder; able to create and maintain a trusted network on all levels; Good communication, influencing and negotiating skills; Written and oral communication skills including the ability to communicate complex technical issues to non-technical staff; Project management and organizational skills; Tactful and diplomatic when engaging with all levels of management always maintaining a professional demeanor. Required Experience: 5-8 years direct experience with information security, IT controls assurance and IT audit facilitation Working knowledge of industry standards such as NIST Cybersecurity Framework, FedRAMP, NIST SP 800-53, ISO 27001, Sarbanes-Oxley, SOC1, SOC2, HIPAA, HITRUST and other similar frameworks. Preferred Experience: Experience in cloud-based environments for production applications, including Amazon Web Services, Microsoft Azure, GCP or other large-scale cloud deployment. Understanding of attack vectors and methodologies. Ability to weigh business risks and enforce appropriate information security measures. CISSP, CISM, CISA, CCSA or equivalent certification preferred. Proficient in the use of Microsoft Office (Excel and PowerPoint), Power BI and Power Automate. GHX: It's the way you do business in healthcare Global Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes. GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions. It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively. Together we take more than a billion dollars out of the cost of delivering healthcare every year. GHX is privately owned, operates in the United States, Canada and Europe, and employs more than 1000 people worldwide. Our corporate headquarters is in Colorado, with additional offices in Europe. Disclaimer Global Healthcare Exchange, LLC and its North American subsidiaries (collectively, “GHX”) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. All qualified applicants will receive consideration for employment without regard to any status protected by applicable law. This EEO policy applies to all terms, conditions, and privileges of employment, including hiring, training and development, promotion, transfer, compensation, benefits, educational assistance, termination, layoffs, social and recreational programs, and retirement. GHX believes that employees should be provided with a working environment which enables each employee to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. GHX expects and requires the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere. Improper interference with the ability of GHX’s employees to perform their expected job duties is absolutely not tolerated. Show more Show less

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better. We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us! Job Description Job Summary: The consultant - Network & Security role encompasses the lead technical advisor responsibilities for working with our valued clients on large-scale, multi-site global projects to deploy network solutions. The Sr. Engineer - Networks will work with important internal and external contacts on the deployment and rollout of network infrastructure and security related efforts. These projects will be specific to promoting a Connected Enterprise by connecting the Industrial Internet of Things at our main global customer facilities. You will report to the Execution Manager. Your Responsibilities 'Hands-on' experience in assessing, designing and deploying network infrastructure in environments including process automation, discrete controls, and automated manufacturing processes / equipment. Experience in designing and deploying network infrastructure (switches, routers, firewalls etc.) within an Industrial Network. Understanding of multiple industry standards including ISA, ANSI, NEMA, NERC, IDC, NEC and NIST standards. Experience in PLC, Networking and SCADA design/programming including data extraction and data analysis. Solid technical skills with multiple Ethernet protocols including EtherNet/IP, specifically round assessment, design and implementation of complex systems. Ability to handle multiple projects / interactions, and to work with different global teams, clients and vendors including those in international regions. Familiarity with a variety of networking and security concepts, practices and procedures, to include manufacturing and enterprise network convergence, network protocols, communication optimization, application effects on system performance and human exploitation techniques on the manufacturing network. Experience in developing and deploying solutions in a virtual environment. Design, implement and support important global customers', converged business and manufacturing/industrial networks and user needs to be in parallel with their overall business strategies. Write detailed documentation that includes customer requirements, system specifications, observed issues with remediation recommendations or implementation plans to develop manufacturing infrastructure. Design, recommend and implement network infrastructure and associated configuration changes. Design customer secure manufacturing architectures and provide vision, problem anticipation, and solution to customers. The Essentials - You Will Have Bachelor's Degree in Electrical Engineering, Industrial Engineering, Computer Science or Information Technology or related technology-driven degree. If no degree, 8+ years of experience in Network Designing & Implementation Virtualization and Industrial Security Controls. 8+ years of hands-on experience configuring IT/OT network infrastructure equipment (Cisco Switches, Virtual Server Environments, Cisco ASA, Fortigate/Palo Alto Firewalls,Anti-Virus Software). 5+ years of exp. in Industrial Networking related experience. In-depth understanding of Ethernet/IP and CIP protocol. Previous experience working as part of a large, diverse global team completing full project life-cycle implementations. Travel Requirements: - Flexibility for travel 50% - 60% is required and can include both domestic and international trips. Legal authorization to work in the country of residence is required. You must be flexible to undergo 40% to 50% of business travel. The Preferred - You Might Also Have Recognised Network Certification (CCNA Industrial, CCNA / CCNP / CCIE Routing and Switching/Wireless, VCA, VCP, Cisco INS, GICSP. Specific focus on NIST 800-82, NERC-CIP, IEC-62443 Standards would be an added benefit. Willing to contribute as an individual contributor. What We Offer Our benefits package includes … Comprehensive mindfulness programmes with a premium membership to Calm. Volunteer Paid Time off available after 6 months of employment for eligible employees. Company volunteer and donation matching programme – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation. Employee Assistance Program. Personalised wellbeing programmes through our OnTrack programme. On-demand digital course library for professional development. and other local benefits! At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles. Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office. Show more Show less

Role Description Job Title: Specialist I - Information Security | Vulnerability Management - Subject Matter Expert (SME) Location:, Hyderabad,Chennai,Bangalore,Trivandrum,Cochin Experience: 7-9 years Company: CyberProof, A UST Company About CyberProof CyberProof is a leading cyber security services and platform company dedicated to helping customers react faster and smarter to security threats. We enable enterprises to create and maintain secure digital ecosystems through automation, threat detection, and rapid incident response. As part of the UST family, we are trusted by some of the world’s largest enterprises. Our Security Operations Group is composed of a global team of highly skilled cyber security professionals, with our tier 3-4 expertise rooted in Israeli Intelligence. Job Summary We are seeking a highly experienced and knowledgeable Subject Matter Expert (SME) to join our Vulnerability Management team. The ideal candidate will possess deep expertise in cybersecurity, particularly in vulnerability management processes, tools, and best practices. This role demands strong analytical skills, excellent communication, and a proactive approach to security risk mitigation. Key Responsibilities Lead and manage the vulnerability management program end-to-end. Conduct vulnerability assessments and penetration testing. Use tools like Qualys VMDR, MS Defender, and CrowdStrike to detect, analyze, and report vulnerabilities. Create dashboards and detailed reports with actionable recommendations. Prioritize vulnerabilities based on business risk and exploitability. Collaborate with technical teams for remediation planning and execution. Stay current with emerging threats, trends, and technologies. Deliver training on vulnerability management processes and tools. Support incident response efforts with expertise in vulnerability exploitation and mitigation. Ensure compliance with security frameworks and regulatory standards. Skills Must-Have Skills: Minimum 7 years of experience in Cybersecurity with a focus on Vulnerability Management. Hands-on experience with Rapid7, Tenable . In-depth understanding of cybersecurity threats, vulnerabilities, and risk prioritization. Strong knowledge of operating systems: Windows, Linux, macOS. Excellent communication and reporting skills. Knowledge of network protocols, architectures, and security configurations. Familiarity with patch management and risk assessment methodologies. Good-to-Have Skills Experience with MS Defender, and CrowdStrike , or cloud security tools. Scripting and automation experience (e.g., Python, PowerShell). Relevant certifications such as CISSP, CEH, OSCP, etc. Knowledge of compliance standards (e.g., NIST, ISO 27001, GDPR). Show more Show less

Sikich is seeking an IT Audit Associate with 0-2 years of experience to join our team. Experience in IT audits, network audits, or related areas is preferable. The IT Audit Associate position plays a important role in supporting the GRC services and on-demand IT audit project support for our clients in the US. About the firm Sikich is a global company specializing in Accounting, Advisory, and Technical professional services. With employees across the globe, Sikich ranks as one of the largest professional services companies in the United States. Our comprehensive skillsets, obtained over decades of experience as entrepreneurs, business owners and industry innovators, allow us to provide insights and transformative strategies to help strengthen every dimension of our clients’ businesses. Job Responsibilities Execution of IT audit engagements Conduct IT risk assessment by understanding business objectives, internal controls, enabling technology, and IT infrastructure. Perform audit work over various technologies utilized by the company and various IT functions. Assess both the design and operating effectiveness of IT enabled internal controls. Prioritize and assist in scheduling audit tests to be performed and interact with auditees to obtain the necessary information. Contribute to identification of department operational efficiencies and changes in auditing operations. Evaluate controls designed to prevent or detect fraud, including management override of controls. Assist the US teams in special projects, investigations, or ad hoc assignments as directed by management. Requirements for Successful Candidate Bachelors in Computer Science OR Information Technology Engineering with practical knowledge of IT Controls. Preferably - Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP); In depth understanding of IT audits. Prior experience is preferred. Understanding of IT controls documentation, IT and cybersecurity control frameworks including CIS 18, NIST, COBIT, ISO 27001. Familiarity with IT controls for system and software applications and related controls including Active Directory, ERP roles and profiles. Familiarity with Service Organization Controls (SOC1 and SOC2) Knowledge regarding network infrastructure and Cloud. Excellent written and verbal communication skills to effectively communicate findings and recommendations. Self-motivated, positive, proactive, and capable of working independently as well as collaboratively in a team environment. Uphold high ethical standards and maintain confidentiality of sensitive information. Benefits of being a part of the team Family Health Insurance including parents Life & Accident Insurance Maternity/paternity leave Performance-based incentives Referral Bonus program Exam Fee Reimbursement Policy Indian festival holidays 5 days working week Meals facility Doctor's consultation Show more Show less

Full-time Job Description Job Description NielsenIQ is seeking a skilled and driven Customer Identity and Access Management (CIAM) Sr. Engineer to support modernization of our global customer identity platform and advance maturity of CIAM program. The ideal candidate will be instrumental in engineering, implementing, and optimizing customer identity solutions that ensure secure, seamless, and scalable digital experiences. This role demands a blend of clear business-level communication, acumen, cross-functional collaboration, champion secure yet frictionless customer identity experiences across the organization with business outcomes mindset. Exceptional interpersonal skills and polished written and spoken English are essential. Key Responsibilities Support development, architecture, and implementation of end-to-end CIAM solutions using Okta Identity Cloud or comparable technologies focusing on features like Single Sign-On (SSO), Adaptive Multi-Factor Authentication (MFA), Universal Directory, and Lifecycle Management. Identification of and recommendations for leading digital experiences to serve as benchmarks for clients CIAM future state. Develop and manage secure API access strategies, leveraging OAuth 2.0 and OpenID Connect protocols to protect customer data and services. Utilize Okta’s APIs and SDKs to build custom integrations with third-party applications, ensuring seamless user experiences across platforms. Collaborate with UX/UI teams to design and implement user-friendly authentication flows, including social login options and passwordless authentication methods. Collaborate with cross-functional teams, mentor junior engineers, and work closely with business stakeholders to align CIAM solutions with business objectives. Evaluate current processes against the defined industry and leading practices including industry standards such as the National Institute for Standards and Technology (NIST) Special Publication (SP) 800-63; Digital Authentication, NIST Cybersecurity Framework (CSF) and NIST SP 800-53; Security and Privacy Controls Research emerging IAM technologies, including new products, services, protocols, and standards to inform procurement and development strategies. On Call Rotation as required Qualifications Bachelor’s degree in Computer Science, Information Technology, or a related field. Minimum of 5 years in IAM, with at least 3 years of CIAM product configuration/ development preferred. Subject matter expert in SAML, Oauth, OIDC, JWT or other industry standard authentication and/or authorization solutions and experience with scripting languages such as JavaScript and PowerShell. Experience with developing patterns on API security and creating CIAM capabilities as service-based architecture. CIAM domain expertise building strategic business partnerships, aligning solutions with current objectives and emerging industry trends, influencing priorities, and actively sharing knowledge with colleagues. Strong communicator who translates complex technical concepts into clear, business-friendly language. Proven experience integrating enterprise identity services within leading cloud platforms, including AWS and Microsoft Azure. Demonstrate ability to collaborate across functional boundaries, distill core issues, and proactively engage stakeholders to provide targeted support. Desirable Certifications: Okta Certified Professional, Okta Certified Administrator, or Okta Certified Developer. Excellent interpersonal communication skills with strong spoken and written English. Flexibility to accommodate working across different time-zones. Additional Information Enjoy a flexible and rewarding work environment with peer-to-peer recognition platforms. Recharge and revitalize with help of wellness plans made for you and your family. Plan your future with financial wellness tools. Stay relevant and upskill yourself with career development opportunities Our Benefits Flexible working environment Volunteer time off LinkedIn Learning Employee-Assistance-Program (EAP) About NIQ NIQ is the world’s leading consumer intelligence company, delivering the most complete understanding of consumer buying behavior and revealing new pathways to growth. In 2023, NIQ combined with GfK, bringing together the two industry leaders with unparalleled global reach. With a holistic retail read and the most comprehensive consumer insights—delivered with advanced analytics through state-of-the-art platforms—NIQ delivers the Full View™. NIQ is an Advent International portfolio company with operations in 100+ markets, covering more than 90% of the world’s population. For more information, visit NIQ.com Want to keep up with our latest updates? Follow us on: LinkedIn | Instagram | Twitter | Facebook Our commitment to Diversity, Equity, and Inclusion NIQ is committed to reflecting the diversity of the clients, communities, and markets we measure within our own workforce. We exist to count everyone and are on a mission to systematically embed inclusion and diversity into all aspects of our workforce, measurement, and products. We enthusiastically invite candidates who share that mission to join us. We are proud to be an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability status, age, marital status, protected veteran status or any other protected class. Our global non-discrimination policy covers these protected classes in every market in which we do business worldwide. Learn more about how we are driving diversity and inclusion in everything we do by visiting the NIQ News Center: https://nielseniq.com/global/en/news-center/diversity-inclusion I'm interested I'm interested Privacy Policy Show more Show less