Cyber Security Senior Advisor (A) - HIH - Evernorth About Evernorth:Evernorth Health Services, a division of The Cigna Group (NYSECI), creates pharmacy, care, and benefits solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people.Cyber Security Senior advisorJob Objective:The Information Protection Senior Advisor is responsible for conducting research, conceptualizing, designing, developing, and testing secure technology systems, including on perimeter and cloud-based networks to support to Cignas Information Protection Middle East and Africa (MEA) team. This role directly supports the MEA Portfolio covering 34x operational entities across 22x countries ensuring that security requirements are adequately addressed safeguarding the protection of sensitive policyholder data, claims information, and financial transactions.Reporting to the Head of Cyber Security Middle East & Africa, you will develop and enforce security strategies that mitigate cyber threats, protect against fraud, and ensure business continuity in a highly regulated health insurance environment. You will be required to design, implement, and oversee the security infrastructure for our business platforms in accordance with Cigna Information Protection (CIP) security architecture framework.In this role, you will work closely with CIP Architecture and Engineering, Risk Management, and Compliance teams to build secure architectures that align with internal and regulatory requirements such as SAMA CSF (KSA), ADHICS (UAE), GDPR, HIPAA, and PCI DSS.:13-16 years of experience in a Cyber Security Design and Development role.Partners with the CIP MEA leadership team to develop a regional strategy and operational plan to deliver CIP shared services to the business.Perform security reviews using CIP or Industry standards (NIST, ISO etc) to identify gaps in security architecture and controls as part of a MEA cybersecurity risk management plan.Develop and Integrate cybersecurity designs for systems and networks that require processing of multiple data classification levelsDetermine if systems and architecture are consistent with CIPs Secure Baselines and Global Security Architecture Requirements.Ensure secure third-party vendor integrations (e.g., Fronting Partners, Third Party Administrators, regulatory entities, payment processors and healthcare providers).Advise on security requirements to be included in statements of work for Cigna or JV partners procuring new technology services.Determine and Document the impact of new system and interface implementations on the cybersecurity posture of Cigna or a JV partner.Partners with the business to evaluate and translate functional requirements and integrating security policies into technical solutions.Performs comprehensive technology research to evaluate potential solutions across cyberspace systems relevant for the MEA region including Joint Venture (JV) partners.Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends enhancements.Maintains strong working relationships with individuals and groups involved in managing security architecture engineering and technology risks across the organizationStays abreast of current and emerging security threats and designs security architectures to mitigate themSkills Needed:Ability to analyse an organisations enterprise information technology architectureAbility to apply secure network architectures and security controls into proposed solutionsAbility to identify cybersecurity or privacy issues in external or partner connectionsAbility to design systems and apply security architecture guidelines across On-Premises and Hybrid Cloud environmentsAbility to partner with Infrastructure, Cloud and Application architects to perform user needs analysis and requirements gathering for large-scale projects.Ability to develop a cyber security strategy and input into detail-oriented operational planning including capability development (People, Processes, Technology, Data).Ability to perform Controls Assurance / Attestation and deliver comprehensive risk treatment plans.Technical depth and sound knowledge in networking, cloud, desktop, server, storage, software-defined-networking, virtualization and application domainsProven communication skills, able to write and verbally communicate complex conceptsProven collaboration skills and can adapt to changing organization changing business needs, technological advances and agile methodologySelf-starter and shows empathy towards business requirements and able to influence changes to facilitate securityHealth Insurance or Health Care Industry experience is a plusTravel required, approximately 10%Qualifications:Bachelors or Masters in Cybersecurity, Computer Science, or Information Security.Qualified candidates will typically have 13+ of professional IT experience work experience, with 8+ years of experience in a security design and development roleCISSP, CISM, CCSP, CRISC or similar certifications requiredExpertise in encryption, network security, cloud security, application security and endpoint protection.Deep knowledge of security risks, data privacy laws, and fraud prevention techniques relevant to Financial Services, FinTech and Health sectors.Experience in data security standards and best practices for Personally Identifiable Information (PII) and Personal Health Information (PHI)Experience and working knowledge of NIST, HIPPA, PCI DSS & ISO 27001 certification is a plusStrong written and spoken English skills, demonstrated ability to communicate at high levels, both verbally and in reportingStrong work ethic, high drive and ability to focus. High stamina. Shows optimism and determination when facing challengesAbility to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Cyber Security (OT Security) – Technology Consulting – Senior GDS Advisory's Risk group is a unique, industry-focused business unit that provides a broad range of integrated services that leverage deep industry experience with strong functional capability and product knowledge. Risk practice team provides integrated advisory services to leading Fortune 500 Companies. The team provides Risk Assurance, Risk Transformation, Internal Audit, Cybersecurity, Financial Services Risk Management and Actuarial services that take an enterprise-wide view, so that risk mitigation and risk management strategies and processes are embedded in every part of the organization. Our services mitigate risk, reduce the cost of control and help create value. The opportunity The GDS Architecture Engineering and Emerging Technology (AEET) services help our clients tackle the many security challenges they face on a daily basis and develop effective solutions using people, processes and technology, while enabling better security and risk decisions, and reducing costs related to manging security risks. The AEET team is looking for individuals who will play a direct role in delivery of Operational Technology (OT) security engagements, development of proposals in this area, and develop OT security solutions. You will play a key role in supporting our clients to secure their IT/OT environments, either through advisory and/or implementation support. Your key responsibilities To qualify, candidates must have: Understanding of security-related operational processes in the OT-ICS environments Understanding of OT SOC/ OT Identity Access Management/ OT Pen testing/ Zero Trust on OT Understanding of technologies (typical assets, communication protocols, technical architectures) utilized by OT-ICS systems and networks Knowledge of cyber / information security concepts, risk and controls concepts Understanding of aspects of functional safety (SIS) Knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts Knowledge of the technical security solutions utilized within OT-ICS systems and networks Knowledge of OS (Windows / Linux) security, Database security Knowledge of IT infrastructure Knowledge of cyber threats and vulnerabilities related to platform and infrastructure is a plus Prior experience working alongside delivery leads and architects to Identify and manage risks is a plus Skills And Attributes For Success Completed technical higher education in the field of industrial automation, computer science, electronics or other relevant fields Certificates or education related to industrial automation / engineering etc. Knowledge of OT-ICS Security standards, including ISA/IEC 62443, NIST 800-82, NERC-CIP Knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, etc. is a plus Knowledge on tools like Nessus, BackTrack, NMAP, BurpSuite, etc. is a definite plus Knowledge on OT network monitoring solution such as Nozomi, Claroty, Armis, DarkTrace, Azure Defender. To qualify for the role, you must have 5+ years of experience in the Cyber Security and OT Security Domain Minimum B. Tech. or equivalent educational qualification ISA/IEC 62443 Fundamental* SCADA Fundamentals CompTIA Network+ CompTIA Security+ What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

About Credgenics : Credgenics is India’s first of its kind NPA resolution platform backed by credible investors including Accel Partners and Titan Capital. We work with financial institutions, Banks, NBFCs & Digital lending firms to improve the efficiency of their collection using technology, automation intelligence and optimal legal routes to facilitate the resolution of stressed assets. With all major banks and NBFCs as our clients, our SaaS-based collections platform helps them efficiently improve their NPA, geographic reach and customer experience. We count most of India's lending majors as our clients such as ICICI Bank, Axis Bank, Bank of Baroda, etc and have been able to grow 100% MoM consistently even among the pandemic. Role Overview: We are looking for a highly skilled Information Security Engineer II to join our team and play a critical role in safeguarding our information systems and data against potential threats. In this position, you will leverage your expertise to design and implement robust security measures, conduct risk assessments, and ensure compliance with industry standards. Responsibilities: Design, implement, and manage security architecture for our systems, ensuring adherence to best practices and compliance requirements. Conduct thorough risk assessments and vulnerability analysis to identify security weaknesses and recommend mitigation strategies for the complete IT infrastructure of the company . Coordinate with Cert-In empanneled vendors for annual VAPT and PCI DSS certification compliance, manage engagements and ensure standards adherence. Coordinate and handle customer queries related to information security during customer onboarding and handle the periodic banks audit for information security. Develop and enforce security policies, procedures, and standards to protect sensitive information. Monitor security alerts and incidents, responding promptly to security breaches and providing detailed reports on findings and resolutions. Collaborate with cross-functional teams to integrate security into all phases of the software development lifecycle (SDLC). Collaborate with third-party vendors and service providers to perform vendor risk assessment and ensure the security of outsourced systems and services. Perform user access management review, firewall config, rules review and coordinate with the team for the mitigation of all observations. Perform email system’s security assessment to evaluate anti-phishing, anti-spam, and DLP controls. Manage and maintain security systems such as SIEM, IDS/IPS, and DLP to detect and respond to security incidents. Document security findings, recommendations, and remediation plans, and communicate them to relevant stakeholders in a clear and concise manner. Assist in the development and maintenance of security awareness and training programs for employees, promoting a culture of security throughout the organization. Required: 5-7 years of experience in information security, with a focus on security architecture and engineering. Cloud security (AWS) - minimum 2-3 years, DevSecOps - minimum 2 years experience. Server & network security close to 3-4 years experience. Proven experience with governance - RBI guidelines in terms of data security, business continuity, data location, disaster recovery. Experience in security standards such as ISO 27001, ISO 27701, PCI DSS and security frameworks CIS and NIST benchmarking. Hands-on experience with network, application, API vulnerability scanning and penetration testing should be at least 3-4 years. Relevant security certifications such as CISA, CEH or ISO 27001 auditor (preference) Soft Skills and Cultural Fit Exceptional analytical and problem-solving skills, with a keen attention to detail. Strong communication skills to effectively convey complex security concepts to technical and non-technical stakeholders. Proactive and self-motivated, with the ability to work independently and collaboratively in a hybrid work environment. A passion for continuous learning and staying current with industry trends and emerging threats. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY Technology - Security Consultant Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have 350,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization. EY Technology supports our technology needs through three business units: Client Technology (CT) - focuses on developing new technology services for our clients. It enables EY to identify new technology-based opportunities faster and pursue those opportunities more rapidly. Enterprise Technology (ET) – ET supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. ET will also support our internal technology needs by focusing on a better user experience. Information Security (InfoSec) - Info Sec prevents, detects, responds, and mitigates cyber-risk, protecting EY and client data, and our information management systems. The opportunity As a Security Consultant Lead within EY’s internal Global Information Security team, the individual will be a trusted security advisor to the Client Technology Platforms Delivery organization within IT Services. The Client Technology Platforms delivery organization is responsible for end-to-end delivery of technology programs and projects supporting EY’s service lines including delivery of a global managed services platform, Big Data and analytics solutions as well as individual line of business solutions and services. This role will directly engage in supporting a team of architects, engineers, and product managers for delivery on programs and projects, defining security risks and controls, providing security guidance, identifying and prioritizing security-related requirements, promoting secure-by-default designs and facilitating delivery of information security services throughout the system development life cycle (SDLC). The role will also develop and directly communicate appropriate risk treatment and mitigation options to address security vulnerabilities translated into business-oriented terminology for communicating risk to business stakeholders. Your Key Responsibilities Support a technical team with a focus on the following responsibilities: Review security architectures and provide pragmatic security guidance that balance business benefit and risks. Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls Perform threat modeling and risk assessments of information systems, applications, and infrastructure Maintain Information Security Policies and Compliance standards and enhance the InfoSec risk assessment and certification methodologies Define security configuration standards for shared and multi-tenant platforms and technologies Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders Provide knowledge sharing and technical assistance to other team members Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible services and technology portfolios Skills And Attributes For Success Significant working security experience and knowledge in the design, implementation, and operation of security controls in one of the following areas: Cloud Security – Technical understanding of virtualization, cloud infrastructure, and public cloud offerings and experience designing security configuration and controls within cloud-based solutions e.g., Microsoft Azure and Azure PAAS services or another cloud platform (GCP, AWS, IBM, AliCloud, etc.) Infrastructure Security – Experience with the integration of cloud native infrastructure security technologies and solutions into business solution architectures including the integration of identity & access management, Web Application Firewalls (WAFs), Application and API Gateways, intrusion detection and prevention, security monitoring, and data encryption solutions. Application Security - Experience with the design and testing of security controls for multi-tier business solutions including the design of application-level access and entitlement management, data tenancy and isolation, encryption, and logging. Working familiarity with REST API and microservices architecture. Agile & DevSecOps Methodologies – Experience promoting automated security features in pipelines and security testing as a central feature in Agile workflows as a contributing member within an Agile development or DevOps environment. Although not required, it is preferred that candidates possess additional working security experience and knowledge in one or more of the following areas: Operational Security – Experience with defining operational security models and procedures for business solutions including the operation and maintenance of infrastructure and application security controls. Information Security Standards – Knowledge of common information security standards such as: ISO 27001/27002, CSA and CIS Controls, NIST CSF, PCI/DSS, FEDRAMP. Product Management – working with broader business and technology teams on aspects of security that affect all phases of PI Planning from concept to design to implementation and then operational support. Identity and Access Management – Experience with Azure Active Directory (AAD) based Identity and Access Management and Authorization design and integration with API, IDaaS, and Federation technologies. To qualify for the role, you must have: Advanced degree in Computer Science or a related discipline; or equivalent work experience. Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications or CISSP, CISM or CISA or similar cloud-security oriented certifications. Nine or more years of experience in the management of a significant Information Security risk management function Experience in managing the communication of security findings and recommendations to IT project teams, business leadership and technology management executives EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

environmental, pharmaceutical and cosmetic product testing and in AgroScience CRO services. It is also one of the global independent market leaders in certain testing and laboratory services for genomics, discovery pharmacology, forensics, CDMO, advanced material sciences and in the support of clinical studies. Young and dynamic, we have a rich culture, and we offer fulfilling careers Junior Vulnerability Management Analyst Position Overview: We are seeking a motivated and detail-oriented Junior Vulnerability Management Analyst to join our cybersecurity team. The role focuses on identifying, analysing, and assisting in the remediation of infrastructure vulnerabilities using tools like PingCastle and Qualys SCA. This is an excellent opportunity for individuals looking to grow their expertise in cybersecurity and vulnerability management. Key Responsibilities Vulnerability Scanning & Analysis: Conduct vulnerability scans using PingCastle and Qualys SCA to identify risks in Active Directory and infrastructure systems. Analyze scan results, validate findings, and prioritize vulnerabilities based on risk levels. Monitor scan performance, troubleshoot issues, and report anomalies to senior analysts. Remediation Support : Collaborate with IT Operation Teams to track remediation efforts and ensure timely resolution of identified vulnerabilities. Provide recommendations for configuration hardening based on findings. Reporting & Documentation: Generate detailed vulnerability reports and dashboards for internal stakeholders. Maintain accurate records of vulnerabilities, remediation timelines, and compliance status. Policy & Compliance: Assist in reviewing security policies and ensuring adherence to industry standards like CIS benchmarks. Support compliance efforts by aligning vulnerability management practices with organizational goals.Soft Skills: Strong analytical skills with attention to detail. Effective communication skills for technical reporting and collaboration with cross-functional teams. Eagerness to learn new tools and adapt to evolving cybersecurity challenges.Desirable Skills: Experience with patch management processes. Familiarity with compliance frameworks (e.g., ISO 27001, NIST). Qualifications Qualifications & Skills Technical Skills: Foundational understanding of cybersecurity principles, vulnerability management, and risk mitigation. Familiarity with tools like PingCastle, Qualys SCA, or similar vulnerability assessment platforms. Basic knowledge of Active Directory security and IT infrastructure components (e.g., servers, networks).Education & Experience: Bachelors degree in Cybersecurity, Information Technology, or a related field (or equivalent experience) 0-3 years of experience in cybersecurity or IT operations.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY Technology - Security Consultant Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have 350,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization. EY Technology supports our technology needs through three business units: Client Technology (CT) - focuses on developing new technology services for our clients. It enables EY to identify new technology-based opportunities faster and pursue those opportunities more rapidly. Enterprise Technology (ET) – ET supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. ET will also support our internal technology needs by focusing on a better user experience. Information Security (InfoSec) - Info Sec prevents, detects, responds, and mitigates cyber-risk, protecting EY and client data, and our information management systems. The opportunity As a Security Consultant Lead within EY’s internal Global Information Security team, the individual will be a trusted security advisor to the Client Technology Platforms Delivery organization within IT Services. The Client Technology Platforms delivery organization is responsible for end-to-end delivery of technology programs and projects supporting EY’s service lines including delivery of a global managed services platform, Big Data and analytics solutions as well as individual line of business solutions and services. This role will directly engage in supporting a team of architects, engineers, and product managers for delivery on programs and projects, defining security risks and controls, providing security guidance, identifying and prioritizing security-related requirements, promoting secure-by-default designs and facilitating delivery of information security services throughout the system development life cycle (SDLC). The role will also develop and directly communicate appropriate risk treatment and mitigation options to address security vulnerabilities translated into business-oriented terminology for communicating risk to business stakeholders. Your Key Responsibilities Support a technical team with a focus on the following responsibilities: Review security architectures and provide pragmatic security guidance that balance business benefit and risks. Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls Perform threat modeling and risk assessments of information systems, applications, and infrastructure Maintain Information Security Policies and Compliance standards and enhance the InfoSec risk assessment and certification methodologies Define security configuration standards for shared and multi-tenant platforms and technologies Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders Provide knowledge sharing and technical assistance to other team members Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible services and technology portfolios Skills And Attributes For Success Significant working security experience and knowledge in the design, implementation, and operation of security controls in one of the following areas: Cloud Security – Technical understanding of virtualization, cloud infrastructure, and public cloud offerings and experience designing security configuration and controls within cloud-based solutions e.g., Microsoft Azure and Azure PAAS services or another cloud platform (GCP, AWS, IBM, AliCloud, etc.) Infrastructure Security – Experience with the integration of cloud native infrastructure security technologies and solutions into business solution architectures including the integration of identity & access management, Web Application Firewalls (WAFs), Application and API Gateways, intrusion detection and prevention, security monitoring, and data encryption solutions. Application Security - Experience with the design and testing of security controls for multi-tier business solutions including the design of application-level access and entitlement management, data tenancy and isolation, encryption, and logging. Working familiarity with REST API and microservices architecture. Agile & DevSecOps Methodologies – Experience promoting automated security features in pipelines and security testing as a central feature in Agile workflows as a contributing member within an Agile development or DevOps environment. Although not required, it is preferred that candidates possess additional working security experience and knowledge in one or more of the following areas: Operational Security – Experience with defining operational security models and procedures for business solutions including the operation and maintenance of infrastructure and application security controls. Information Security Standards – Knowledge of common information security standards such as: ISO 27001/27002, CSA and CIS Controls, NIST CSF, PCI/DSS, FEDRAMP. Product Management – working with broader business and technology teams on aspects of security that affect all phases of PI Planning from concept to design to implementation and then operational support. Identity and Access Management – Experience with Azure Active Directory (AAD) based Identity and Access Management and Authorization design and integration with API, IDaaS, and Federation technologies. To qualify for the role, you must have: Advanced degree in Computer Science or a related discipline; or equivalent work experience. Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications or CISSP, CISM or CISA or similar cloud-security oriented certifications. Nine or more years of experience in the management of a significant Information Security risk management function Experience in managing the communication of security findings and recommendations to IT project teams, business leadership and technology management executives EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

This role is eligible for our hybrid work model: Two days in-office. Why Is This Job a Big Deal The position is responsible for coordinating Priceline’s risk and compliance projects, elevating our security posture. As a leading tech company, this role requires an understanding of our existing infrastructure, cybersecurity controls and risk profile, as well as a willingness to learn about emerging technologies.The Security Risk & Compliance Associate will be part of a high-performing and diverse information security team at Priceline, a US subsidiary of the biggest online travel company of the world. He/she will be part of a growing GRC team that has multiple exciting challenges. In This Role You Will Get To Coordinate end-to-end security GRC projects and initiatives to improve our security posture. Maintain our different security controls frameworks, including NIST CSF maturity framework, PCI-DSS and NYDFS, enhancing the frameworks and controls based on recommendations from maturity and risk assessments. Enhance our cyber risk governance processes, maintain our cybersecurity risk register and define our cybersecurity risk appetite framework. Support our security program reporting processes, collecting security metrics and creating impactful reports. Coordinate information security training and awareness activities Evaluation, maintenance and enhancement of our current security GRC tools. Maintain and improve our information security policy framework, in accordance with our regulatory and compliance requirements. Ensure quality of our key security processes (vulnerability management, security incident reporting). Track progress of issues reported, vulnerabilities, and support in the creation of dashboards and metrics to facilitate this process. Act as a security advocate, supporting business owners’ requests related to security (evaluate policy exception requests, complete third-party security questionnaires, etc). Who You Are Bachelor’s degree in Computer Engineering or Cybersecurity-related discipline 3-5 years of experience working in an information security GRC function BIG4 experience is a plus. Experience supporting security reporting processes (dashboards, metrics collection, JIRA, Tableau) and or project/program management is a plus One or more of the following certifications: CISSP, CRISC, CCSP, CCSK, CISA, PMP Knowledge of security control and compliance frameworks: NIST CSF, PCI-DSS, ISO 27001 Basic understanding of security engineering best practices, as well as cloud security controls and DevOps & CI/CD development environments. Experience driving security GRC initiatives in a proactive and independent manner Experience working with cross-functional teams in fast-paced environments. Solid problem-solving skills and attention to detail. Illustrated history of living the values necessary to Priceline: Customer, Innovation, Team, Accountability and Trust. The Right Results, the Right Way is not just a motto at Priceline; it’s a way of life. Unquestionable integrity and ethics is essential. Who We Are WE ARE PRICELINE. Our success as one of the biggest players in online travel is all thanks to our incredible, dedicated team of talented employees. Priceliners are focused on being the best travel deal makers in the world, motivated by our passion to help everyone experience the moments that matter most in their lives. Whether it’s a dream vacation, your cousin’s graduation, or your best friend’s wedding - we make travel affordable and accessible to our customers. Our culture is unique and inspiring (that’s what our employees tell us). We’re a grown-up, startup. We deliver the excitement of a new venture, without the struggles and chaos that can come with a business that hasn’t stabilized. We’re on the cutting edge of innovative technologies. We keep the customer at the center of all that we do. Our ability to meet their needs relies on the strength of a workforce as diverse as the customers we serve. We bring together employees from all walks of life and we are proud to provide the kind of inclusive environment that stimulates innovation, creativity and collaboration. Priceline is part of the Booking Holdings, Inc. (Nasdaq: BKNG) family of companies, a highly profitable global online travel company with a market capitalization of over $80 billion. Our sister companies include Booking.com, BookingGo, Agoda, Kayak and OpenTable. If you want to be part of something truly special, check us out! Flexible work at Priceline Priceline is following a hybrid working model, which includes two days onsite as determined by you and your manager (ideally selecting among Tuesday, Wednesday, or Thursday). On the remaining days, you can choose to be remote or in the office. Diversity and Inclusion are a Big Deal! To be the best travel dealmakers in the world, it’s important we have a workforce that reflects the diverse customers and communities we serve. We are committed to cultivating a culture where all employees have the freedom to bring their individual perspectives, life experiences, and passion to work. Priceline is a proud equal opportunity employer. We embrace and celebrate the unique lenses through which our employees see the world. We’d love you to join us and add to our rich mix! Applying for this position We're excited that you are interested in a career with us. For all current employees , please use the internal portal to find jobs and apply. External candidates are required to have an account before applying. When you click Apply, returning candidates can log in, or new candidates can quickly create an account to save/view applications. Show more Show less

-Develop a deep technical understanding of IBM Public Cloud offerings and infrastructure -Plan and perform red team exercises against various cloud offerings -Plan and perform full stack security tests against various system(s) and application(s) independently as well as within a team -Engage in security monitoring and visibility improvement activities across the IBM Public Cloud organization -Thoroughly document techniques, tactics, and proof of concepts used during security testing and red team exercises -Communicate with various business and technology leaders to interpret identified vulnerabilities and assist in the development and planning for risk mitigation plans -Research and continuously improve skills in attacker tools, methods, and techniques -Lead by example for the greater red team in professionalism, communication, and technical expertise Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Demonstrates strong understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Demonstrates strong ability to communicate highly technical aspects to Executives and IT staffs, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) Possess one or more of the following credentialsOSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 3+ years of demonstrating experience in system or application administration role(s) Preferred technical and professional experience 5+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Ability to communicate highly technical aspects to Executives and IT staff, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Expertise in developing exploits and customized attack tooling and approaches Demonstratedsecurity research leading to bug bounty and CVE awards Deep understanding of serverless services, containerization and other cloud technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) CGood to have one of these certsCRTP, CEH, OSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 5+ years of demonstrating experience in system or application administration role(s)

We are seeking a highly experienced and skilled Senior Cybersecurity Professional to join our team. The candidate should have a deep understanding protecting an organization's data and systems from cyber threats by identifying vulnerabilities, responding to breaches, and implementing security measures. Primary Skills Leadership and Strategy: Develop and implement comprehensive cybersecurity strategies and policies. Lead and mentor a team of cybersecurity professionals. Stay updated with the latest cybersecurity trends and technologies. Identify and prioritize critical business functions in collaboration with organizational stakeholders Risk Management: Conduct risk assessments and vulnerability analyses. Develop and implement risk mitigation plans. Ensure compliance with industry standards and regulations. Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. Incident Response: Lead incident response efforts and manage security breaches. Develop and maintain incident response plans and procedures. Conduct post-incident analysis and reporting. Security Operations: Oversee the implementation and management of security tools and technologies. Coordinate with IT teams to ensure secure system configurations. Secondary Skills Bachelor's or Master's degree in Computer Science, Information Technology, or a related field. Relevant certifications such as CISSP, CISM, CEH, or equivalent. Proven experience in cybersecurity leadership roles. Strong knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001). Excellent problem-solving and analytical skills. Strong communication and interpersonal skills.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY Technology - Security Consultant Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have 350,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization. EY Technology supports our technology needs through three business units: Client Technology (CT) - focuses on developing new technology services for our clients. It enables EY to identify new technology-based opportunities faster and pursue those opportunities more rapidly. Enterprise Technology (ET) – ET supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. ET will also support our internal technology needs by focusing on a better user experience. Information Security (InfoSec) - Info Sec prevents, detects, responds, and mitigates cyber-risk, protecting EY and client data, and our information management systems. The opportunity As a Security Consultant Lead within EY’s internal Global Information Security team, the individual will be a trusted security advisor to the Client Technology Platforms Delivery organization within IT Services. The Client Technology Platforms delivery organization is responsible for end-to-end delivery of technology programs and projects supporting EY’s service lines including delivery of a global managed services platform, Big Data and analytics solutions as well as individual line of business solutions and services. This role will directly engage in supporting a team of architects, engineers, and product managers for delivery on programs and projects, defining security risks and controls, providing security guidance, identifying and prioritizing security-related requirements, promoting secure-by-default designs and facilitating delivery of information security services throughout the system development life cycle (SDLC). The role will also develop and directly communicate appropriate risk treatment and mitigation options to address security vulnerabilities translated into business-oriented terminology for communicating risk to business stakeholders. Your Key Responsibilities Support a technical team with a focus on the following responsibilities: Review security architectures and provide pragmatic security guidance that balance business benefit and risks. Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls Perform threat modeling and risk assessments of information systems, applications, and infrastructure Maintain Information Security Policies and Compliance standards and enhance the InfoSec risk assessment and certification methodologies Define security configuration standards for shared and multi-tenant platforms and technologies Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders Provide knowledge sharing and technical assistance to other team members Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible services and technology portfolios Skills And Attributes For Success Significant working security experience and knowledge in the design, implementation, and operation of security controls in one of the following areas: Cloud Security – Technical understanding of virtualization, cloud infrastructure, and public cloud offerings and experience designing security configuration and controls within cloud-based solutions e.g., Microsoft Azure and Azure PAAS services or another cloud platform (GCP, AWS, IBM, AliCloud, etc.) Infrastructure Security – Experience with the integration of cloud native infrastructure security technologies and solutions into business solution architectures including the integration of identity & access management, Web Application Firewalls (WAFs), Application and API Gateways, intrusion detection and prevention, security monitoring, and data encryption solutions. Application Security - Experience with the design and testing of security controls for multi-tier business solutions including the design of application-level access and entitlement management, data tenancy and isolation, encryption, and logging. Working familiarity with REST API and microservices architecture. Agile & DevSecOps Methodologies – Experience promoting automated security features in pipelines and security testing as a central feature in Agile workflows as a contributing member within an Agile development or DevOps environment. Although not required, it is preferred that candidates possess additional working security experience and knowledge in one or more of the following areas: Operational Security – Experience with defining operational security models and procedures for business solutions including the operation and maintenance of infrastructure and application security controls. Information Security Standards – Knowledge of common information security standards such as: ISO 27001/27002, CSA and CIS Controls, NIST CSF, PCI/DSS, FEDRAMP. Product Management – working with broader business and technology teams on aspects of security that affect all phases of PI Planning from concept to design to implementation and then operational support. Identity and Access Management – Experience with Azure Active Directory (AAD) based Identity and Access Management and Authorization design and integration with API, IDaaS, and Federation technologies. To qualify for the role, you must have: Advanced degree in Computer Science or a related discipline; or equivalent work experience. Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications or CISSP, CISM or CISA or similar cloud-security oriented certifications. Nine or more years of experience in the management of a significant Information Security risk management function Experience in managing the communication of security findings and recommendations to IT project teams, business leadership and technology management executives EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

Key Responsibilities: Incident Detection & Response: Monitor security alerts and events through SIEM tools to identify potential threats. Investigate security incidents and respond in a timely and effective manner. Leverage EDR (Endpoint Detection and Response) solutions for threat detection and incident analysis. Threat Analysis & Mitigation: Conduct thorough threat and malware analysis to identify and mitigate risks. Work closely with internal teams to investigate malware, viruses, and ransomware threats. Use CrowdStrike , Defender , and other endpoint security tools to prevent attacks. Email Security Management: Monitor and manage email security systems to prevent phishing, spam, and other malicious email threats. Respond to suspicious email alerts and work with other teams to resolve them. Continuous Monitoring & Alerting: Actively monitor systems, networks, and applications for any signs of suspicious activities. Utilize Endpoint Security solutions to continuously track and protect endpoints across the network. Collaboration & Reporting: Work closely with the IT and security teams to assess, analyze, and resolve security incidents. Maintain detailed documentation of incidents, findings, and responses for future reference. Regularly report on the status of ongoing security incidents and trends to senior management. Research & Knowledge Enhancement: Stay updated with the latest security threats, vulnerabilities, and trends. Participate in security training and development to improve skills in SIEM , EDR , and other security tools. Required Skills and Qualifications: Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related field, or equivalent work experience. Strong experience with SIEM (e.g., Splunk, QRadar, ArcSight). Proficient in EDR and Endpoint Security tools (e.g., CrowdStrike, Microsoft Defender). Hands-on experience in threat and malware analysis . Familiarity with email security systems (e.g., Proofpoint, Mimecast). Strong understanding of network protocols, firewalls, and intrusion detection/prevention systems. Knowledge of security frameworks and industry standards (e.g., MITRE ATT&CK, NIST). Excellent analytical and problem-solving skills. Preferred Qualifications: Security certifications like CompTIA Security+ , CISSP , CEH , or GIAC are a plus. Experience with incident response and forensic investigation. Familiarity with cloud security in AWS, Azure, or Google Cloud. Show more Show less

Job Summary: Provide professional expertise and advise IT and senior leadership in matters relating to technology-related compliance with all applicable laws, regulations, industry standards and corporate compliance requirements. Assess changes in the regulatory, business and technology environment and recommend and implement or guide appropriate changes to IT policies, controls, and processes to address security and technology issues. Manage and coordinate IT audit activities by working with IT leaders, team members, external auditors, regulators, and other organizations that review and assess IT processes and controls. Lead and execute cybersecurity risk management activities include internal compliance and risk management activities as well as third-party vendor security oversight and response to customer security inquiries. Responsibilities: Provide professional expertise and advise leadership in complying with all applicable laws, regulations, and accreditations, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), FedRAMP, HITRUST, ISO 27001, and EU General Data Protection Regulation (GDPR). Facilitate, oversee, and provide point of contact for all IT audits, assessments, and other reviews of processes and technology. Work with teams to coordinate schedules for activity. Work with IT teams to deliver requested evidence, documentation, conduct interviews, walk through processes, test controls, and negotiate issues. Manage and monitor development and execution of action plans by reviewing and evaluating reports for trends, working with leadership to prioritize findings, and track progress toward agreed upon timeframes. Ensure issues are appropriately documented, relevant, and understood. Perform IT risk and controls assurance assessments of internal and third-party technology-related processes and solutions, working with IT leaders, security architects, Procurement, and other subject matter experts. Perform recurring assessments of information security and technology functions to measure maturity against industry standard baselines, identifying improvement areas, registering risks, and assisting with action plans to move processes to a higher level of maturity. Develop and maintain operational metrics to ensure information security and technology risk and the performance of the IT risk and compliance program is measured sufficiently to enable success. Mentor and coach team members through risk assessments, including scoping of an assessment, resolving conflict, and prioritization of issues. Perform peer review of work product and deliverables. Continuously look to optimize processes, technology and capabilities through tactical and strategic development. Other duties as assigned. Knowledge and Skills: Strong analytical skills; Demonstration of ability to solve problems using best practices and systematic approach Relationship builder; able to create and maintain a trusted network on all levels; Good communication, influencing and negotiating skills; Written and oral communication skills including the ability to communicate complex technical issues to non-technical staff; Project management and organizational skills; Tactful and diplomatic when engaging with all levels of management always maintaining a professional demeanor. Required Experience: 5-8 years direct experience with information security, IT controls assurance and IT audit facilitation Working knowledge of industry standards such as NIST Cybersecurity Framework, FedRAMP, NIST SP 800-53, ISO 27001, Sarbanes-Oxley, SOC1, SOC2, HIPAA, HITRUST and other similar frameworks. Preferred Experience: Experience in cloud-based environments for production applications, including Amazon Web Services, Microsoft Azure, GCP or other large-scale cloud deployment. Understanding of attack vectors and methodologies. Ability to weigh business risks and enforce appropriate information security measures. CISSP, CISM, CISA, CCSA or equivalent certification preferred. Proficient in the use of Microsoft Office (Excel and PowerPoint), Power BI and Power Automate. GHX: It's the way you do business in healthcare Global Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes. GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions. It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively. Together we take more than a billion dollars out of the cost of delivering healthcare every year. GHX is privately owned, operates in the United States, Canada and Europe, and employs more than 1000 people worldwide. Our corporate headquarters is in Colorado, with additional offices in Europe. Disclaimer Global Healthcare Exchange, LLC and its North American subsidiaries (collectively, “GHX”) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. All qualified applicants will receive consideration for employment without regard to any status protected by applicable law. This EEO policy applies to all terms, conditions, and privileges of employment, including hiring, training and development, promotion, transfer, compensation, benefits, educational assistance, termination, layoffs, social and recreational programs, and retirement. GHX believes that employees should be provided with a working environment which enables each employee to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. GHX expects and requires the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere. Improper interference with the ability of GHX’s employees to perform their expected job duties is absolutely not tolerated.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY Technology - Security Consultant Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have 350,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization. EY Technology supports our technology needs through three business units: Client Technology (CT) - focuses on developing new technology services for our clients. It enables EY to identify new technology-based opportunities faster and pursue those opportunities more rapidly. Enterprise Technology (ET) – ET supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. ET will also support our internal technology needs by focusing on a better user experience. Information Security (InfoSec) - Info Sec prevents, detects, responds, and mitigates cyber-risk, protecting EY and client data, and our information management systems. The opportunity As a Security Consultant Lead within EY’s internal Global Information Security team, the individual will be a trusted security advisor to the Client Technology Platforms Delivery organization within IT Services. The Client Technology Platforms delivery organization is responsible for end-to-end delivery of technology programs and projects supporting EY’s service lines including delivery of a global managed services platform, Big Data and analytics solutions as well as individual line of business solutions and services. This role will directly engage in supporting a team of architects, engineers, and product managers for delivery on programs and projects, defining security risks and controls, providing security guidance, identifying and prioritizing security-related requirements, promoting secure-by-default designs and facilitating delivery of information security services throughout the system development life cycle (SDLC). The role will also develop and directly communicate appropriate risk treatment and mitigation options to address security vulnerabilities translated into business-oriented terminology for communicating risk to business stakeholders. Your Key Responsibilities Support a technical team with a focus on the following responsibilities: Review security architectures and provide pragmatic security guidance that balance business benefit and risks. Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls Perform threat modeling and risk assessments of information systems, applications, and infrastructure Maintain Information Security Policies and Compliance standards and enhance the InfoSec risk assessment and certification methodologies Define security configuration standards for shared and multi-tenant platforms and technologies Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders Provide knowledge sharing and technical assistance to other team members Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible services and technology portfolios Skills And Attributes For Success Significant working security experience and knowledge in the design, implementation, and operation of security controls in one of the following areas: Cloud Security – Technical understanding of virtualization, cloud infrastructure, and public cloud offerings and experience designing security configuration and controls within cloud-based solutions e.g., Microsoft Azure and Azure PAAS services or another cloud platform (GCP, AWS, IBM, AliCloud, etc.) Infrastructure Security – Experience with the integration of cloud native infrastructure security technologies and solutions into business solution architectures including the integration of identity & access management, Web Application Firewalls (WAFs), Application and API Gateways, intrusion detection and prevention, security monitoring, and data encryption solutions. Application Security - Experience with the design and testing of security controls for multi-tier business solutions including the design of application-level access and entitlement management, data tenancy and isolation, encryption, and logging. Working familiarity with REST API and microservices architecture. Agile & DevSecOps Methodologies – Experience promoting automated security features in pipelines and security testing as a central feature in Agile workflows as a contributing member within an Agile development or DevOps environment. Although not required, it is preferred that candidates possess additional working security experience and knowledge in one or more of the following areas: Operational Security – Experience with defining operational security models and procedures for business solutions including the operation and maintenance of infrastructure and application security controls. Information Security Standards – Knowledge of common information security standards such as: ISO 27001/27002, CSA and CIS Controls, NIST CSF, PCI/DSS, FEDRAMP. Product Management – working with broader business and technology teams on aspects of security that affect all phases of PI Planning from concept to design to implementation and then operational support. Identity and Access Management – Experience with Azure Active Directory (AAD) based Identity and Access Management and Authorization design and integration with API, IDaaS, and Federation technologies. To qualify for the role, you must have: Advanced degree in Computer Science or a related discipline; or equivalent work experience. Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications or CISSP, CISM or CISA or similar cloud-security oriented certifications. Nine or more years of experience in the management of a significant Information Security risk management function Experience in managing the communication of security findings and recommendations to IT project teams, business leadership and technology management executives EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world. Job Details Job Posting Title: Infrastructure Platform Operations Engineer Location: Hyderabad, India Job Profile: P1-P3 Job Type : Full-Time, Permanent Experience Level : 5-15+ years Lilly’s Purpose: At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world. Come help us unlock the power of the Infrastructure Operations through AI & Automation! The Cloud and Connectivity organization is actively looking for an Infrastructure Platform Operations Engineer to join them. Do you like to solve challenges and have an interest in large scale impact? Would you like the ability to impact a global public and private cloud infrastructure operations through AI and Automation? If so, please apply. Job Summary: You will work in our Infrastructure Hosting Platform area leading the global technical infrastructure service operations capabilities for Lilly. Goals will be to help develop a Service Response capability to reduce volume and impact of incidents and to manage global platform servers patch management process. This role will have the opportunity to work with the latest Public and Private cloud IaaS services. Our goal is to improve all aspect of our infrastructure availability and reliability through repeatable patterns, new architectural designs, improvements in observability to prevent outages to help increase value across the organization. The role will also provide guidance and direction to our global Lilly operations SMEs and connect with other platform infrastructure operations SME to deliver the daily operations associated with this area. In this role, you'll have overall responsibility of platform service operations including Vulnerability Management process. You will provide technical expertise and leadership, guiding platform operations teams and collaborating with other platform infrastructure SMEs to support the platform server operations and the assets are protected from any external threats. Your Responsibilities: System Maintenance and Monitoring: Ensure the stability, performance, and security of Windows & Linux-based servers. Monitor system health, troubleshoot issues, and implement necessary fixes. Customer Support: Provide timely and effective support to customers on an as-needed basis. Address and resolve technical issues, ensuring minimal disruption to services. Toolset Improvement: Collaborate with the team to identify areas for improvement in existing toolsets. Develop and implement enhancements to increase efficiency and reliability. Improve all aspect of our infrastructure availability and reliability through repeatable patterns, new architectural designs, improvements in observability to prevent outages to help increase value across the organization. Automation and Scripting: Create and maintain scripts to automate routine tasks and improve operational workflows. Documentation: Maintain comprehensive documentation of system configurations, procedures, and troubleshooting guides and provide training to the rest of the team as needed. Collaboration: Work closely with other teams, including development, network, and security teams, to ensure seamless integration and operation of systems. Incident, Change, Request, Problem Management: Participate in incident response and root cause analysis to prevent recurrences, be available on-call as needed and participate in an on-call schedule. Able to work off-hours and weekends if needed for any major incidents/critical activities. Work under pressure to guide teams in resolving incidents quickly. Oversee changes to all infrastructure team, ensuring adherence to processes with minimal production impact. Monthly Patch Management - Responsible for successful remediation and closure of vulnerabilities through the appropriate vulnerability handling processes including exemption process. Assessment and remediation of zero-day vulnerabilities through Information Security team’s pro-active threat management requests. Work with Information Security team and system custodians to address vulnerability and resolve any associated issues or failures. Responsible for troubleshooting and working with system custodians when patching fails on servers, whether manually or through patching tools and address them accordingly. Management of vulnerability assessment process and reporting: Vulnerability assessment, Manual vulnerability remediation, Vulnerability exception, Vulnerability false positive handling, Severe Threat Vulnerability Handling, Ad-hoc vulnerability handling, Internal and DMZ vulnerability management, Onboarding remediation coordinators to the tool. Regular reporting of vulnerability remediation status and other updates. Asset Inventory - Perform asset inventory True Ups for Vulnerability Scanning. Responsible for on boarding and removing assets from recurring vulnerability scans. Stakeholder interaction - Interaction with various stakeholders. Co-ordinate with system custodians, site service leaders and platform server teams to schedule monthly patching in case of vulnerabilities or PTMs. Soft Skills Strong analytical and troubleshooting skills, with the ability to handle complex technical challenges. Proven leadership and team management experience, with excellent interpersonal and communication skills. Ability to prioritize, multitask, and work effectively under pressure in a fast-paced environment. Your Qualification: Bachelor’s degree in information technology or equivalent experience. 5-15+ years of experience as a Server OS/ Platform Engineer or infrastructure operations engineer in enterprise environment with relevant experience in vulnerability and risk management. Additional Skills/requirements: Experience in OS patching tools like AWS SSM, WSUS, SCCM, RedHat Satellite. Experience with security policies, compliance standards (like ISO 27001, NIST), and regulatory requirements. Identify areas of automation and be able to leverage the existing patching and automation tools. Role located in Hyderabad (relocation required) Availability to work flexible work hours is/may be required. This team will support continuous operations across two shifts and therefore, this role will require non-standard work hours, and some work on weekends and holidays. Appropriate adjustments in benefits will be provided for employees working non-standard hours where applicable. Desirable Skills: Scripting languages (like Python or PowerShell, ansible, shell scripting), and experience with specific operating systems (Windows, Linux). Experience in project management methodologies (like Agile or Scrum) will be added advantage. Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response. Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status. #WeAreLilly

About the Role We are looking for a proactive Network & Cybersecurity Specialist with 3-6 years of experience to join our dynamic team. The ideal candidate will focus primarily on cybersecurity research, audits, assessments, and Proof-of-Concept (PoC) projects, specializing in Zero Trust Network Access (ZTNA) and related emerging technologies including Fortinet, ZScaler, Netskope, Crowdstrike, Sentinel One, Cisco Umbrella, etc. Operational involvement will be minimal, emphasizing research and innovation. Key Responsibilities: Conduct comprehensive research and evaluation of emerging cybersecurity technologies, primarily focusing on ZTNA and solutions such as Fortinet, ZScaler, Netskope, Crowdstrike, Sentinel One, Cisco Umbrella. Lead and perform network and cybersecurity audits, identifying vulnerabilities, compliance issues, and providing actionable recommendations. Execute Proof-of-Concept (PoC) projects to validate the effectiveness and applicability of security solutions in real-world scenarios. Collaborate with internal teams to implement cybersecurity best practices and enhance network security frameworks. Prepare detailed technical reports, documentation, and presentations on cybersecurity findings, PoC results, and recommendations for internal stakeholders and clients. Stay abreast of cybersecurity trends, standards, threats, and regulatory compliance requirements. 1 Required Skills: Strong expertise and practical experience with ZTNA technologies and familiarity with platforms such as Fortinet, ZScaler, Netskope, Crowdstrike, Sentinel One, and Cisco Umbrella. Familiarity with network security solutions including Firewalls, VPNs, Secure Web Gateways, and endpoint security tools. Experience in conducting cybersecurity audits and risk assessments. Capability to independently research and test emerging technologies. Excellent analytical, troubleshooting, and problem-solving skills. Proficiency in documenting and communicating technical information clearly and concisely. Understanding of cybersecurity frameworks such as NIST, CIS, ISO27001, and related compliance standards. Preferred Qualifications: • Relevant industry certifications (e.g., CCNA/CCNP Security, CISSP, CISA, CEH, or equivalent). • Experience with cloud security solutions and familiarity with platforms like Azure, AWS, or GCP. • Exposure to security automation and scripting languages (Python, PowerShell) Job Types: Full-time, Permanent Pay: ₹600,000.00 - ₹800,000.00 per year Benefits: Health insurance Provident Fund Schedule: Day shift Monday to Friday Work Location: In person

Company Description Ivy is a global, cutting-edge software and support services provider, partnering with one of the world’s biggest online gaming and entertainment groups. Founded in 2001, we’ve grown from a small tech company in Hyderabad to one creating innovative software solutions used by millions of consumers around the world, with billions of transactions taking place to head even some of the biggest technology giants. Focused on quality at scale, we deliver excellence to our customers day in and day out, with everyone working together to make what sometimes feels impossible, possible. This means that not only do you get to work for a dynamic organization delivering pioneering technology, gaming and business solutions, you can also have an exciting and entertaining career. At Ivy, Bright Minds Shine Brighter. Job Description Technical Compliance offers Internal and External services relating to Compliance, Standards, Regulations, and Information Security to ensure alignment of our Technology offering with the obligations that the organization is exposed to. These requirements come mainly from the Regulatory Compliance team but are also defined by other stakeholders such as Finance, Payments, Marketing etc. As an Identity / Privileged Access Management Specialist, you will be responsible for coordinating and reviewing Technical Compliances’ quarterly Privileged User Access Review process. The role is to engage with the key business owners and guide an evaluation of defined roles and their appropriateness. As part of Technical Compliance you will assist with designing and implementing improvements to address identified gaps and to help adapt the security posture of the organisation to the evolving global threat and regulatory landscape. Primary Responsibilities: Assist managing the IT and Information Security access audits across the global Entain business: Assist in defining the global access review process and how they meet the Cybersecurity requirements ISO27001, PCI-DSS and ITGC Identity access requirements. Own the periodic / quarterly user access review process and ensure it runs effectively. Assist with coordinating multiple concurrent external audit requests, for PUAR detail, in IT and Cybersecurity audits, support several stakeholders: Regulatory compliance Finance B2B partners Other assessments Partner with the business to coordinate and conduct privileged user access assessments Assist Technical Compliance program of expanding the user access reviews across all key applications, ensuring adherence to information security policy. Assist with the selection of a Identity Access control system for the business. Apply basic scripting skills at Operating system layer for access logs review & auditing. Assist with designing Cybersecurity controls to adapt to new emerging threats and challenges. Design and implement improvements to Cybersecurity processes and controls to increase their effectiveness. Design and implement changes in the Technology platform to align with Cybersecurity compliance requirements. Assist with Cybersecurity discussions with regulators, B2B partners and other external stakeholders as subject matter expert. Analyze existing and upcoming IT, Product and Cybersecurity regulatory obligations and translate these into Entain policies, processes and controls. Execute projects to implement the group Technical Compliance strategy. This role performance will directly impact the costs of bringing our technology and applications aligned with jurisdictional regulatory requirements, participating in key decisions to enter new markets. Qualifications Essential At least two years’ experience in a similar role, working in the following areas: Privileged and User Access Control, IT and Cybersecurity Audits ISO 27001, SOC or PCI DSS audit experience Risk management Excellent knowledge of Cybersecurity processes as well as outstanding technical knowledge of the underlying technical foundations Minimum 1 year of Hands-on experience on Linux, windows server environments as part of auditing. Good technical understanding of various Authentication methods & Identity & Access Management types Customer-oriented person, with the ability to educate a non-technical audience on Technical Compliance and Cybersecurity subjects. Desired B. Tech in Cybersecurity or CS or IT. Previous experience in security consultancy Familiar with global Security Standards such as SOC, NIST, ISO, GLI-33 etc. Basic understanding of Windows PowerShell, Linux Shell scripting. Relevant professional qualifications will be considered, although not a requirement, e.g. CISA, CISM, CISSP, GIAC, PCI ISA, etc. Relevant professional qualifications will be considered, although not a requirement. Competencies/behaviours With the capacity to display initiative as part of a very strong Technology Governance team, this position plays a key role in ensuring the continued alignment of our Technology department with business objectives. The Candidate should be able to think laterally; suggest process improvements; drive results; Confident with other team members and able to engage with Vendor third parties to ensure Entain’s' data and confidentiality is maintained to the highest of security standards. Additional Information At Ivy, we know that signing top players requires a great starting package, and plenty of support to inspire peak performance. Join us, and a competitive salary is just the beginning. Depending on your role and location, you can expect to receive benefits like: Safe home pickup and home drop (Hyderabad Office Only) Group Mediclaim policy Group Critical Illness policy Communication & Relocation allowance Annual Health check And outside of this, you’ll have the chance to turn recognition from leaders and colleagues into amazing prizes. Join a winning team of talented people and be a part of an inclusive and supporting community where everyone is celebrated for being themselves. Should you need any adjustments or accommodations to the recruitment process, at either application or interview, please contact us. At ivy, we do what’s right. It’s one of our core values and that’s why we're taking the lead when it comes to creating a diverse, equitable and inclusive future - for our people, and the wider global sports betting and gaming sector. However you identify, across any protected characteristic, our ambition is to ensure our people across the globe feel valued, respected and their individuality celebrated. We comply with all applicable recruitment regulations and employment laws in the jurisdictions where we operate, ensuring ethical and compliant hiring practices globally.

Overview: Exp. - 3-6 Years Location - Hyderabad, Bangalore, Gurgaon, Mumbai Shift - 11 AM - 8 PM Skills - Exp. in Vulnerability mgt., vulnerability scanning tools such as Qualys, Tenable, or Rapid7, Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). About Omnicom Global Solutions Omnicom Global Solutions is an integral part of Omnicom Group, a leading global marketing and corporate communications company. Omnicom’s branded networks and numerous specialty firms provide advertising, strategic media planning and buying, digital and interactive marketing, direct and promotional marketing, public relations, and other specialty communications services to over 5,000 clients in more than 70 countries. OGS India plays a critical role for our group companies and global agencies by providing stellar products, solutions, and services across Creative Services, Technology, Marketing Science (Data & Analytics), Advanced Analytics, Market Research, Business Support Services, Media Services, and Project Management. With over 4000 talented colleagues in India, we are growing rapidly and are looking for professionals like you to help build the next chapter of our journey. Responsibilities: Role Overview We have an exciting opportunity for an Analyst, Vulnerability Management at our Hyderabad office. This role is central to maintaining and enhancing Omnicom’s cybersecurity framework by overseeing vulnerability assessments, remediation guidance, and program governance. As a Vulnerability Management Specialist, you will drive day-to-day scanning operations, review security exposures, and ensure that the organization’s attack surface is minimized through proactive analysis and mitigation. You’ll also collaborate on vendor assessments and support strategic improvements to our enterprise vulnerability management program. Key Responsibilities Maintain and operate vulnerability scanning tools and associated processes. Conduct regular scans and assessments of enterprise environments to detect security vulnerabilities. Review findings, prioritize risks, and recommend remediations or security patches in coordination with IT and security teams. Develop and present exception and management reports; track remediation status and escalate unresolved risks. Assist in creating and maintaining quality metrics and dashboards for vulnerability program performance. Monitor vendor and third-party security postures; support governance and compliance protocols. Collaborate with cross-functional teams to support risk mitigation strategies and secure configuration management. Contribute to the evolution of Omnicom’s next-generation vulnerability management and threat detection frameworks. Qualifications: Required Qualifications 3–5 years of experience in vulnerability management, information security, or a related discipline. Proficiency with vulnerability scanning tools such as Qualys, Tenable, or Rapid7. Familiarity with patch management workflows and remediation lifecycle practices. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Ability to analyse technical findings, assess business impact, and provide actionable remediation guidance. Effective communication skills with experience in stakeholder engagement and reporting. Detail-oriented with strong problem-solving skills and the ability to work independently or in a team setting. Preferred Qualifications Security certifications such as CompTIA Security+, CEH, or equivalent. Exposure to vendor risk management and third-party security assessment. Experience with ITSM tools and ticketing systems for remediation tracking

Job Description: Provide tier two operational support, leading team efforts in resolution of incidents and outages for information security technology and its dependencies on Public and Private Cloud computing environments, shared platforms, and operating systems for more than three of the following technologies: Ensuring team's adherence to SOPs, training and performance monitoring for team members, and continuous process improvement for efficiency, including automation, wherever applicable and conduct recurring assessments of all the key SOC workflows to highlight process deficiencies as well as improvement opportunities for staff. o Malware Analysis o SIEM (Splunk) o Software-defined (Cloud) Network Security o Endpoint Security Protection o Data Loss Prevention Partner with other technology teams in handling and responding to internal customer issues, conducting problem analysis and providing solutions for service level improvements, and ensuring timely remediation of security issues in accordance with corporate policies and standards Execute daily security technology administration functions Perform Root Cause Analysis (RCA) on applicable technology Validate quality of dashboards and alerts and suggest updates to reflect new threats and changes in the monitored environment Support the Security Operations team in its efforts on various technology projects and operational initiatives Work as a part of a team to ensure that Guardian customers' data, technology platforms, and infrastructure are available and safeguarded from cyber threats Follow ITIL practices regarding incident, problem, and change management Stay up to date with emerging cyber threats, industry best practices, and applicable regulatory requirements Required Qualifications Being curious and desire to analyze anomalies Desire and passion to learn and grow in Cybersecurity Customer-focused demeanor Minimum 4-6 years of proven experience in building and operating security controls in at least two of the following domains: o Network/Perimeter Security, including Next-Gen firewalls, intrusion prevention systems, proxies, and Web Application firewalls (WAFs) o Enterprise Endpoint (host-based) Security o DLP and Secure Data Transmission, Storage, and Access o Identity and Access Management / User Behavior Analytics Understanding of security architecture, operating and troubleshooting principles of Microsoft Windows and Linux operating systems SIEM management: Senior SOC Engineers must have extensive experience in managing SIEM systems, including configuring, tuning, and optimizing them for maximum efficiency. Endpoint security: They must have a deep understanding of endpoint security solutions, including antivirus, anti-malware, and intrusion prevention systems. Security incident handling: Senior SOC Engineers must have experience in handling security incidents, including identifying the source of the threat, containing it, and preventing further damage. Data Loss Prevention (DLP): They must have experience in implementing and managing DLP solutions to prevent data breaches. Threat intelligence: They must stay up-to-date with the latest security threats and trends, and use this information to improve the organization's security posture. Team management: Senior SOC Engineers must lead and manage the security operations center team, including hiring, training, and mentoring team members. Documentation: They must ensure that all security events, incidents, and responses are properly documented for future reference and analysis. Collaboration: Senior SOC Engineers must work closely with other IT teams, including network engineers, system administrators, and application developers, to ensure that all systems are secure. Continuous improvement: They must continuously evaluate and improve the organization's security posture by implementing new technologies, processes, and procedures. Requirements for a Senior SOC Engineer typically include a bachelor's degree in computer science or a related field, along with relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Ethical Hacker (CEH). Strong leadership skills, analytical skills, attention to detail, and the ability to work well under pressure are also essential. Ability to effectively work in a team, as well as to be an independent contributor on select projects Preferred Qualifications Recognized Security Industry and Public Cloud IaaS certifications Familiarity with security industry standards and best practices (NIST 800-53, ISO27001, NIST CSF, HITRUST, NYDFS-Cybersecurity, HIPAA, FedRAMP, OWASP, etc.) Familiarity with ITIL; experience with incident, problem, change, and risk management Location: This position can be based in any of the following locations: Gurgaon Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday

Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you’d like, where you’ll be supported and inspired by a collaborative community of colleagues around the world, and where you’ll be able to reimagine what’s possible. Join us and help the world’s leading organizations unlock the value of technology and build a more sustainable, more inclusive world. Job Description We are seeking a highly experienced and skilled Senior Cybersecurity Professional to join our team. The candidate should have a deep understanding protecting an organization's data and systems from cyber threats by identifying vulnerabilities, responding to breaches, and implementing security measures. Primary Skills Leadership and Strategy: Develop and implement comprehensive cybersecurity strategies and policies. Lead and mentor a team of cybersecurity professionals. Stay updated with the latest cybersecurity trends and technologies. Identify and prioritize critical business functions in collaboration with organizational stakeholders Risk Management: Conduct risk assessments and vulnerability analyses. Develop and implement risk mitigation plans. Ensure compliance with industry standards and regulations. Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. Incident Response: Lead incident response efforts and manage security breaches. Develop and maintain incident response plans and procedures. Conduct post-incident analysis and reporting. Security Operations: Oversee the implementation and management of security tools and technologies. Coordinate with IT teams to ensure secure system configurations. Secondary Skills Bachelor's or Master's degree in Computer Science, Information Technology, or a related field. Relevant certifications such as CISSP, CISM, CEH, or equivalent. Proven experience in cybersecurity leadership roles. Strong knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001). Excellent problem-solving and analytical skills. Strong communication and interpersonal skills. Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, generative AI, cloud and data, combined with its deep industry expertise and partner ecosystem.

About AkzoNobel Since 1792, we’ve been supplying the innovative paints and coatings that help to color people’s lives and protect what matters most. Our world class portfolio of brands – including Dulux, International, Sikkens and Interpon – is trusted by customers around the globe. We’re active in more than 150 countries and use our expertise to sustain and enhance the fabric of everyday life. Because we believe every surface is an opportunity. It’s what you’d expect from a pioneering and long-established paints company that’s dedicated to providing sustainable solutions and preserving the best of what we have today – while creating an even better tomorrow. Let’s paint the future together. For more information please visit www.akzonobel.com © 2024 Akzo Nobel N.V. All rights reserved. Job Purpose Cyber security is a top priority for AkzoNobel as for any global organization operating in the cyberspace. Our objective is to protect our information and digital assets (IT and OT) by reducing our cyber risk exposure to pursue our business objectives. As part of the new cyber security strategy, supported by the ExCo, we have recently redefined our security governance in line with the evolution of the threat landscape and modern best practices. In this regard the new Information Security function, under responsibility of the CISO and part of the IT, is responsible for Information and cyber security for the entire organization covering Cyber Risk Management & Compliance, Security Architecture, Security Operations and Cyber Security Awareness and Training. We are looking for a seasoned and proactive Vulnerability Management Technical Lead to join our Cybersecurity Operations team. This role will be responsible for overseeing all technical aspects of security incident and alert management across the organization. You will serve as the central operational point of reference for incident detection, investigation, containment, and resolution activities and bring deep technical expertise and strong leadership capabilities to ensure the continuous identification, assessment, and remediation of vulnerabilities. You will work with modern tools and technologies, maintain visibility into the organization's risk exposure, and deliver meaningful metrics to support security decisions. Key Activities Provide technical and operational leadership for incident and alert management processes, ensuring day-to-day activities are executed effectively, without operational gaps. Deliver a real-time operational view and strategic (macro) oversight of the organization’s security posture, enabling data-driven decision-making through well-defined KPIs and KRIs. Act as the lead investigator for major or complex incidents, collaborating with internal and external stakeholders as needed. Ensure regular activities such as alert triage, incident response, threat hunting, and reporting are performed consistently and on schedule . Prepare and present clear, concise, and data-backed reports on incident response metrics, trends, and security event outcomes to management and leadership. Foster a supportive, collaborative, and high-performing environment , mentoring team members and ensuring clarity of roles, timely guidance, and knowledge sharing. Lead maturity assessments of the SOC IR capabilities using recognized industry frameworks (e.g., MITRE ATT&CK, CMMI), and define tangible improvement paths . Serve as a key contributor to the evolution of automation and orchestration in incident management using Microsoft Sentinel and Logic Apps . Continuously evaluate and improve detection and response workflows across multiple security technologies and domains. These key responsibilities are peered with key technologies (and linked skills) that are used in the company environment: Microsoft Defender Suite (Endpoint, Identity, Office, Cloud Apps) Zscaler Technologies, including ZIA and ZPA Microsoft Sentinel and Azure Logic Apps (automation and orchestration) Nozomi (OT/IoT network visibility and threat detection) Familiarity with API integrations, automation scripting (PowerShell, KQL), and incident enrichment techniques is highly desirable. Experience 5+ years of hands-on experience in incident response, SOC operations, or threat detection roles within large and complex environments. Demonstrated experience leading incident response efforts in real-world scenarios, including root cause analysis, containment, and lessons learned processes. Strong understanding of enterprise security architecture, endpoint and network detection tools, and alerting pipelines. Solid experience with Microsoft security technologies, especially Microsoft Defender XDR and Sentinel. Practical knowledge of SOC automation practices using tools such as Logic Apps, playbooks, or SOAR platforms. Excellent communication and reporting skills, capable of presenting technical content to both technical and executive audiences. Demonstrated ability to work collaboratively, make sound decisions under pressure, and coordinate across teams during high-impact security events. Strong knowledge of incident handling frameworks, playbook development, and SOC maturity models. Certifications in incident response, such as GCIH, GCFA, GCIA, or similar. General blue team certifications such as SC-200, AZ-500 Experience in operationalizing threat intelligence and aligning detection strategies to frameworks such as MITRE ATT&CK. Prior experience assessing and improving SOC performance against frameworks like NIST, MITRE D3FEND, or CMMI. At AkzoNobel we are highly committed to ensuring an inclusive and respectful workplace where all employees can be their best self. We strive to embrace diversity in a context of tolerance. Our talent acquisition process plays an integral part in this journey, as setting the foundations for a diverse environment. For this reason we train and educate on the implications of our Unconscious Bias in order for our TA and hiring managers to be mindful of them and take corrective actions when applicable. In our organization, all qualified applicants receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age or disability. Requisition ID: 46483 Show more Show less

Introduction At IBM, work is more than a job - its a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things youve never thought possible. Are you ready to lead in this new era of technology and solve some of the worlds most challenging problems If so, lets talk. Your role and responsibilities We are seeking a highly skilled SIEM Security Engineer to join our cybersecurity team. This role involves the administration, engineering, and optimization of Security Information and Event Management (SIEM) solutions, specifically focusing on QRadar SIEM, as well as developing and implementing security use cases based on frameworks like MITRE ATT&CK and NIST. Key Responsibilities: SIEM Administration & Engineering: Maintain, configure, and optimize SIEM platforms, ensuring high availability and efficiency. Use Case Development: Design, implement, and test correlation rules and threat detection methodologies based on industry best practices. Log Source Management: Integrate and troubleshoot various log sources including firewalls, endpoints, IAM, cloud, network devices, and more. Threat Hunting & Incident Response Support: Work closely with SOC analysts, threat hunters, and incident response teams to identify security incidents and optimize detections. False Positive Reduction & SIEM Optimization: Refine correlation logic to improve detection efficacy while minimizing false positives. Security Framework & Compliance: Implement security controls in alignment with MITRE ATT&CK, NIST, and ITIL frameworks. Documentation & Collaboration: Maintain use case catalogs, runbooks, and collaborate with internal teams for continuous improvements. Advanced Analysis: Lead investigations of complex cybersecurity threats, escalate critical findings, and contribute to SOC strategic planning. Required education Bachelors Degree Preferred education Bachelors Degree Required technical and professional expertise 8+ years of experience in IT Cyber Security Industry 6+ years experience in SIEM Administration and Use Case Engineering Strong understanding of Networking, OSI, TCP/IP concepts Expertise in Cybersecurity controls, threat detection, and attack methodologies Knowledge of MITRE ATT&CK, NIST frameworks, and security best practices Hands-on experience with multiple SIEM solutions, preferably QRadar SIEM Experience with UBA solutions and SIEM tuning Familiarity with log source integration, parsing, correlation, and troubleshooting Coordination and communication skills to work with security, engineering, and service delivery teams Preferred technical and professional experience SIEM Use Case Engineering and Content Development Relevant cybersecurity certifications such as CEH, CompTIA Security+, CCNA Strong ability to analyze security trends, optimize existing rules, and recommend improvement

Role Description In this position you will be responsible for a team of technical resources delivering global services within the infrastructure security area such as Firewall, WebSecurity and load-balancing. Included in role is to understand and suggest improvements of the global security services that provides the most value and to be an interaction point driving the solutions forward. In close collaborating with our internal customers and external partners, you will increase the quality and efficiency for IT Security infrastructure. Job Description: As a Manager, you will be responsible for overseeing the security of our infrastructure security systems. You will secure that we follow security policies, manage security tools, and respond to security incidents. Your role will be crucial in protecting our data and ensuring compliance standards. You will manage a team that is globally spread Included is to understand and suggest improvements of the global security services that provides the most value and to be an interaction point driving the solutions forward. In close collaborating with our customers, stakeholders and external partners, you will increase the quality and efficiency for IT Security infrastructure and planning for future growth and efficiency. Review service budgets and forecast plans to ensure financial health; be in control of costs related to the service. Key Responsibilities: Manage the resources in the Security team including recruitment, performance and salary management as well as working environment. To plan, direct and control the functions and operations of the 24/7 Managed security related Services Securing and driving a common global security infrastructure design and architecture, being compliant with related policies Serve as the point of escalation for major incidents Facilitating effective monitoring, performance and capacity utilization. Securing process and routines are well defined and documented Enforce networksecurity policies and procedures. Manage security tools such as firewalls, Load-Balancing and Web Security systems. Respond to and investigate security breaches and incidents. Stay updated with the latest security trends and technologies. Collaborate and collect requirements with IT and other stakeholders to ensure comprehensive security measures. Qualifications Strong communication and leadership abilities in a global environment. Possess a strong Customer orientation Strong knowledge of network protocols, firewalls, and security technologies. Excellent problem-solving and analytical skills. Experience with security frameworks and compliance standards (e.g., ISO 27001, NIST). Ability to effectively communicate in English, both verbally and in writing. Relevant certifications (e.g., CISSP, CISM) are a plus. Work Requirements Travel and fieldwork include international travels Highly organized, Pro-active, Self-motivated, Excellent team player with a positive mind set Location Chennai, India We are the ASSA ABLOY Group Our people have made us the global leader in access solutions. In return, we open doors for them wherever they go. With nearly 61,000 colleagues in more than 70 different countries, we help billions of people experience a more open world. Our innovations make all sorts of spaces – physical and virtual – safer, more secure, and easier to access. As an employer, we value results – not titles, or backgrounds. We empower our people to build their career around their aspirations and our ambitions – supporting them with regular feedback, training, and development opportunities. Our colleagues think broadly about where they can make the most impact, and we encourage them to grow their role locally, regionally, or even internationally. As we welcome new people on board, it’s important to us to have diverse, inclusive teams, and we value different perspectives and experiences. Show more Show less

Principal Technical Security Expert - Applications and Development Wroclaw, Poland AXA XL has an exciting opportunity for a Principal Technical Security Expert, who will be responsible for embedding security (people, processes, and technology) within AXA XL’s application and development teams. You will be required to work with projects and operational teams to develop an appropriate security strategy, architecture and practices that will be embedded into our cloud and identity solutions, securing appropriately our IT platforms and solutions. What You’ll Be DOING The successful candidate will have a track record associated with technical security consulting / security architecture with knowledge of secure application development and testing. What will your essential responsibilities include? Provide thought leadership across Group Technology regarding the design and implementation of secure development techniques and testing mechanisms Manage and influence key stakeholders (capability owners) to provide input and support initiatives related to application development and testing improvements and enhancements Drive the development and enhancement of the secure development across the AXA XL IT estate Make the application testing status quo difficult to enable the application lifecycle to be secure but also meet the needs of the business. Take input from key stakeholder to develop and maintain the secure development and testing roadmap Be the global security expert / owner, for large-scale complex projects that are related to the development of new applications Managing the input from multiple architectures, engineers, and operations personnel to secure development and testing artefacts Drive the development of the security control environment for the AXA XL secure development and testing utilized by AXA XL Lead the security remediation projects technically related to the application development and testing Represent AXA XL to other AXA Group and other entities in the field of application development and testing Be able to demonstrate how proposed designs comply to AXA XL security policies and AXA Group Security standards Responsible for taking security architecture designs through AXA XL’s governance processes Development and continuous evolution of our security target architecture and roadmaps based on sound enterprise architecture practices Working with Global Technology, Information Security, Data Protection Office and IRM teams to align the cloud and identity security control environment Work with Project Managers and other stake holders to produce agreed sets of deliverables, work to project plans and report progress. Provide input to planning, forecasting process and RAID logs where required. Review security technologies, tools, and services, and make recommendations to the broader security and development teams for their use, based on security, financial, and operational metrics You will report within the AXA XL Cyber Defense Team, that is part of the AXA XL IT team. What You Will BRING We’re looking for someone who has these abilities and skills: Previous experience in either application development or application security testing Experience embedding security into development pipelines Experience of creating secure development process and governance; implemting those structures within development pipelines to secure the design, coding and testing of applications Knowledge of industry standards such as ISO 27001, HIPAA, FedRAMP, Cloud Security Alliance, NIST frameworks and risk methodologies Experience with developing security architecture within frameworks such as SABSA Understanding of threat landscapes and threat modeling, security threat and vulnerability management, and security monitoring Awareness of tools and techniques used by attackers to compromise applications, including common application and the flaws and vulnerabilities that make them insecure Experience working in a consulting (internal or external) type of role Working knowledge of design principles relating to DLP, IDS/ IPS, Firewalls, Proxies, Identity Access Management, Certificate Management, SIEM, Endpoint Protection, Anti-malware, vulnerability management. Experience in working with the Solutions and Technical Architects to ensure solutions designs include the appropriate security guardrails to reduce risk and protect sensitive internal and external client information. Demonstrated experience in communicating complex security concepts, both verbally and in writing, to a variety of audiences Experience in taking ownership of tasks and demonstrate high degree of automony to ensure completion Personable and foster good stakeholder and peer group working relationships Experience in driving and supporting RFP/RFIs & SOWs, including managing suppliers Recognised Cyber Security certifications, such as CISSP, CIISEC (member of fellow), CISM, SANS, SABSA, OSCP are advantageous Who WE Are AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks. For mid-sized companies, multinationals and even some inspirational individuals we don’t just provide re/insurance, we reinvent it. How? By combining a comprehensive and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business − property, casualty, professional, financial lines and specialty. With an innovative and flexible approach to risk solutions, we partner with those who move the world forward. Learn more at axaxl.com What We OFFER Inclusion AXA XL is committed to equal employment opportunity and will consider applicants regardless of gender, sexual orientation, age, ethnicity and origins, marital status, religion, disability, or any other protected characteristic. At AXA XL, we know that an inclusive culture and enables business growth and is critical to our success. That’s why we have made a strategic commitment to attract, develop, advance and retain the most inclusive workforce possible, and create a culture where everyone can bring their full selves to work and reach their highest potential. It’s about helping one another — and our business — to move forward and succeed. Five Business Resource Groups focused on gender, LGBTQ+, ethnicity and origins, disability and inclusion with 20 Chapters around the globe. Robust support for Flexible Working Arrangements Enhanced family-friendly leave benefits Named to the Diversity Best Practices Index Signatory to the UK Women in Finance Charter Learn more at axaxl.com/about-us/inclusion-and-diversity. AXA XL is an Equal Opportunity Employer. Total Rewards AXA XL’s Reward program is designed to take care of what matters most to you, covering the full picture of your health, wellbeing, lifestyle and financial security. It provides competitive compensation and personalized, inclusive benefits that evolve as you do. We’re committed to rewarding your contribution for the long term, so you can be your best self today and look forward to the future with confidence. Sustainability At AXA XL, Sustainability is integral to our business strategy. In an ever-changing world, AXA XL protects what matters most for our clients and communities. We know that sustainability is at the root of a more resilient future. Our 2023-26 Sustainability strategy, called “Roots of resilience”, focuses on protecting natural ecosystems, addressing climate change, and embedding sustainable practices across our operations. Our Pillars Valuing nature: How we impact nature affects how nature impacts us. Resilient ecosystems - the foundation of a sustainable planet and society - are essential to our future. We’re committed to protecting and restoring nature - from mangrove forests to the bees in our backyard - by increasing biodiversity awareness and inspiring clients and colleagues to put nature at the heart of their plans. Addressing climate change: The effects of a changing climate are far-reaching and significant. Unpredictable weather, increasing temperatures, and rising sea levels cause both social inequalities and environmental disruption. We're building a net zero strategy, developing insurance products and services, and mobilizing to advance thought leadership and investment in societal-led solutions. Integrating ESG: All companies have a role to play in building a more resilient future. Incorporating ESG considerations into our internal processes and practices builds resilience from the roots of our business. We’re training our colleagues, engaging our external partners, and evolving our sustainability governance and reporting. AXA Hearts in Action: We have established volunteering and charitable giving programs to help colleagues support causes that matter most to them, known as AXA XL’s “Hearts in Action” programs. These include our Matching Gifts program, Volunteering Leave, and our annual volunteering day - the Global Day of Giving. For more information, please see axaxl.com/sustainability. AXA XL is an Equal Opportunity Employer. Show more Show less

We are seeking a skilled and proactive Cybersecurity Expert with deep experience in Security Operations Center (SOC) environments and hands-on expertise in Micro Focus ArcSight (ESM, Logger, SmartConnectors). The ideal candidate will play a critical role in threat detection, incident response, and overall SIEM management to safeguard the organization’s infrastructure. Key Responsibilities SOC Operations Monitor and analyze security events and incidents from multiple sources in real-time. Conduct triage and investigation of security alerts to determine validity and impact. Respond to incidents, perform root cause analysis, and coordinate mitigation steps. Document incidents and provide detailed incident reports. ArcSight (SIEM) Management Configure and manage ArcSight ESM, Logger, and SmartConnectors. Create and optimize correlation rules, dashboards, and reports. Onboard new log sources, maintain log integrity and retention policies. Tune use cases to reduce false positives and improve detection efficacy. Threat Detection & Response Conduct threat hunting activities using ArcSight and threat intelligence feeds. Collaborate with threat intel teams to enhance detection capabilities. Participate in red team/blue team exercises and post-event analysis. Compliance & Reporting Ensure logging and monitoring processes support compliance (e.g., ISO 27001, PCI-DSS, NIST). Generate reports and metrics for stakeholders on SOC performance and incident trends. Collaboration & Knowledge Sharing Work with IT, network, and application teams for incident resolution and preventive actions. Train and mentor junior SOC analysts. Stay updated on threat landscape and SIEM advancements. Preferred Qualifications (Optional): Certification. 3 to 10 years of experience Experience with other security tools (EDR, SOAR, IDS/IPS, firewalls). Familiarity with scripting languages (e.g., Python, PowerShell). Understanding of compliance standards such as ISO 27001 , NIST , PCI-DSS , or GDPR . Education: Bachelor’s degree in Computer Science(BE,BTech,Mtech,Mca) Show more Show less

Introduction We are looking for a detail-oriented Security Services Specialist with a strong focus on compliance, audits, and business continuity/disaster recovery (BCDR). This role is responsible for supporting internal and external security audits and maintaining continuous regulatory compliance. The ideal candidate will have experience aligning security and compliance programs with frameworks such as SOC 2, ISO 27001, and NIST, while also supporting the development and testing of BCDR plans. You will work closely with internal stakeholders and external auditors to ensure our security practices meet applicable requirements and support business goals. Your role and responsibilities Audit Management: Coordinate and support internal and external audits, including evidence collection, control testing, and remediation tracking. Serve as the secondary point of contact for auditors and third-party assessors. Maintain audit logs, findings, and corrective action plans. Compliance Oversight: Monitor and ensure compliance with industry regulations and internal security policies. Map controls and processes to multiple compliance frameworks (e.g., NIST, ISO, SOC 2, HIPAA). Track evolving compliance obligations and help update policies accordingly. Access Management: Support access management processes Coordinate and drive periodic user access reviews. Business Continuity & Disaster Recovery (BCDR) Collaborate with IT, operations, and business units to develop and maintain BCDR plans. Coordinate and conduct periodic BCDR tests, document results, and track corrective actions. Evaluate critical business processes to identify single points of failure and propose continuity strategies. Ensure BCDR plans align with compliance requirements and organizational risk appetite. Maintain an inventory of critical assets and dependencies required for continuity and recovery. Policy Development & Enforcement: Assist in developing, updating, and enforcing information security policies, procedures, and standards. Ensure policies align with compliance frameworks and are effectively communicated across the organization. Documentation & Reporting: Maintain detailed and organized documentation of security controls, evidence, and compliance artifacts. Create reports and dashboards for leadership on compliance status and audit readiness. Other assignments as required to support the security, compliance, and resilience goals of the organization. Required education Bachelors Degree Preferred education Bachelors Degree Required technical and professional expertise Bachelor degree in Cybersecurity, Information Systems, Risk Management, or related field. 3+ years of experience in information security, with a focus on compliance and audits. Hands-on experience supporting one or more compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, NIST). Strong understanding of security controls and risk management practices. Strong understanding of network, system, and application security principles. Strong knowledge of risk management principles and audit processes. Excellent analytical, problem-solving, and communication skills. Preferred technical and professional experience Strong attention to detail and organizational skills. Excellent written and verbal communication. Ability to manage multiple audits and compliance initiatives simultaneously. Comfortable working with technical and non-technical teams.