1810 Nist Jobs - Page 46

JOB DESCRIPTION: Job Title: Infrastructure Security Engineer Location: Hyderabad Job Summary: We are seeking a skilled Infrastructure Security Engineer to join our team and help secure our IT infrastructure. The ideal candidate will have hands-on experience in designing, implementing, and maintaining security controls across both on-premises and cloud environments. Key Responsibilities: Design and implement security measures to protect infrastructure, systems, and data Monitor network traffic, investigate security incidents, and coordinate response efforts Manage firewalls, VPNs, and IDS/IPS systems Conduct regular vulnerability assessments and penetration tests Harden cloud environments (AWS, Azure, GCP) following best practices Work with DevOps and IT teams to integrate security into CI/CD pipelines Maintain and enforce security policies, procedures, and standards Ensure compliance with regulatory frameworks (ISO 27001, NIST, SOC 2, etc.) Manage identity and access controls (IAM, LDAP, Active Directory) Automate security processes using scripting and tools like Terraform, Ansible Required Skills & Qualifications: Bachelor’s degree in computer science, Information Security, or a related field 3–5+ years of experience in infrastructure or information security Strong knowledge of networking, operating systems (Linux/Windows), and cloud security Hands-on experience with SIEM, IDS/IPS, and vulnerability scanning tools Proficiency in scripting (Python, Bash, PowerShell) and Infrastructure-as-Code (IaC) tools Security certifications preferred (CISSP, CISM, CEH, AWS Security Specialty) Please share your updated resume at Pravin.b@datasysamerica.com Show more Show less

Job Description: Provide tier two operational support, leading team efforts in resolution of incidents and outages for information security technology and its dependencies on Public and Private Cloud computing environments, shared platforms, and operating systems for more than three of the following technologies: Ensuring team's adherence to SOPs, training and performance monitoring for team members, and continuous process improvement for efficiency, including automation, wherever applicable and conduct recurring assessments of all the key SOC workflows to highlight process deficiencies as well as improvement opportunities for staff. Malware Analysis SIEM (Splunk) Software-defined (Cloud) Network Security Endpoint Security Protection Data Loss Prevention Partner with other technology teams in handling and responding to internal customer issues, conducting problem analysis and providing solutions for service level improvements, and ensuring timely remediation of security issues in accordance with corporate policies and standards Execute daily security technology administration functions Perform Root Cause Analysis (RCA) on applicable technology Validate quality of dashboards and alerts and suggest updates to reflect new threats and changes in the monitored environment Support the Security Operations team in its efforts on various technology projects and operational initiatives Work as a part of a team to ensure that Guardian customers' data, technology platforms, and infrastructure are available and safeguarded from cyber threats Follow ITIL practices regarding incident, problem, and change management Stay up to date with emerging cyber threats, industry best practices, and applicable regulatory requirements Required Qualifications Being curious and desire to analyze anomalies Desire and passion to learn and grow in Cybersecurity Customer-focused demeanor Minimum 4-6 years of proven experience in building and operating security controls in at least two of the following domains: Network/Perimeter Security, including Next-Gen firewalls, intrusion prevention systems, proxies, and Web Application firewalls (WAFs) Enterprise Endpoint (host-based) Security DLP and Secure Data Transmission, Storage, and Access Identity and Access Management / User Behavior Analytics Understanding of security architecture, operating and troubleshooting principles of Microsoft Windows and Linux operating systems SIEM management: Senior SOC Engineers must have extensive experience in managing SIEM systems, including configuring, tuning, and optimizing them for maximum efficiency. Endpoint security: They must have a deep understanding of endpoint security solutions, including antivirus, anti-malware, and intrusion prevention systems. Security incident handling: Senior SOC Engineers must have experience in handling security incidents, including identifying the source of the threat, containing it, and preventing further damage. Data Loss Prevention (DLP): They must have experience in implementing and managing DLP solutions to prevent data breaches. Threat intelligence: They must stay up-to-date with the latest security threats and trends, and use this information to improve the organization's security posture. Team management: Senior SOC Engineers must lead and manage the security operations center team, including hiring, training, and mentoring team members. Documentation: They must ensure that all security events, incidents, and responses are properly documented for future reference and analysis. Collaboration: Senior SOC Engineers must work closely with other IT teams, including network engineers, system administrators, and application developers, to ensure that all systems are secure. Continuous improvement: They must continuously evaluate and improve the organization's security posture by implementing new technologies, processes, and procedures. Requirements for a Senior SOC Engineer typically include a bachelor's degree in computer science or a related field, along with relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Ethical Hacker (CEH). Strong leadership skills, analytical skills, attention to detail, and the ability to work well under pressure are also essential. Ability to effectively work in a team, as well as to be an independent contributor on select projects Preferred Qualifications Recognized Security Industry and Public Cloud IaaS certifications Familiarity with security industry standards and best practices (NIST 800-53, ISO27001, NIST CSF, HITRUST, NYDFS-Cybersecurity, HIPAA, FedRAMP, OWASP, etc.) Familiarity with ITIL; experience with incident, problem, change, and risk management Location: This position can be based in any of the following locations: Gurgaon Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday Show more Show less

About This Role Wells Fargo is seeking an Audit Manager. Audit is a provider of independent, objective assurance services delivered through a highly competent and diverse team. As a business partner, Audit helps the company accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. About Enterprise Technology Audit Group The Enterprise Technology Audit Group (ETAG) conducts and coordinates audits of information technology and information security, primarily focused on the Wells Fargo Technology (WFT) organization, the Independent Risk Management (IRM) Technology, and the Third Party and information Risk Oversight (TPIRO) group. ETAG Is Broken Out Into The Following Sub-teams Chief Information Office (CIO) - CSBB Technology, Consumer & Small Business Banking, Consumer Lending Technology, Digital & Innovation Technology, Enterprise Functions Technology, Financial Crimes & Enterprise Data Technology, WIM Technology Chief Technology Office (CTO) - Cloud Platforms, CIO Development, Change Enablement, Middleware Information Security - Access Management, NIST Assessment, Cybersecurity Defense Monitoring, Information Protection, Third Party Risk Infrastructure & Technology Recovery - Technology Continuity & Resiliency, Technology Infrastructure Technology Governance - IT Governance, Risk Management, Compliance Strategy & Digital, & Innovation Group (SDI) - Corporate Strategic Planning, Digital Platform, Innovation Group In This Role, You Will Lead execution of the integrated audit process Participate in audits in accordance with Wells Fargo Audit Services policy Demonstrate depth and breadth of knowledge and understanding across multiple businesses or develop knowledge in a critical subject matter area Demonstrate comprehensive knowledge and understanding of the financial, operational, technical, and regulatory environment across multiple businesses or develop excellent subject matter knowledge in critical areas of the business Write opinions reflecting relevant facts that lead to logical conclusions Escalate significant risks and loss exposures to appropriate levels of management Ensure documentation and reporting are ready for review by managers and more experienced managers Demonstrate credible challenge Evaluate and provide appropriate solutions for complex problems Lead multiple concurrent projects that are generally moderate to large in size and moderate to high in complexity Identify and assess key risks and controls and develop effective test plans for engagements as assigned with limited guidance Present audit results in an objective and unbiased manner Exhibit appropriate judgment regarding issue notification, issue draft findings to client management, and draft final audit reports Develop and maintain excellent business relationships within Internal Audit and with teams companywide Required Qualifications: 5+ years of Audit, Risk experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Qualifications : 5+ years of work experience in Technology Governance, Risk Management and Compliance (GRC) or IT Security with at least 5 years in Technology Audit. A professional with auditing, security, or accounting designation e.g., CISA, CISSP, CPA, CA, CIA, CCNA, CISM, CRSIC or to have substantially completed the requirements for such a designation while actively pursuing the completion of such a designation. Background of Technology Audit within international financial service organizations. Lead execution of the integrated audit process Participate in audits in accordance with Wells Fargo Internal Audit policy Demonstrate depth and breadth of knowledge and understanding across multiple businesses or develop knowledge in a critical subject matter area Demonstrate comprehensive knowledge and understanding of the financial, operational, technical, and regulatory environment across multiple businesses or develop excellent subject matter knowledge in critical areas of the business Write opinions reflecting relevant facts that lead to logical conclusions Escalate significant risks and loss exposures to appropriate levels of management Ensure documentation and reporting are ready for review by managers and more experienced managers Demonstrate credible challenge Evaluate and provide appropriate solutions for complex problems Lead multiple concurrent projects that are generally moderate to large in size and moderate to high in complexity Identify and assess key risks and controls and develop effective test plans for engagements as assigned with limited guidance Present audit results in an objective and unbiased manner Exhibit appropriate judgment regarding issue notification, issue draft findings to client management, and draft final audit reports Develop and maintain excellent business relationships within Internal Audit and with teams companywide Job Expectations: Experience in general Information Technology control reviews as well as application control reviews. Strong knowledge of and experience in medium to large-scale application reviews and system development projects, and ability to perform reviews on various platforms (e.g., Unix, Windows, iSeries, z/OS, SQL DB, Oracle DB, network devices, middleware, cloud). Good understanding of technology processes (e.g. change management, security operations, technology operations, business resiliency, etc.), application and infrastructure controls. Good knowledge of system development methodologies, information security controls, access management, technology governance and risk management. Knowledge of information security management frameworks (e.g. COBIT, ISO 2700x, ITIL, NIST Cybersecurity Framework, SANS Top 20 Critical Security Controls, Vulnerability and Penetration testing). Solid knowledge and understanding of audit methodologies and tools that support audit processes. Knowledge of IT and Cloud management and control frameworks Experience with Issue Validation and Remediation Excellent verbal, written, and interpersonal communication skills. Strong organizational, multitasking, and prioritizing skills. Ability to work independently and as part of a team, be flexible. Ability to execute in a fast-paced demanding environment while balancing multiple priorities. Problem solving attitude. Good analytical skills with high attention to detail. Ability to work with minimal supervision and exercise independent judgment consistent with department guidelines. Posting End Date: 30 May 2025 Job posting may come down early due to volume of applicants. We Value Equal Opportunity Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic. Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements. Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process. Applicants With Disabilities To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo . Drug and Alcohol Policy Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more. Wells Fargo Recruitment And Hiring Requirements Third-Party recordings are prohibited unless authorized by Wells Fargo. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process. Reference Number R-445163 Show more Show less

Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: Bachelors degree in computer science or related field Excellent communication and team collaboration skills

About BNP Paribas India Solutions Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions. About BNP Paribas Group BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability Commitment to Diversity and Inclusion At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. About Business Line/Function RISK Operational Risk Management (RISK ORM) CIB belongs to the second line of defence of BNP Paribas Corporate and Institutional Bank (CIB). RISK ORM CIB belongs to the Risk Function (RISK) of BNP Paribas (RISK) and is placed under the responsibility of the Chief Operational Risk Officer (CORO) for CIB. The department has responsibility for independently challenging and supervising the Operational Risk management of CIB activities (Global Banking, Global Markets, Securities Services, Operations and Functions) on a worldwide scope. In the territories that CIB operates, there is responsibility to cover the Assets Liability Management and Treasury (ALM-T) operations too. All of the above is achieved through framing operational risk methodology for CIB and disseminating of risk management culture across CIB; assessing the adequacy of the CIB operational risk management set-up; controlling effectiveness of CIB control environment; contributing to the detection, anticipation and response to risks; alerting CIB and RISK stakeholders on any significant risk issue; providing a consolidated view on CIB operational risks profile. As the second line of defence for Information and Communications Technology (ICT) risks, RISK ORM has the responsibility for oversight and supervision on ICT risks for CIB, ensuring and opining that appropriate ICT risk management efforts are underway and raise any alerts in case of issues to the stability of the Bank and influencing business, functions, and technology partners to take sound risk management decisions Job Title Operational Risk Officer Support – Technology Expertise Date October 24 Department RISK CIB – RISK ORM CIB – Centre of Excellence Location: India Business Line / Function RISK Reports To (Direct) RISK India Grade (if applicable) VP (Functional) Number Of Direct Reports Directorship / Registration: NA Position Purpose Purpose: The ICT risks including, but not limited to, Information Security, ICT Availability and Continuity risks, ICT Change risks, ICT asset management, ICT resilience and ICT outsourcing are a key topic for losses, reputational impact, and systemic operational risk for financial services. This role exists to support the supervision and oversight of the management of such risks. Specifically, the role will be involved in independent control through Level 2 Controls and quality review of the ICT incidents. Scope: ICT supporting the CIB businesses and operations Responsibilities The candidate will be responsible for operating independently and supporting the the RISK ORM CIB Technology and Transversal Risks team in its mission of ensuring the correct implementation of BNP Paribas permanent control framework. Such support activity by this role includes – Following-up on the exceptions to the global normative framework for ICT risk management, including following-up on exceptions to any ICT procedures and any ICT Risk acceptance or mitigation on the normative framework (controls, procedures and other IT activities). Supporting the control on ICT outsourcing risk management through opining on the risk assessments of ICT arrangements, their exit strategies, any notifications to authorities and ensuring data collection and inventory of data pertaining to the specific arrangement in CIB and Group inventories. Performance of second level of controls (L2Cs) and other analyses aiming to ensure the appropriate design and effectiveness of the ICT control framework implemented by 1LoD, identification of areas for improvement and any recommendations for improvement. Following up on the actions raised by RISK ORM CIB teams for ICT, recommendations from internal audit (Inspection General) and any other supervisory and regulatory bodies. Checking and challenging and quality review the ICT incidents collection, reporting and management processes and their follow through during such incidents. Checking and challenging the ICT indicators related to risk appetite of CIB and entities. Support on the opinion provided on on change the bank (CTB) activities for ICT such as ITVCs, Proof of Concepts, Artificial Intelligence (AI) and Digital Assets projects and CSSI committees. Production of reports, meeting decks and other deliverables in relation to the above points. Assistance in promoting and driving awareness on ICT risks; to assist in organising risk meetings, forums and committees with community members across CIB Contributing Responsibilities Successful candidate will have exposure to operating in risk management programs in global organizations, with robust knowledge of technology, risks, architectures, and related tools. Prior ICT continuity or ICT risk management experience (ICT, Cyber, resilience etc.) and exposure to the Financial Services industry is a must. Experience with Governance, Risk and Compliance (GRC) tools and other risk management information systems is preferred. The individual will assist in the preparation / contribution to the development of independent testing controls and support the wider RISK ORM community globally in defining better maturity models for independent testing. Excellent presentation skills are necessary. Experience interacting with regulatory agencies is a plus Technical & Behavioral Competencies Good knowledge of Business Continuity, ICT Continuity and Audit methodology and concepts. Understanding of the banking industry's regulatory requirements on ICT (e.g., NIST Cyber Security Framework, ISO27001, EBA Guidelines on ICT and security risk management etc.) Ability to articulate risk management concepts in business language Excellent written and verbal communication skills Proficient with Microsoft Office Suite Prior experience documenting tool requirements to support risk management Ability to travel to vendor sites and perform assessments as necessary Proven ability to manage issues through to resolution; skilled at making judgment calls. Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times Industry certifications (e.g. CISA, CISM, CRISC) or willingness to obtain the same Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework. Multilingual capability (English and French) is preferred Conduct Be a role model, supporting and fostering a culture of good conduct. Demonstrate proactivity, transparency, and accountability for identifying and managing conduct risks. Consider the implications of your actions on colleagues, partners, and clients before making decisions, and escalate issues to your manager when unsure. Specific Requirements Specific Qualifications (if required) Suitable experience (5+ preferred) in ICT audit, ICT risk management or ICT continuity. Bachelor’s degree in information technology, Information Security, Business or Risk Management (or equivalent professional qualification). Team player – focus on the success of the whole team. Working well both with others, as well as individually. Excellent stakeholder management skills. Experience in a 2LoD, Risk function, operations or an ICT Audit role. Good listening and analytical skills – being able to come to a thoughtful and business focused conclusion quickly. Ability to co-operate and work well with others adopting an approachable style Ability to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits. Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. Adapting personal approach to suit situations, individuals, groups and cultures. Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well. Being rigorous and thorough – especially when logging and tracking issues through to conclusion. Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management. Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business. Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate. Skills Referential Behavioural Skills: (Please select up to 4 skills) Ability to collaborate / Teamwork Organizational skills Client focused Ability to deliver / Results driven Transversal Skills: (Please select up to 5 skills) Ability to understand, explain and support change Analytical Ability Ability to manage a project Ability to develop and adapt a process Ability to inspire others & generate people's commitment Education Level Choose an item. Experience Level Choose an item. Other/Specific Qualifications (if Required) Enable teamwork by empowering and managing people to fulfil the RISK Hub’s strategic objectives and any specific objectives on ICT risk management. Be the single point of contact for this specific team for CIB activities. Provide conducive work environment for a healthy working atmosphere in a competitive environment. Upskilling team member’s basis the skill matrix and PDP follow through. Promote training awareness, recognize team members, value their contribution and provide opportunities for growth and mobility. Fair dealing with staff members on day to day business deliverables and ensure administrative aspects including attendance, training and continuous feedback are totally intact Show more Show less

Role: Cyber Risk Management Lead Experience: 5 to 10 Years Office location-Sector-125, Noida Required Qualification: Bachelor of Engineering - Bachelor of Technology (B.E./B.Tech.) Additional Information There are 2-3 rounds in the interview process. This is 5 days’ work from office role (No Hybrid/ Remote options available) Final round will be F2F (Mandatory) About role: We are seeking a Cyber Risk Management Lead to identify and remediate or mitigate risks . Candidate should have effective task management skills and the ability to communicate effectively. The individual must be able to rapidly respond to security incidents and should have at least 5 years of relevant experience in Cyber security Risk management. Candidates Should have deeper understanding with some hands-on experience on enterprise IT infra components such as O365 suite, advanced firewalls, IPS/IDS/HIPS, routers/switches, VPN, proxy, AV/EDR, DNS, DHCP, multi factor authentication, virtualization, Email systems/security, Web Proxy, WAF, DLP etc. along with cloud environments like AWS (Must) , Azure etc. Job Description Understanding applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance Developing, maintaining, or auditing security documentation such as policies, standards, and procedures Monitoring security internal control effectiveness for EDR, Email Security, Server security, Cloud security etc Conducting internal security assessments to ensure continued compliance Explaining roles in managing risk to cross team functions and getting buy-in to improve the organizational risk posture Managing SOC 2 Type 2 assessment and provide adequate support for collecting relevant evidence for all relevant controls Should be able to review RFPs (request for proposal) and provide responses for Cyber security related items Manage Risk Governance Implement/govern AWS Cloud and Office 365 Security Manage and support internal and external audits Follow up till closure on audit findings if any Manage dashboards and reports to keep track of priority events for IT and IS Create MOM for Board Meetings Vendor Evaluation for cyber security controls Firewall rules review for On-premises and AWS firewall Security Awareness: Create materials PPT/e-mailers and provide training as needed Incident management and Business continuity CISO dashboard and success reports Meet with business team to understand their business requirements from cyber security perspective Has basic knowledge of audit requirements (SOC2, HIPPA, ISO27001, etc.) Understanding of respective industry best practices (e.g., NIST, ISO, OWASP, ITIL) At least one security certification is strongly preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP) Prior experience of management of technology infrastructure is preferred Skills: proxy,audit management,firewall rules review,cyber risk management,dns,advanced firewalls,ciso dashboard management,waf,business continuity,internal security assessments,task management,cloud environments,enterprise it infrastructure,cloud security,email security,incident response,email systems/security,ips/ids/hips,security document auditing,security auditing,communication skills,security incident response,cyber security,aws,routers,web proxy,risk assessment,compliance,dhcp,soc assesment,communication,security assessments,nist, iso, owasp, itil best practices,cyber security risk management,effective communication,it infrastructure security,multi-factor authentication,risk governance,o365,o365 suite,incident management,risk management,switches,security awareness training,virtualization,av/edr,azure,security documentation,dlp,cyber risk management lead,vendor evaluation,regulatory compliance (soc2, hipaa, iso27001),routers/switches,auditing,cybersecurity risk management,office 365 security,aws cloud security,vpn,security awareness Show more Show less

Senior Network Security Engineer (Fortinet/ Firepower /ASA) Cochin -Kerala Grow and shape a secure future together with us! mispa Technologies is an innovative IT security services and solution provider with head office in Langenfeld (Rhineland), Germany and Dev & Operations Center in Cochin (India), established in 2014. We focus on IT consulting, professional services and managed services that use Innovative Technologies. You will have the opportunity to work in a collegial and diverse environment that is uniquely inspiring and respectful, where employees develop and share experiences, insights, perspectives, and creative solutions in cross-functional teams. We, mispa Technologies, offers you the opportunity to become part of an international team and improve the service we provide to our customers. Don't just build a career, Love IT. We manage leading German based international companies in the delivery of their services or the implementation of projects where specialized IT security expertise is needed. To further strengthen our team in Cochin, we are looking for you as a dedicated employee. We rely on strong teamwork, flat hierarchies, agile innovation, and a strong customer focus and are looking for people who enjoy and are interested in IT security, are team players and want to make a difference. Your Responsibilities Ensure infrastructure operations (2nd and 3rd level support) in compliance with customer specific SLAs. Identify, assess, and implement solutions to infrastructure and security related incidents using tools and standards and proactively make recommendations. Lead problem management as an escalation point, performing regular analysis and recommendations for the infrastructure. Plan changes to IT solutions, identify and mitigate risks during implementation. Design and integrate IT solutions for the client's service based on service design specifications, ensure creation and continuous revision of documentation to implemented services. Contributing to the technological and procedural development of the mispa Security Operations Center Services Implementation and operation of IT security technologies. Internal support as Expert for Operations Team in case of complex IT-Security problems within the customer environment Your Profile Firewall Management : Deploy, configure, maintain, and troubleshoot FortiGate, and Cisco Firepower/ASA firewalls. Centralized Management : Experience with Forti Manager, Forti Analyzer, and Cisco FMC is preferred. Security Policy Implementation : Define, enforce, and optimize firewall rules and security policies in line with industry’s best practices. Network Security Architecture : Support the design and implementation of secure network infrastructures. Upgrades & Patch Management : Perform firmware upgrades, security patching, and version updates for firewalls in a controlled and compliant manner. VPN & Remote Access : Configure and manage Site-to-Site VPNs, SSL VPNs, and IPSec tunnels for secure remote connectivity. Integration & Automation : Integrate firewalls with security tools, SIEM solutions, and automation frameworks to enhance visibility and incident response. Incident Response : Investigate and resolve firewall-related security incidents and network connectivity issues. Documentation & Reporting : Maintain up-to-date documentation for firewall configurations, rule sets, change management logs, and compliance reports. Compliance & Audits : Ensure firewall configurations align with organizational security policies and standards such as ISO 27001, NIST, and PCI-DSS, and support internal/external audits as needed. Minimum 5 years of work experience with network and security technologies and a bachelor’s degree in technology or in Computer Science. Additionally, you should have Professional Level and/or expert level certification. Problem solving skills and ability to work under pressure, Independent, structured, reliable way of working and hands-on mentality. Quick perception, creativity, structured approach and pleasure in solving complex challenges, willingness to upgrade skills and very good communication skills both written and oral Our Offer Be part of our international team. We offer you a very collegial, agile and open working atmosphere. This job will give you the opportunity to make a key contribution to challenging and exciting customer projects. With your profound knowledge and experience in technology and management topics as well as your creativity, you can make our customers successful and grow together with us. We actively support you in your training and further development. Have we sparked your interest? We look forward to your application documents, stating the earliest possible start date, preferably in an e-mail to recruitment@mispa.com. Show more Show less

Job Title: Manager - Enterprise Business Company: Techdefence Labs Solutions Ltd. Location: Pune, Bangalore, Hyderabad, Kolkata Experience: 3+ years Type: Full-Time | Individual Contributor About Techdefence: Techdefence Labs Solutions Limited is a leading cybersecurity company, providing cutting-edge security services, compliance solutions, managed security offerings, and the sale of best-in-class cybersecurity OEM products. We protect enterprises by combining technical depth, threat intelligence, and industry experience to create robust security postures across industries. Role Overview: We are seeking a technically proficient and strategically minded Manager – Enterprise Business to drive cybersecurity services and OEM product sales across mid-sized to large enterprises. This is an individual contributor role requiring hands-on involvement in lead generation, technical consultative selling, client engagement, and closure of complex cybersecurity deals. The ideal candidate will have a strong background in cybersecurity technologies, services, and industry frameworks, with proven experience in hunting, developing, and closing high-value enterprise accounts. Key Responsibilities: Own and drive end-to-end enterprise sales cycles for cybersecurity services (VAPT, SOC, GRC, MDR, etc.) and OEM product sales (Firewalls, XDR, SIEM, Endpoint, Cloud Security, etc.). Actively prospect, engage, and build a strong pipeline with enterprise clients across BFSI, NBFC, IT/ITES, Manufacturing, and Government sectors. Understand client environments technically to consult, position, and architect appropriate cybersecurity solutions in collaboration with pre-sales. Deliver technical presentations, respond to RFPs/RFIs, and lead solution discussions with CISO teams, IT Heads, and InfoSec stakeholders. Independently create and manage sales proposals, RFP/RFQ responses, technical documentation, and supporting collateral aligned with client requirements and internal delivery capabilities. Build strong OEM relationships to leverage joint GTM initiatives, deal registrations, and opportunity acceleration. Proficiently use CRM tools (Zoho, HubSpot, Salesforce, etc.) to manage pipeline, forecast accurately, and report sales performance. Utilize MS Office Suite (Word, PowerPoint, Excel) to develop customer-facing documents, technical proposals, sales decks, and presentations. Consistently meet or exceed quarterly and annual sales targets aligned with Techdefence’s GTM strategy. Work with delivery, pre-sales, and legal teams to ensure successful proposal submissions, contracting, and project initiation. Track market trends, emerging threats, and new OEM capabilities to continuously educate customers and differentiate Techdefence offerings. Maintain accurate reporting in CRM and participate in forecast reviews and sales cadences. Technical Skills & Domain Expertise Strong understanding of core cybersecurity domains: Network Security, Cloud Security, Application Security, SOC Operations, Incident Response, Threat Intelligence GRC, ISO 27001, HIPAA, PCI-DSS, and other compliance standards OEM technologies like Palo Alto, Fortinet, CrowdStrike, SentinelOne, Splunk, Tenable, Securonix, Seceon etc. Knowledge of Cybersecurity Frameworks: NIST CSF, MITRE ATT&CK, Zero Trust, etc. Ability to map customer environments to threat vectors and recommend layered security approaches. Capability to speak the language of CISOs and influence technical and business decision makers. Qualifications & Experience Bachelor's or master's degree in computer science, IT, Cybersecurity, or related discipline or Business Administration (Sales & Marketing) 3+ years of hands-on enterprise sales experience in cybersecurity (services + products). Proven record of achieving multi-crore annual revenue targets individually. Certifications like CISM, CISSP, CEH, or vendor-specific (e.g., Palo Alto ACE, Fortinet NSE) are a plus. You’re One of Us If you are A self-driven, high-performing individual who thrives in a fast-paced tech sale environment. Comfortable with both strategic conversations and technical deep dives. You don’t wait for leads—you create them. Passionate about cybersecurity and constantly upskilling yourself. What We Offer High-growth environment with a strong technical and delivery backbone. Direct access to founders and key leadership for fast decision-making. Work with leading OEMs and cutting-edge cybersecurity technologies. Attractive compensation and aggressive incentive plan.  📞 Share your profile if suitable: 6353489197 Show more Show less

Job Title: Senior Linux Administrator Location: Ahmedabad. Experience Required: 5-8years. Qualification: B.Tech / BCA / MSc / MBA Employment Type: Full-Time About Company: Silver Touch Technologies Ltd specialize in implementation of Digital Transformation for Enterprise customers. We provide services on Artificial Intelligence, Machine Learning, Big Data & Analytics, and Robotic Process Automation (RPA). We specialize in building large Enterprise application on Mean stack, Microsoft, Open Source and Cloud Technologies like Azure, AWS. We help software product and SaaS companies to build, upgrade and support the Applications. Legacy application migration to cloud is one of our specialization. We have highest quality standard certification in industry CMMi Level 5 Quality Standards ISO 27001 Information Security Standards ISO 20000 Service Delivery ISO 9001 Quality Standards. Job Summary : We are seeking a highly skilled and experienced Senior Linux Administrator to join our IT infrastructure team. The ideal candidate will have extensive experience in managing Linux systems in a high-availability, enterprise-level data center environment. This role requires hands-on expertise in Linux system administration, automation, scripting, server hardening, and performance tuning. The candidate must possess strong problem-solving abilities and a proactive approach to infrastructure management. Key Responsibilities: Administer, maintain, and troubleshoot Linux servers (RHEL, CentOS, Ubuntu) in physical and virtual environments. Manage systems in enterprise data center environments, including installation, configuration, and patching. Implement and maintain monitoring, alerting, and logging systems (Nagios, Zabbix, Prometheus, ELK stack, etc.). Automate system administration tasks using shell scripting, Ansible, Puppet, or similar tools. Perform regular backup, recovery, and disaster recovery drills. Ensure system security through access controls, firewalls, and system hardening. Collaborate with DevOps, network, and application teams to support infrastructure requirements. Participate in on-call rotation and respond to system outages and performance issues. Document procedures, configurations, and architecture diagrams. Required Skills and Experience: Minimum 7 years of hands-on experience in Linux system administration. Strong knowledge of data center operations and IT infrastructure best practices. Expertise in server deployment, virtualization (VMware, KVM), and performance tuning. Proficiency in Bash/Python scripting and configuration management tools (e.g., Ansible, Chef, Puppet). Familiarity with container technologies (Docker, Kubernetes) is a plus. Experience with networking protocols, storage systems (NFS, SAN, iSCSI), and security compliance (e.g., ISO, NIST, PCI). Ability to manage large-scale infrastructure with a focus on uptime and reliability. Relevant certifications like RHCE, RHCSA, CompTIA Linux+, or AWS Certified SysOps Administrator are an added advantage Show more Show less

Industrial Control System (ICS) Architect - ESSWAY Cyber Security SolutionsAbout ESSWAY ESSWAY Cyber Security Solutions is a global leader in comprehensive cybersecurity, formed in 2023 as a joint venture between Esskay and Way11. With over 30 years of combined industry experience, we deliver cutting-edge solutions for both IT and OT environments. Our offices in India, Bangladesh, and the Middle East serve clients worldwide, with 24/7 SOCs protecting 500+ enterprise networks across 25 countries. Position Overview We're seeking an experienced ICS Architect to design, implement, and optimize control systems that drive operational efficiency and ensure security across industrial environments. This role is critical in shaping the architecture of control systems for manufacturing, energy, transportation, and utilities sectors. Key Responsibilities • Design and maintain architecture for ICS environments including SCADA, DCS, PLCs, and other control systems • Implement robust cybersecurity protocols to protect against threats and unauthorized access • Integrate ICS with enterprise systems for optimal efficiency and scalability • Ensure compliance with ISA/IEC 62443, NERC CIP, and other industry standards • Conduct risk assessments and develop mitigation strategies for ICS vulnerabilities • Create detailed documentation for system designs, implementations, and security audits • Collaborate with engineers, IT teams, and business leaders to align ICS architecture with organizational goals • Provide training and support to operational teams on system functionalities and cybersecurity protocols Requirements • Bachelor's/Master's degree in Electrical Engineering, Computer Engineering, IT, or related field • 5-7 years of experience in ICS environments • Extensive knowledge of SCADA, DCS, PLCs, and HMI systems • Strong understanding of ICS cybersecurity practices and frameworks (ISA/IEC 62443, NIST) • Proficiency in ladder logic, Python, C++, or similar programming languages • Excellent analytical, problem-solving, and communication skills • Certifications such as CSSA or CISSP preferred What We Offer • Access to industry-leading certifications and training programs • Work with cutting-edge security technologies in our Innovation Labs • Global exposure through international teams and diverse client projects • Competitive compensation, health insurance, and performance bonuses • Flexible working arrangements and comprehensive wellness programs • Career progression toward senior leadership roles (ICS Security Manager, Automation Director, CTO) Work Environment Hybrid position balancing office work, industrial site visits, and remote flexibility. Some travel required to operational facilities for system assessments and on-site implementations. Ready to make a significant impact in protecting critical infrastructure? Apply now to join ESSWAY's mission of securing the world's industrial systems. Show more Show less

Analyst Level 3 - Security Operations Centre (SOC) Ways of working – Full-time with rotational shifts and mandatory Work from Office Location: Embassy Tesh Village, Bangalore Year of Experience: 5+ years in a SOC or security operations environment, with at least 2 years in a senior or advanced analyst role. About The Team & Role As a Level 3 Security Operations Centre (SOC) Analyst, you will be responsible for identifying, analyzing, and responding to security incidents and threats within an organization's IT infrastructure. This senior role demands a high level of expertise in security operations, threat analysis, and incident response. You will work closely with other teams, including Level 1 and Level 2 analysts, management, and engineering, to ensure the security of the organization's network and systems. Your work will contribute to detecting and mitigating advanced cyber threats, ensuring that the organization remains protected against emerging risks. What will you get to do here? Incident Response & Investigation Lead investigations of complex security incidents, including intrusion detection, malware analysis, and vulnerability exploitation. Perform in-depth analysis of security incidents to determine their scope, impact, and method of attack. Take immediate and appropriate action to contain, mitigate, and resolve security threats. Threat Hunting Proactively hunt for hidden threats and vulnerabilities within the organization's systems and networks. Analyze logs and data from multiple sources (e.g., firewalls, intrusion detection systems, antivirus solutions) to identify patterns indicative of malicious activity. Utilize advanced threat intelligence to stay ahead of potential attackers and new attack vectors. Security Monitoring & Analysis Oversee and manage security monitoring tools to detect potential security incidents and vulnerabilities. Analyze alerts and reports generated by various security tools, ensuring accuracy and appropriateness. Ensure the effective operation and tuning of SIEM (Security Information and Event Management) systems, IDS/IPS, and other security technologies. Identify and define new use cases as well as modify existing ones Collaboration & Knowledge Sharing Mentor and provide guidance to junior analysts (Level 1 and Level 2) in incident handling, investigation, and security best practices. Collaborate with IT, network, and engineering teams to resolve security issues and implement proactive security measures. Document incidents and maintain accurate records for reporting and auditing purposes. Reporting & Documentation Generate detailed post-incident reports that include findings, recommendations, and remediation steps. Assist in the development and maintenance of SOC procedures, playbooks, and security policies. Report trends and emerging threats to senior management and stakeholders. Create and maintain standard operating procedures (SOPs), playbooks, and runbooks. Lead root cause analysis and develop lessons learned documentation post-incident Continuous Improvement Stay up to date on the latest cybersecurity threats, trends, and technologies. Contribute to the development and improvement of incident response plans and security protocols. Participate in security training programs to continually enhance skills and capabilities. What qualities are we looking for? Education: Bachelor's degree in Computer Science, Information Security, or related field, or equivalent experience. Experience: 5+ years of experience in a SOC or security operations environment, with at least 2 years in a senior or advanced analyst role. Technical Skills: Strong experience with security tools and SaaS Application, including SIEM (Splunk, Sentinel One, QRadar, etc.), IDS/IPS, firewalls, Endpoint Protection, DLP, Active Directory/Azure and vulnerability scanners. Expertise in incident response, digital forensics, and malware analysis. Deep understanding of security frameworks, methodologies, and best practices (NIST, ISO 27001, MITRE ATT&CK, etc.). Knowledge and experience of common operating systems (Windows, Mac, Linux) and networking protocols (TCP/IP, HTTP, DNS, etc.). Advanced understanding of cyber threats and attack vectors, including APTs (Advanced Persistent Threats), ransomware, DDoS, and insider threats. Familiarity with cloud security environments and services (AWS, Azure, GCP). Skills & Abilities: Strong written and verbal communication skills, with the ability to report findings to both technical and non-technical stakeholders. Ability to work well under pressure and manage multiple tasks simultaneously. Relevant certifications such as CISSP, CISM, CEH, GIAC, or similar are a plus. Desired Skills: Experience with threat intelligence platforms and frameworks. Proficiency in scripting or automation (Python, PowerShell, etc.) for threat detection and incident response tasks. Experience with network traffic analysis tools (Wireshark, tcpdump, etc.). Knowledge of forensic tools and techniques. Familiarity with security incident management platforms (ServiceNow, Remedy, Jira, Fresdesk etc.). Preferred Certifications: CompTIA Security+ EC-Council Certified SOC Analyst (CSA) CompTIA Cybersecurity Analyst (CySA+) EC-Council SOC Essentials (S|CE) ISACA - CCOA GIAC Security Operations Certified (GSOC): GIAC Certified Incident Handler (GCIH): GIAC Certified Intrusion Analyst (GCIA): (ISC)² Systems Security Certified Practitioner (SSCP): GIAC Cyber Threat Intelligence (GCTI): GIAC Certified Forensic Analyst (GCFA) / GIAC Certified Forensic Responder (GCFR) AWS Certified Security - Specialty / Certified Cloud Security Professional (CCSP) Visit our tech blogs to learn more about some of the challenging Problem Statements the team works at:- https://bytes.swiggy.com/engineering-challenges-at-swiggy-430dea6c86a3 https://bytes.swiggy.com/the-swiggy-delivery-challenge-part-one-6a2abb4f82f6 https://bytes.swiggy.com/what-serviceability-means-at-swiggy-c94c1aad352a https://bytes.swiggy.com/architecture-and-design-principles-behind-the-swiggys-delivery-partner s-app-4db1d87a048a https://bytes.swiggy.com/swiggy-distance-service-9868dcf613f4 https://bytes.swiggy.com/the-tech-that-brings-you-your-food-1a7926229886 We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, disability status, or any other characteristic protected by the law. Show more Show less

Responsibilities Manage a team of senior Networking and Security personnel. Serves as the subject matter expert (SME) on Cloud networking and security, having previously worked in a senior technical network or security role. Help deliver and manage projects that apply the company’s security policies and standards for use in cloud environments. Communicate security concepts to different audiences ranging from business leaders to engineers, as well as customers. Serve as a key subject matter expect in security and networking topics and support delivery of core services from a network & security perspective. Mentor and influence team members in implementing and delivering projects and performing ongoing security and network monitoring. Help design security frameworks and effective solutions for vulnerability remediation. Develops standards, policies, and procedures as well as best practices documentation. Able to translate technical requirements into business requirements. Assist team members to update their security and networking skills and knowledge. Collaborate with other IT teams, developers, and business stakeholders to ensure alignment on network and security requirements. Stay up-to-date with the latest cloud networking and security trends and technologies. Develop and execute security roadmaps and initiatives. Drive change and improvements in security delivery of our Cloud security services. Education / Qualifications A university qualification of Bachelor's degree level in Engineering/IT, or a related field. 12-16 years of overall work experience in IT industry. Skills Required: Strong experience in a Security and networking leadership role (5 years+ in a management role combined with previous experience working at a senior technical level for 5 years+ in network/security role). Extensive security management experience in an environment leveraging Azure and/or AWS public cloud platforms. Strong Application, Networking, & Cloud Security knowledge and experience. Previous experience working in environments that leverage public Cloud. Extremely knowledgeable in security and networking technical matters. Experience of compliance standards, including ISO27001 and/or SOC2. Familiarity with directives such as GDPR and NIS2/DORA. Experience of team management and interview protocols. Strong understanding of penetration testing and vulnerability assessments. Experience with project management and security project delivery. Solid understanding of application development and SDLC. Security certifications a strong plus (eg CISSP). Fluent English speaker. Desired technical skills or knowledge areas: Expertise in Azure and AWS networking and security services. Proficiency in network protocols and technologies (e.g., TCP/IP, DNS, VPN, routing). Knowledge of security frameworks and standards (e.g., NIST, CIS). Experience with SIEM, IDS/IPS, and vulnerability management tools. Strong practical experience with Fortinet security solutions (FortiGate, FortiAnalyzer, etc.). Proficiency in using Rapid7 security tools (Insight IDR & VM) for vulnerability management and forensic investigation. Experience with tooling used for malware analysis and threat prevention. Experience with Manage Engine suite of products, especially PAM360 and Patch Manager Plus. Scripting and automation knowledge (e.g., Python, PowerShell, Terraform). About Hexagon Hexagon is the global leader in digital reality solutions, combining sensor, software and autonomous technologies. We are putting data to work to boost efficiency, productivity, quality and safety across industrial, manufacturing, infrastructure, public sector, and mobility applications. Our technologies are shaping production and people related ecosystems to become increasingly connected and autonomous – ensuring a scalable, sustainable future. Hexagon (Nasdaq Stockholm: HEXA B) has approximately 24,500 employees in 50 countries and net sales of approximately 5.4bn EUR. Learn more at hexagon.com and follow us @HexagonAB. Hexagon’s R&D Centre in India Hexagon’s R&D Centre in India is the single largest R&D centre for the company globally. More than 2,000 talented engineers and developers create innovation from this centre that powers Hexagon's products and solutions. Hexagon’s R&D Centre delivers innovations and creative solutions for all business lines of Hexagon, including Asset Lifecycle Intelligence, Autonomous Solutions, Geosystems, Manufacturing Intelligence, and Safety, Infrastructure & Geospatial. It also hosts dedicated service teams for the global implementation of Hexagon’s products. Show more Show less

Job Description • Compliance analyst position’s core responsibilities are to conduct technical and non-technical Information Security assessments against defined standards and controls. • Also conducting Risk assessment through the information Security Management System and related SOC 2 Type 2, ISO 27001 & HIPAA control framework. • This position will be responsible for conducting an internal audit against ISO 27001, HIPAA, SOC 2 Type 2 standards. • This position will also assist in all external audits such as ISO 27001, HIPAA, SSAE SOC 2 and customer audits Key Responsibilities: • Assist in conducting technical and non-technical information security assessments based on standards like ISO 27001, HIPAA, SOC 2 Type 2 • Support internal audits and coordinate documentation for external audits (e.g., ISO, HIPAA, SOC 2, and customer assessments) • Collaborate with IT, Network, and Cloud teams to support security assessments and identify potential risks • Assist in maintaining and updating compliance policies and procedures • Monitor and analyze security logs and incident data across platforms to support compliance reporting • Participate in risk assessments and document findings in the GRC system • Help track audit actions, report follow-ups, and maintain compliance dashboards • Assist in vendor risk assessments using tools like ServiceNow • Document audit findings and support remediation tracking • Review operational areas such as: o Endpoint and patch management o Change management o Technical vulnerability remediation o Access Control Analysis • Assist in reviewing compliance-related documentation and policies • Support business continuity and disaster recovery planning initiatives as needed • Collaborate on compliance reports and dashboard creation for management visibility Required Skills & Qualifications: • Bachelor’s degree in information technology, Cybersecurity, or a related field • 1–3 years of full-time experience in Information Security Audits or Compliance • Exposure to GRC systems and risk management tools • Familiarity with industry standards and frameworks: ISO 27001, SOC 2, HIPAA, GDPR, NIST • Ability to support internal/external audits with appropriate documentation and coordination • Strong documentation and reporting skills • Experience with tools like Git, Jira, ServiceNow, or security dashboards is a plus • Certifications such as ISO 27001 LI/LA, CISA, or equivalent are desirable but not mandatory Preferred Attributes: • Strong attention to detail • Proactive attitude toward learning and compliance improvement • Good communication and collaboration skills to work across departments • Willingness to take initiative in supporting team objectives and learning new technologies Location - Thiruvananthapuram Show more Show less

Job Description About Us Tsaaro’s prime focus is on Data Privacy and Security. Our team of specialist data privacy consultants, information security consultants, and penetration testers help and advise our clients to make running a secure business easier, with high efficiency. Everything we do is tailored to the individual organizational requirements, aligned with their budget and resource challenges. We take a pragmatic, risk-based approach to provide our clients with real-world, workable advice, guidance, and support that helps them to deal with a wide range of security and privacy-related challenges. Responsibilities As a Senior Data Protection Consultant, you will be entrusted with the following key responsibilities: Design and implement data protection and privacy programs that cater to our clients' specific business needs, ensuring their sensitive information is well safeguarded. Evaluate and assess our clients' data protection and privacy practices, offering valuable insights and actionable recommendations for continual improvement. Demonstrate expertise in various standards, such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, ISO 27701, etc., to assist clients in compliance and governance. Provide guidance and support to clients in adhering to a complex web of national and international laws and regulations, including the EU General Data Protection Regulation (GDPR) and other privacy laws. Assist in preparing policies, reports, and schedules for clients and relevant stakeholders, ensuring clear communication and alignment with industry best practices. Conduct thorough audits of Privacy controls to monitor program effectiveness and compliance, ensuring data protection is at its optimal level. Utilize online tools to facilitate Incident Management and Data Subject Rights processes, ensuring efficient and timely responses to potential data incidents. Foster and maintain productive working relationships with client personnel, promoting effective collaboration and understanding of their specific needs. Demonstrate a strong commitment to adhering to workplace policies and procedures, maintaining the highest standards of professionalism and confidentiality. Contribute to cybersecurity engagements, developing cybersecurity strategies, governance, risk, and compliance activities, and cybersecurity policies in line with ISO 27001 and ISO 27701. Perform Gap Assessments, Risk Assessments, ISMS Documentation, Internal Audits, and support during Certification Audits to strengthen overall security frameworks. Requirements To be considered for this role, the candidate must meet the following requirements: Possess a sound knowledge of fundamentals of information security systems. Have 4+ years of relevant experience in the field. Demonstrate proficiency in standards such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, ISO 27701, etc. Exhibit a good understanding of GDPR, CCPA, or other privacy laws. Display competence in governance and reporting, as well as a strong grasp of cyber and privacy risks. Hold relevant qualifications such as CIPM, CIPT, CIPP/E. Showcase excellent communication skills, both written and verbal. Benefits Competitive salary and performance-based bonuses. Professional development opportunities, including training and certifications. Flexible working hours. Collaborative and inclusive work environment. Opportunity to work with a passionate team dedicated to making a difference in data privacy and security. Join and hustle with the India's fastest privacy and information security consulting company. check(event) ; career-website-detail-template-2 => apply(record.id,meta)" mousedown="lyte-button => check(event)" final-style="background-color:#6875E2;border-color:#6875E2;color:white;" final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered=""> Show more Show less

Role To establish, lead, and manage the Cybersecurity Working Group, ensuring group-wide adoption of robust security policies, standards, and practices while aligning with organizational goals and regulatory requirements Responsibilities 1. Activate the Cybersecurity Working Group: • Develop the working group charter, goals, and strategic roadmap. • Identify and onboard key members from various business lines and technology teams. • Define initial priorities, including security frameworks, policies, and standards 2. Collaboration and Governance: • Collaborate with business lines and other working groups (e.g., Development, DevOps) to integrate security into operations. • Align with the Technology Steering Committee (SteerCo) to report progress and escalate critical issues 3. Develop and Implement Security Policies: • Establish group-wide security policies, guidelines, and best practices for cybersecurity • Promote adherence to compliance standards like ISO 27001, NIST, and GDPR 4. Awareness and Training: • Design and execute security awareness programs for employees across the organization • Ensure team members are up to date with the latest cybersecurity trends and threats 5. Threat Management and Incident Response: • Lead efforts in monitoring, threat detection, and vulnerability management. • Define and implement incident response protocols, ensuring preparedness for cyber threats Skills • Understanding of security frameworks like ISO 27001, NIST, or CIS • Hands-on experience in security tools (SIEM, IDS/IPS, DLP, etc.). • Knowledge of compliance standards (e.g., GDPR, CCPA, HIPAA). • Creating and enforcing security policies and governance frameworks. • Vulnerability assessments, threat hunting, and incident response. • Familiarity with penetration testing tools and practices. • Proven ability to lead cross-functional teams and communicate effectively with stakeholders, including non-technical audiences. Experience 6-10 years in cybersecurity, governance, or IT security roles 3–5 years of experience managing teams or security initiatives Familiar with working with distributed teams or global operations Qualifications Educational Background: • BSC or MSC in Cybersecurity, Information Technology, or a related field Certifications (Preferred): • Certified Information Systems Security Professional (CISSP) • Certified Information Security Manager (CISM) • Certified Ethical Hacker (CEH) • ISO 27001 Lead Implementer or Auditor • GIAC certifications (e.g., GSEC, GPEN) Location: Hyderabad, India Work Week: Sunday to Thursday. International Travel as needed. Interested candidates can submit their updated resumes to: Email: ta@mindsuite.in Mail Subject: CyberSecurity TWG Lead  Please include your Current CTC and Notice Period. Show more Show less

Mizuho Global Services India Pvt. Ltd. Mizuho Global Services Pvt Ltd (MGS) is a subsidiary company of Mizuho Bank, Ltd, which is one of the largest banks or so called 'Mega Banks' of Japan. MGS was established in the year 2020 as part of Mizuho's long-term strategy of creating a captive global processing centre for remotely handling banking and IT related operations of Mizuho Bank's domestic and overseas offices and Mizuho's group companies across the globe. At Mizuho we are committed to a culture that is driven by ethical values and supports diversity in all its forms for its talent pool. Direction of MGS's development is paved by its three key pillars, which are Mutual Respect, Discipline and Transparency, which are set as the baseline of every process and operation carried out at MGS. What's in it for you? Immense exposure and learning. Excellent career growth. Company of highly passionate leaders and mentors. Ability to build things from scratch. Comprehensive training and mentorship. Practical experience in a dynamic environment. Competitive stipend/salary. About the Role: We are seeking a highly skilled and experienced Senior IAM Engineer to join our dynamic team. You will play a critical role in ensuring the security and integrity of our organization's information assets by designing, implementing, and managing our Identity and Access Management (IAM) infrastructure. Roles and Responsibilities: • Design, implement, and maintain IAM solutions, including identity provisioning, access control, single sign-on (SSO), and multi-factor authentication (MFA). • Provide technical expertise and support for IAM related projects and initiatives. • Troubleshoot and resolve IAM related issues in a timely manner. • Develop and maintain IAM policies, standards, and procedures. • Conduct regular IAM audits and assessments. • Stay up-to-date on the latest IAM technologies and trends. Relevant Skills and Experience: • 7-10 years of experience in IAM engineering or a related field. • Strong understanding of IAM concepts, principles, and best practices. • Experience with industry leading IAM solutions, such as SailPoint, Okta, Ping Identity, or ForgeRock. • Experience with scripting languages (e.g., Python, PowerShell). • Experience with cloud platforms (e.g., AWS, Azure, GCP). • Experience with directory services (e.g., Active Directory, LDAP). • Experience with security frameworks (e.g., NIST, ISO 27001). Qualifications: • Bachelor's degree in computer science, information technology, or a related field. • IAM certifications (e.g., CIAM, CISSP). • Strong problem-solving and analytical skills. • Excellent communication and interpersonal skills. • Ability to work independently and as part of a team. Additional Skills (Preferred): • Experience with identity federation technologies (e.g., SAML, OAuth). • Experience with privileged access management (PAM) solutions. • Experience with data loss prevention (DLP) solutions. Show more Show less

The Senior Information Security Officer is responsible for supporting the implementation and operation of the organisation's Information Security Management System (ISMS) within their region. This role will drive security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management. As a Managed Service Provider (MSP) and data processor for clients, the ISO will ensure that security controls align with client contractual obligations, regulatory requirements, and industry best practices. The ISO will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges. Main Activities The position is within the Information Security team. Main activities will include but are not limited to: Internal Audit & Assurance: Oversee the implementation and operations of the ISMS within the region. Ensure and support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS. Continuously assess and improve security controls and processes. Information Security Risk Management Identify, assess, and mitigate security risks. Maintain the risk register and track remediation activities. Provide risk-based guidance to business units, IT teams, and client-facing operations. Information Security Policy & Standards Ensure compliance with corporate security policies, frameworks, and client-specific security mandates. Develop and enforce security standards and client requirements. Input into periodic reviews and updates to security policies to align with evolving requirements. Information Security Audit & Compliance Lead and support internal and external security audits, ensuring timely remediation of findings. Provide security assurance to clients by responding to security questionnaires and participating in client audits. Coordinate with service delivery teams to meet client-specific obligations. Monitor and report on security posture, client security commitments, and compliance status. Information Security Training & Awareness Develop, support deliver security awareness programs Support phishing exercises and other training initiatives to enhance security culture. Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training. Supply Chain Risk Management Assess and manage security risks associated with third-party vendors and suppliers. Ensure that security requirements are included in vendor contracts and SLAs. Perform regular security assessments of critical suppliers, considering the impact on client services. Security Operations & Incident Management Support Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation. Work with the Security Operations team to protect both internal and client environments. Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations. In addition to the above position-specific responsibilities, all employees are required to undertake any other reasonable duties and responsibilities within your capability and skills, when requested to do so. Qualifications and Experience Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience). 5+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment. Strong understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks. Experience in security risk management, audits, compliance, and client security assurance. Knowledge of security operations, incident response, and managed security services. Familiarity with supply chain security and third-party risk management. Excellent communication and stakeholder management skills, with experience working with clients on security matters. Security certifications such as CISSP, CISM, or CRISC are preferred. Show more Show less

Job details Employment Type: Full-Time Location: Pune, Maharashtra, India Job Category: Engineering Job Number: WD30237366 Job Description Job Title: Sr. Product Cybersecurity Engineer Location: Pune, India What you will do: In this pivotal role within the Global Product Security team, you will be responsible for driving continuous improvement initiatives aligned with our cybersecurity maturity framework, ensuring proactive management of security and data privacy risks throughout the product lifecycle. You will leverage your expertise in secure software development practices to embed security and privacy by design within our product offerings. How you will do it: Provide cybersecurity guidance and expertise to product development teams and business leaders during all phases of the software development lifecycle. Architect security and privacy by design into software applications for mobile, embedded systems, and cloud environments. Drive secure SDLC activities including security requirements, architectures, threat models, and testing. Periodically assess and refine security policies, standards, and compliance metrics. Quantify product risk and identify appropriate security controls. Review product architectures for security vulnerabilities and collaborate on remediation strategies. Coordinate with third-party penetration testing teams to ensure comprehensive security assessments. Maintain awareness of current security threats and vulnerabilities impacting our products. Support incident response operations and vulnerability remediation activities. Drive security awareness and training initiatives across the organization. What we look for: Bachelor's or higher degree in Engineering, Cybersecurity, or a related technical field. 8-12 years of experience in product or application cybersecurity. Strong knowledge of secure SDLC practices, security architectures, and compliance activities. Proven experience in delivering results using agile methodologies. Solid understanding of security threats, attack vectors, and appropriate security controls. Excellent problem-solving and analytical skills. Strong communication and interpersonal skills to convey complex security concepts to diverse audiences. Familiarity with security frameworks such as NIST, ISO 27001, and GDPR. Relevant cybersecurity certifications (e.g., CISSP, CEH) are a plus. What we offer: Competitive salary and performance-based bonuses. Comprehensive benefits package including health, dental, and retirement plans. Opportunities for professional development and continuous learning. Collaborative and inclusive work environment.

Job details Employment Type: Full-Time Location: Bangalore, Karnataka, India Job Category: Information Systems Job Number: WD30230658 Job Description Business Title: Sr. Lead - Zero Trust and IAM Region: APAC Country: India Grade: 174 What we look for 10+ years’ experience implementing enterprise Identity and Access Management (IAM), Privileged Access Management (PAM) solutions (e.g. Saviynt, Okta, SailPoint, Ping Identity, Omada, Microsoft Identity Manager, Beyond Trust, CyberArk or equivalent IAM solution) in client environments. Familiarity with Zero Trust Network Architecture is desirable Familiarity with service now Ticketing and CMDB is desirable Design, build, operate and automate security solutions and processes to protect the integrity of the organization's networks, systems, applications and data. Experience developing technical strategies, architectures, and roadmaps. Outstanding communication and presentation skills. Able to articulate complex, technical concepts to non-technical audiences. Respond to security incidents, including data breaches, and coordinate with other IT teams to mitigate the impact of any security breaches. Preferred Experience hardening security for Active Directory, Windows, *nix OS. Experience with IDaaS providers such as Microsoft, Okta, Ping Identity, Google Cloud Identity Experience with cloud architectures particularly Azure, AWS, GCP native IAM controls. Experience with Identity Governance processes and solutions such as Saviynt, SailPoint, Ping Identity or equivalent. Experience with Microsoft 365, Active Directory, SAML, OIDC Knowledge of Applied Cryptography and PKI Manage and network security infrastructure Firewall configuration and rule management Cloud proxies services & Network Access control Employee and Partner remote access VPN services Cloud based Web application firewall Development knowledge e.g. Python, Java, C#, .NET, Web Services (SOAP/REST/RESTful, APIs), Shell programming/scripting Preferred Network Infrastructure Security background in both on prem physical security components (firewalls, IDS/IPS , remote access and internet proxies) as well as cloud security services (Zscaler , Azure, GCP). Strong experience of working on SIEM tools like Splunk to analyse logs and correlate events. Experience with User Behaviour Analytics & Workday, SAP, Salesforce Experience with MDM capabilities such as Intune or AirWatch Understanding of trends and regulations to ensure effectiveness and compliance with all regulations and frameworks (NIST, HIPPA-HITECH, HITRUST, PCI, GDPR) Certifications CISSP or SANS, GIAC, CIMP, CEH, CISM or CISA certifications is a plus OKTA – Professional or Consultant is a plus Google/AWS/Microsoft Professional Cloud Architect is a plus Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/careers.

Job details Employment Type: Full-Time Location: Bangalore, Karnataka, India Job Category: Information Systems Job Number: WD30237772 Job Description Job Title: Security Operations Analyst Location: Bangalore, Karnataka, India What you will do: As a Security Operations Analyst, you will play a critical role in monitoring and responding to security incidents, identifying vulnerabilities, and ensuring compliance with security policies. You will collaborate with various stakeholders to enhance the security posture of our organization and support incident response activities. How you will do it: Monitor security alerts and events from various security tools and platforms. Investigate security incidents, perform root cause analysis, and document findings. Assist in the management of security incidents, including containment, eradication, and recovery efforts. Conduct regular security assessments and vulnerability scans to identify potential risks. Collaborate with IT and other departments to remediate vulnerabilities and implement security best practices. Support incident response activities and maintain incident response documentation. Participate in security awareness training and educate staff on security policies and procedures. Stay updated with the latest security trends, threats, and technologies. What we look for: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. 3-5 years of experience in security operations, incident response, or a related field. Strong understanding of security frameworks and best practices (e.g., NIST, ISO 27001). Experience with security tools such as SIEM, IDS/IPS, and vulnerability management solutions. Knowledge of networking protocols and systems security concepts. Excellent analytical and problem-solving skills. Strong communication skills and the ability to work collaboratively in a team environment. Relevant cybersecurity certifications (e.g., CompTIA Security+, CEH, CISSP) are a plus. What we offer: Competitive salary and performance-based bonuses. Comprehensive benefits package including health, dental, and retirement plans. Opportunities for professional development and continuous learning. Collaborative and inclusive work environment.

Job details Employment Type: Full-Time Location: Bangalore, Karnataka, India Job Category: Information Systems Job Number: WD30242602 Job Description Vulnerability and Security Compliance Lead Job Summary: We are seeking an experienced Vulnerability and Security Compliance Lead to join our team. The ideal candidate will be responsible for leading efforts to identify, assess, and remediate vulnerabilities across our IT infrastructure while ensuring compliance with relevant security standards and regulations. You will work closely with cross-functional teams to develop and implement security policies, procedures, and best practices that protect our organization from threats. Key Responsibilities: Vulnerability Management: Lead the vulnerability management program, including vulnerability scanning, assessment, and remediation processes. Coordinate with IT and engineering teams to prioritize and address identified vulnerabilities based on risk impact. Security Compliance: Ensure compliance with industry standards and regulations (e.g., ISO 27001, NIST, PCI-DSS, HIPAA) by developing and maintaining security policies, procedures, and documentation. Conduct regular compliance assessments and audits to identify gaps and recommend corrective actions. Risk Assessment: Perform risk assessments to identify potential threats and vulnerabilities to the organization's information assets. Develop and implement risk mitigation strategies and controls to reduce exposure to security threats. Security Policies and Procedures: Develop, review, and update security policies, procedures, and guidelines to align with best practices and regulatory requirements. Communicate security policies and compliance requirements to employees and stakeholders to promote awareness and adherence. Incident Response: Lead incident response efforts related to security breaches or vulnerabilities, ensuring timely identification, containment, and remediation. Conduct post-incident reviews to assess the effectiveness of response actions and implement improvements. Collaboration and Training: Collaborate with IT, legal, and other departments to ensure alignment on security compliance initiatives. Provide training and awareness programs to employees on security best practices, compliance requirements, and vulnerability management. Continuous Improvement: Stay current with the latest security trends, threats, and compliance requirements, evaluating their impact on the organization. Recommend and implement improvements to security controls and processes based on emerging threats and vulnerabilities. Qualifications: Educational Background: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Experience: 5+ years of experience in information security, vulnerability management, or compliance roles. Proven experience leading vulnerability assessments and compliance audits in a corporate environment. Technical Skills: Strong knowledge of security frameworks (e.g., NIST, ISO 27001), vulnerability management tools (e.g., Qualys, Nessus), and security compliance regulations. Familiarity with security technologies such as firewalls, intrusion detection/prevention systems, and endpoint security solutions. Certifications: Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or equivalent are desirable. Preferred Skills: Experience with security incident response and threat intelligence. Knowledge of risk management methodologies and practices. Familiarity with cloud security practices and compliance frameworks.

Skills: Nessus, Burp Suite, Metasploit, OWASP ZAP, Nmap, Qualys, Wireshark, Kali Linux, Position: VAPT Engineer Reporting to: Platform Lead Infrastructure Security Employment Type: Employee - Full Time Work Location: Guwahati Key Focus area: Infrastructure Penetration Tester Key Responsibilities Identification and remediation of new vulnerabilities and risk analysis for Infrastructure is a key responsibility. Identifying and maintaining Key metrics and SLA on Infrastructure Security. Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems. Thorough experience in configurations reviews against CIS benchmarks and security standards. Ensure all Hardening and Patching activities are conducted and tracked as per defined policies. Create/Update hardening documents and build audit file for automated testing. Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities. Conduct security penetration testing to identify vulnerabilities and potential security risks along with designing and implement security solutions to protect enterprise systems, applications, data, assets, and people. Collaborate with cross-functional teams to ensure security measures are integrated into all aspects of the organization's operations. Perform Internal/ External Penetration Testing on Jio Infrastructure and producing reports with recommendations for detailed penetration testing findings. Sound understanding of Azure/GCP/AWS environment activities and Perform Vulnerability Assessment & Penetration Testing for networks (internal & external), applications, APIs & cloud assets along with Red & Purple Team assessments. Safeguarding information, infrastructures, applications, and business processes against cyber threats. Proactively create, share, and read reports as part of the penetration testing activities. Responsible for utilizing threat intelligence to identify new threats in our environment, coordinating with stakeholders to remediate identified vulnerabilities, and ensuring closure through thorough cross-validation. Qualification And Work Experience Qualification: BE / BTech (Similar Education Background) Work experience: 7-15 Years 7+ years of experience in Infrastructure Penetration Testing and Vulnerability Management including practical experience with Linux and Windows operating systems. Thorough understanding of Application and Infrastructure Architectures, and related vulnerabilities. Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion. Working knowledge of ORACLE DB, MS SQL DB, MYSQL DB & Network Devices is required. Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE). Extensive experience in vulnerability management, including the ability to forecast potential threats and develop proactive mitigation plans. Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, OpenShift infra, dockers/container infra etc. The candidate should be able to perform manual & automated penetration testing for internal, external perimeter, web applications, IT infrastructure, end-points, cloud etc. using hacking tools; e.g. Nuclei, Acunetix, BURP, Wireshark, Nmap, netcat, Firebug, Nessus, Kali OS, Parrot, Metasploit, Aircrack-ng. Preferred: Security related professional certification (e.g. CEH, CPENT, OSCP, OSCE, OSWE, GPEN, GWAPT or similar certifications) Preferred: Script writing skills (Python/Ruby/bash/PowerShell). Experience with security standards and frameworks such as ISO 27001, NIST, and PCI DSS. Preferred: Security solutions technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, Digital rights management, encryption, SEIM, and virtualization platforms. Expertise in performing grey box/Black box testing. Experience devising methods to automate testing activities and streamline testing processes. Proven ability to develop and test Proof of Concept (PoC) exploits as part of vulnerability assessment and penetration testing exercises. Competencies / Expertise Required (Functional & Behavioral) Systematic strong analytical thinking and problem-solving skills. Excellent in analytical thinking for translating data into informative visuals and reports. Adaptable to change. Quick Learner Open learn and work on new technologies and products. If you're interested, please share below mention details for the same. Location Preferred location Current Co Experience Current CTC Expected CTC Notice Period Offer in Hand Highest Education SSC % HSC % Graduation % University Name Regards, Ashwini Chakor Show more Show less

About Agoda Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with a global network of 4.7M hotels and holiday properties worldwide, plus flights, activities, and more . Based in Asia and part of Booking Holdings, our 7,100+ employees representing 95+ nationalities in 27 markets foster a work environment rich in diversity, creativity, and collaboration. We innovate through a culture of experimentation and ownership, enhancing the ability for our customers to experience the world. Our Purpose – Bridging the World Through Travel We believe travel allows people to enjoy, learn and experience more of the amazing world we live in. It brings individuals and cultures closer together, fostering empathy, understanding and happiness. We are a skillful, driven and diverse team from across the globe, united by a passion to make an impact. Harnessing our innovative technologies and strong partnerships, we aim to make travel easy and rewarding for everyone. Get to Know our Team: The IT Security team oversees Governance Risk & Compliance, Security Incident, security operations & Application Security for Agoda globally. We are vigilant in ensuring there is no breach or vulnerability threat to our company or endangering our employees in order to keep Agoda safe and protected. This role is challenge for those who want to work in an agile environment with the best technology available. The Opportunity: IT GRC Sr. Specialist will work in a team environment to assist/lead in IT Governance, Risk Management and Compliance . Specialist should be willing to be cross trained, job rotation and take on responsible in other security domain/duty. Ability to work efficiently with minimal direction and/or oversight as well as part of multiple project teams simultaneously. They will also require working closely with the security specialist of the team to maximize the opportunity. In this Role, you’ll get to: Design and implement company-wide security and compliance programs, collaborating with our IT team Answer partner risk management and security questionnaires, collaborating with our Commercial/Partnerships team Lead security related internal and external audits, self-assessments for PCI compliance, SOX compliance, SOC 2, etc. Knowledge and experience on NIST is a plus Build an internal library of resources on data protection, cyber security, system diagrams, process flows, etc Oversee periodic internal reviews of user access and process compliance Coordinate with other brands in the Booking Holdings Group on cross-Group security projects Oversee critical remediation gaps to conclusion Manage annual policy review, updates and approvals Should possess expertise and experience in representing the company to B2B clients What you’ll Need to Succeed: You have a minimum of 5-7 years of work experience in Information Security, Cyber Security, IT, IT Auditing, or Compliance and a bachelor’s degree in technology related field or business You have knowledge of compliance requirements including PCI-DSS, SOX, etc You have knowledge of privacy and data protection regulations including GDPR, CCPA, etc You have experience with audit processes including completing security questionnaires/audit forms and gathering evidence; proficiency in Tugboat a plus You have experience writing/reviewing security policies in a B2B or B2B2C setting You possess strong knowledge of information system security best practices, including access control, auditing, logging, monitoring, security policies, and incident response Holding a professional accreditation such as CISM or CISA is a plus You are able to manage multiple projects, priorities and deadlines among various stakeholders You are an effective communicator (verbal and written), and are able to convey technical and non-technical concepts to a variety of audiences You have experience building and managing security related project plans Advantage knowledge in transition from manual process to automate using Tugboad and Safebase Join us and live where other people go for vacation. Here are some of the benefits offered by Agoda. Hybrid Working model WFH setup allowance 30-day remote working from anywhere globally, every year. Employee discount for accommodation globally Global team of 85+ nationalities 40+ offices in 25+ countries Annual CSR/Volunteer time off Benevity subscription for employee donations Volunteering opportunities globally Free headspace, Odilo & Udemy subscription Access to employee assistance program (third party for personal and workplace support) Enhanced Parental leave Life, TPD & Accident Insurance Our amazing People Team will take care of the visa process and flights + a shipment and the first 30 days of accommodation in Bangkok. #sanfrancisco #sanjose #losangeles #sandiego #oakland #denver #miami #orlando #atlanta #chicago #boston #detroit #newyork #portland #philadelphia #dallas #houston #austin #seattle #sydney #melbourne #perth #toronto #vancouver #montreal #shanghai #beijing #shenzhen #prague #Brno #Ostrava #cairo #alexandria #giza #estonia #paris #berlin #munich #hamburg #stuttgart #cologne #frankfurt #hongkong #budapest #jakarta #bali #dublin #telaviv #milan #rome #venice #florence #naples #turin #palermo #bologna #tokyo #osaka #kualalumpur #malta #amsterdam #oslo #manila #warsaw #krakow #doha #alrayyan #riyadh #jeddah #mecca #medina #singapore #seoul #barcelona #madrid #stockholm #zurich #taipei #tainan #taichung #kaohsiung #bangkok #Phuket #istanbul #london #manchester #edinburgh #hcmc #hanoi #lodz #wroclaw #poznan #katowice #rio #salvador #newdelhi #bangalore #bandung #yokohama #nagoya #okinawa #fukuoka #jerusalem #IT #4 Equal Opportunity Employer At Agoda, we pride ourselves on being a company represented by people of all different backgrounds and orientations. We prioritize attracting diverse talent and cultivating an inclusive environment that encourages collaboration and innovation. Employment at Agoda is based solely on a person’s merit and qualifications. We are committed to providing equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics. We will keep your application on file so that we can consider you for future vacancies and you can always ask to have your details removed from the file. For more details please read our privacy policy . Disclaimer We do not accept any terms or conditions, nor do we recognize any agency’s representation of a candidate, from unsolicited third-party or agency submissions. If we receive unsolicited or speculative CVs, we reserve the right to contact and hire the candidate directly without any obligation to pay a recruitment fee. Show more Show less

What You'll Do Businesses are witnessing rapid digital acceleration. Making it imperative for them to maintain Cyber resiliency there by preparing for, responding to, and recovering from cyber threats. A cyber-resilient organization can ensure business acceleration. And to achieve this Cyber resiliency businesses seek expert mentorship, best tools and services from trusted partners. Support Cisco account management as Cyber Security Sales Specialist Lead Cybersecurity engagement within aligned top enterprises and conglomerates Responsible for building Cisco security business pipeline & achieve the security annual targets from assigned enterprise accounts based on either Total control Value or incremental average contract value Identify new business opportunities by positioning solutions from the broad range of Cisco Secure solution addressing Secure Service Edge, Zero Trust Access, Application and Workload Security, SoC, Micro segmentation, Email Security, Multi Cloud Défense, Cloud-Native Application Protection Platform (CNAPP), Attack Surface Management and others Leverage Cisco strength in areas of digital transformation like network, application and compute. Work and build relationships with key decision-makers, especially Cybersecurity collaborators in the account. Provide ongoing and accurate visibility / status of pipeline and forecast Prepare detailed account development plans and engagement strategies Who You Are 8-12 years of experience in techno-commercial roles within the cybersecurity domain. Knowledge of new and emerging technologies in Cybersecurity domain. At least 3 years of experience in selling SaaS and Subscription delivery models. Understanding of the cybersecurity selling cycle. Experience putting together comprehensive account planning. Track record of success in overachieving sales quotas. Proven and consistent hunting skills (both initial penetration and cross-selling) Comfortable in communicating a sophisticated, technical proposition at an executive, corporate overview level, running first meetings with customers without a sales engineer. Understanding of NIST, CERTIN guidelines, mitre att&ck framework, OT Security. Industry certifications like CISSP, CSSP, CEH or Bachelor's Degree in Cybersecurity from institute of repute Good connects with Cybersecurity decision makers in regional enterprise accounts Good understanding of Cisco Security products. Understanding of engaging and driving channel partner Who You'll Work With Global Security Sales Organization – SE team Global Security Sales Organization – Hyper Sales Specialist & Engineers Cisco Account Manager Product Engineering BU across various Business Entities Cisco Account SE Teams Regional Channel Teams Cisco in Security As the threat landscape continues to expand and become more sophisticated, at Cisco, we have been focusing on building a comprehensive portfolio that ensures end-to-end security for organizations of all sizes. We are continuing to invest in AI and demonstrate our impressive set of security offerings to protect everything that's connected to an organization, from apps and services to end users. This enables us to provide security that's better for users, easier for IT, and optimized for DevOps, making things safer for everyone. Through significant investments in cutting-edge advancements in artificial intelligence and machine learning, we are empowering security teams with simplified operations and heightened efficiency. We've recently launched Cisco XDR, which is designed by SOC experts, for SOC experts, to simplify security operations. The introduction of the security service edge (SSE) solution by Cisco improves hybrid work experiences and simplifies access across diverse locations, devices, and applications. This combines unique level of user simplicity and IT efficiency for frictionless access to all applications (not some) with modern security that delights users and frustrates attackers. Furthermore, Cisco is previewing the first generative AI capabilities within the Security Cloud, aiming to simplify security operations and increase efficiency. Moreover, new innovations across in Firewall, Multicloud, and Application Security, further deliver on Cisco's Security Cloud platform vision. Why Cisco #WeAreCisco. We are all unique, but collectively we bring our talents to work as a team, to develop innovative technology and power a more inclusive, digital future for everyone. How do we do it? Well, for starters – with people like you! Nearly every internet connection around the world touches Cisco. We’re the Internet’s optimists. Our technology makes sure the data traveling at light speed across connections does so securely, yet it’s not what we make but what we make happen which marks us out. We’re helping those who work in the health service to connect with patients and each other; schools, colleges, and universities to teach in even the most challenging of times. We’re helping businesses of all shapes and sizes to connect with their employees and customers in new ways, providing people with access to the digital skills they need and connecting the most remote parts of the world – whether through 5G, or otherwise. We tackle whatever challenges come our way. We have each other’s backs, we recognize our accomplishments, and we grow together. We celebrate and support one another – from big and small things in life to big career moments. And giving back is in our DNA (we get 10 days off each year to do just that). We know that powering an inclusive future starts with us. Because without diversity and a dedication to equality, there is no moving forward. Our 30 Inclusive Communities, that bring people together around commonalities or passions, are leading the way. Together we’re committed to learning, listening, caring for our communities, whilst supporting the most vulnerable with a collective effort to make this world a better place either with technology, or through our actions. So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us! #WeAreCisco Show more Show less

About The Job Become a Part of the NIKE, Inc. Team NIKE, Inc. does more than outfit the world's best athletes. It is a place to explore potential, obliterate boundaries and push out the edges of what can be. The company looks for people who can grow, think, dream and create. Its culture thrives by embracing diversity and rewarding imagination. The brand seeks achievers, leaders and visionaries. At NIKE, Inc. it's about each person bringing skills and passion to a challenging and constantly evolving game. NIKE is a technology company. From our flagship website and five-star mobile apps to developing products, managing big data and providing leading edge engineering and systems support, our teams at NIKE Global Technology exist to revolutionize the future at the confluence of tech and sport. We invest and develop advances in technology and employ the most creative people in the world, and then give them the support to constantly innovate, iterate and serve consumers more directly and personally. Our teams are innovative, diverse, multidisciplinary and collaborative, taking technology into the future and bringing the world with it. Who Are We Looking For We're looking for an Information Security Analyst to join Nike's Corporate Information Security Governance, Risk, and Compliance (GRC) team, which is responsible for enterprise wide GRC ensuring Nike leadership has the information needed to make strategic risk-based decisions and maintain compliance with international regulations while enabling the achievement of Nike business objectives globally. This role will meet with business and technology teams across Nike and consult with them on their security and compliance requirements. We are looking for an individual who is passionate about GRC, someone with a good working knowledge of industry best practice frameworks, such as ISO, NIST and CoBIT. What Will You Work On If this is you, you'll be working with the GRC team and performing these key tasks: Assess moderately complex platforms against Nike security and configuration standards Evaluate and process exceptions to information security policies and standards Participate in complex internal risk assessments, identifying information security risks through analysis of threats and vulnerabilities, and reporting on those risks to Nike business and technology owners Perform risk assessments of critical third-party vendors and ensure the business objectives align with the type and volume of data used in maintaining a "need to know/use" mindset Utilize your thorough understanding of ITGC's to consult with Technology units on compliance matters Champion information security policies, standards, controls, and processes so that compliance requirements are addressed as part of "business as usual" operations Lead Nike business units in control design and control operations related in support of compliance requirements Perform Compliance control validation testing to determine the operating effectiveness of IT controls for scoped systems Provide analysis and insights into data supporting the effectiveness of technical and process-based cyber security controls and establish automated data pipelines that feed data visualization tools, such as Tableau Collaborate effectively with NIKE leaders, managers, employees, and partners to provide deliberate and thoughtful engagement throughout NIKE Help drive execution of the Information Security training programs. Ensure the workforce stays fully informed on information security through formal trainings and oversee the development and delivery of security training and awareness campaigns Effective, positive verbal and written communication skills and experienced creating and developing high-quality PowerPoint presentations Who Will You Work With You will report into the Governance, Risk and Compliance - India Technology Center Director , in support of global GRC processes and procedures, and will work cross-functionally within the Corporate Information Security (CIS) teams and across Nike. You will regularly meet with Nike business and technology teams. What You Bring Knowledge of information security principles and practices, general procedures and guidelines A general understanding of technology use, trends and risks as it applies in a business context and environment Experience reviewing third party SOC reports Experience/working knowledge with PCI DSS (Former QSA is a benefit). Knowledge of information security principles, frameworks, and best practices (e.g., PCI DSS, COBIT, COSO, NIST and ISO 27000) Excellent collaboration skills - must be eager to work as part of a cohesive team and work as a partner to others within Nike, Inc. both at WHQ and globally Experience with ServiceNow, Confluence or JIRA NIKE, Inc. is a growth company that looks for team members to grow with it. Nike offers a generous total rewards package, casual work environment, a diverse and inclusive culture, and an electric atmosphere for professional development. No matter the location, or the role, every Nike employee shares one galvanizing mission: To bring inspiration and innovation to every athlete* in the world. NIKE, Inc. is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability. Benefits Whether it's transportation or financial health, we continually invest in our employees to help them achieve greatness - inside and outside of work. All who work here should be able to realize their full potential. Show more Show less