4024 Nist Jobs - Page 48

The Audit Manager position will be required to lead audit staff and manage the execution of IT and information system security audits along with leading operational assurance and advisory projects. Successful IT Audit Manager candidates must be able to lead the completion of technical IT audits that support financial or business operations including Sarbanes-Oxley 404 requirements. The IT Audit Manager must be able to effectively interact with IT and business leadership to drive risk mitigation and to stay abreast IT operational changes and emerging technologies. This position will be required to work with IT on key IT initiatives and priorities including Enterprise Risk Management. MUST : Business Development experienced professional with IT internal audit or controls experience to align on sales agenda while integrating practical knowledge on governance Proficient in SAP, S4 HANA, SAP GRC. Responsibilities Managing a team of auditors performing both IT audit and other advisory and assurance projects Building a team of talented IT auditors through coaching and development activities Developing annual IT audit plan of high risk / importance projects based on independent research and knowledge, interactions with Company leadership and peer benchmarking Performing pre- and post-implementation audits of new system implementations, expanding ERP footprint, application re-writes, etc. Auditing key system functionality and systematic controls Working together with management to assist in identifying opportunities to enhance efficiencies and effectiveness of processes and strengthen controls Liaising with IT management to provide ongoing advisory support for system implementations and key IT initiatives (IT security, BCDR, etc.) Evaluating the design and execution of the IT general and application controls for Sarbanes-Oxley compliance Establishing and maintaining effective relationships with management, external auditors, and other partners to further develop Company knowledge and auditing skills Requirements Bachelor's Degree, preferably in Management Information Systems, Accounting Information Systems, Computer Science or other IT related discipline. Master’s Degree preferred CISA, CISSP, CPA or CIA a plus Minimum of seven years of experience in IT audit, IT development, internal audit, public accounting, finance, and/or information systems Minimum of four years of experience in leading audit staff and managing execution of the audit plan Strong human relations, analytical, and oral and written communications skills Understanding of key IT processes such as Disaster Recovery, IT Security, Software Licensing, Third Party Hosted Services, etc. Knowledge of internal audit principles (IIA Standards, and COSO) and IT control frameworks (COBIT, NIST, SANS, and ISO) Familiarity with the following technical areas/platforms beneficial: Operating Systems: IBM Mainframe/RACF, Linux, AIX Databases: Oracle, SQL Server, Informix ERP: SAP, SAP HANA, S4 HANA, JDE Experience in conducting risk assessments and facilitating enterprise risk management a plus Experience developing and leading a data analytics program a plus

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY-Digital Risk – OT – Manager As part of our Risk Consulting, you will be joining the Digital Risk Consulting Team. As part of the Consulting, you will handle leading and managing OT security engagements for various clients across the MENA region. Working with Digital Risk team, you will also perform IT/IS/OT Risk assessment, IT/IS Governance, ERP reviews and conduct maturity assessment on the client’s current IT/IS/OT posture. The client base spans across various sectors and includes collaboration with other teams within Consulting services. The opportunity We are looking for a manager with expertise in IT/ OT Assessments/Framework Implementation to join the Digital Risk team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of our service offering. Your Key Responsibilities Responsible for working with multiple client engagements and teams at a Senior level within the MENA region. Lead and deliver OT Risk assessments, Architecture review, and maturity evaluation across DCS and ICS environments. You can expect to work with high level client personnel to address Information security, IT/OT Security and Business continuity risks. You are also expected to perform internal control testing, develop control frameworks, and provide internal audit services in IT/OT/InfoSec space for the MENA stakeholders. You will assess the client’s current state of internal controls and identify risks and subsequent recommendations. Working with client personnel to analyse, evaluate and enhance systems facilitating the process control, and assisting clients and other technology professionals in performing IT/OT control audits, IT/OT security framework development engagements. Mentor and coach junior team members, fostering their technical and professional development. Help develop/respond to go to market, RFP/RFI responses. Practice building Skills And Attributes For Success Strong knowledge of industrial control systems (ICS), SCADA systems, and other OT technologies. Good understanding of how OT and IT devices interact with each other and how OT devices work. Good to have knowledge of regulatory requirements and standards related to ICS/OT security (e.g., NIST, IEC 62443) Excellent communication and stakeholder management skills, especially in cross functional industrial settings. Experience with network security solutions, including firewalls, intrusion detection systems (IDS) etc. Analytical skills to screen through data and logs to identify the patterns indicative of cyber threats or threat actor methods. Effective communication skills for interacting with technical and non-technical colleagues and stakeholders. Demonstrating and applying strong project management skills, inspiring teamwork, and responsibility with engagement team members Relevant certifications are desirable. To qualify for the role, you must have A bachelor’s degree A minimum of 10-15 years of experience working as Information security professional with IT/IS/OT internal audit background in a professional services firm. Excellent communication skills with consulting experience preferred. A valid passport for travel. Ideally, you’ll also have B. Tech/ B.E. / B.Sc. / M. Sc. in Computer Applications / Engineering, or a related discipline. ISA 62443 expert, CISA, CISSP, GICSP (anyone certification is desired) What Working At EY Offers At EY, we are dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At the International Maritime Institute (IMI), we are on a mission to prepare the next generation of seafarers who will shape the future of our global supply chain. As the Senior IT Operations Manager, you will be at the helm of our technological infrastructure and applications, ensuring smooth operations that propel our mission forward. This is your chance to help shape and drive the IT landscape across three campuses and over 700 students. Based in Delhi (Noida), you will be a vital member of the Caravel Group, which includes both IMI and Fleet Management Limited. Reporting to the Head of IT Operations in Hong Kong, you will collaborate closely in Delhi, giving you the unique opportunity to influence campus services and ensure they meet service-level agreements—all while championing high security and efficiency standards. We seek a dynamic leader with a strong technical background in IT infrastructure, system security, vendor management and cloud technologies. In this role, you will lead the IT team forging partnerships with academic and administrative stakeholders to build a secure and highly available IT ecosystem. If you are ready to tackle exciting technological challenges, drive transformative solutions and leave your mark on the future of maritime education then this is the role for you. Job Description : As an Senior IT Operations Manager, your typical day might include: Service Maestro: Mastering Incident & Change Management Handle incidents, problems, and change with precision, ensuring all issues are resolved within SLA. Escalate to internal and external teams as needed Continuously enhance your skills to assist with first-time incident resolution, transforming challenges into learning opportunities Identify recurring issues and service risks, crafting innovative solution to prevent future occurrences. Analyze incidents to uncover root causes and implement effective changes Infrastructure & Cloud Guardian: Elevating Technology Solutions Guide the organization in leveraging technology to achieve strategic outcomes, ensuring our systems are equipped for success Develop, build and implement a strategic roadmap to align to wider business goals for the growth of IMI Supervise upgrades and installations, guaranteeing that all systems are built and maintained to the highest standards Ensure adherence to policies for cloud management, including regular disaster recovery testing, safeguarding our digital assets Take ownership of risks identified in the Risk Register related to infrastructure, proactively addressing potential vulnerabilities Leader & Cross Functional Collaborator: Driving Excellence Inspire and develop team members to reach their full potential, fostering a culture of growth and excellence Encourage team members to share knowledge articles for the self-service portal, empowering others through information Work closely with the broader IMI family, including Caravel Group and Fleet Management Limited, ensuring seamless collaboration and standards across the Group. Essential – You must be able to show… 7+ years of experience independently leading IT Operations at a company with 200 staff members across 3 locations. Proven people management skills - Experience in leading, mentoring and developing a team of at least 3 people Experience with IT asset management and Firewalls such Meraki & Cisco Familiar and implementation experience of security standards such as ISO27001/NIST/CIS Strong vendor management skills, particularly for infrastructure and ERP systems Strong analysis skills in identifying root causes, defining options and recommendations Demonstrable in defining, leading and implementing continuous improvement plans Ability to influence and communicate effectively with senior (C-Level) executives in spoken and written English Desirable – Would be great if you have these… Industry certifications in Microsoft MCSE, Microsoft 365, AWS, Google Cloud, Azure, Security, or ITIL Project Management experience, focused around integrating external / SaaS solutions. Experience managing Linux Operating Systems and/or cloud environments such as AWS or Azure.

Information Protection Senior Advisor - HIH - Evernorth (Cyber S ecurity Architect) Position Summary: This role is for a highly motivated Security Architect, with a background in cloud and DevOps security. The Security Architect (PSA) works closely with architecture, development, product, and other teams across the enterprise to design and integrate security into the solution lifecycle from design through deployment. This person will be responsible for defining security requirements, performing security design assessments, and providing teams with remediation and mitigation guidance and advice. Security Architects engage on strategic initiatives, programs, and projects throughout the enterprise including cloud, AI/ML, etc., as well as provide on-going guidance on security best practices. Experience Required: 13-16 years’ experience in information technology Min 8+ years’ experience in an information security architecture Min 5+ years application development and/or administrating and managing cloud solutions Practical experience in the application of security controls in security engineering, design, or developing reference architectures: NIST 800-53r(4/5), ISO 27001 Annex A / ISO 27002, Cloud Security Alliance – Cloud Controls Matrix (CCM v4), Center for Internet Security – Critical Security Controls (v7/8) Solid understanding of services and capabilities delivered by mainstream cloud service providers. Job Description & Responsibilities : Translate business priorities into information security requirements to ensure protections regarding the confidentiality, integrity, availability, and privacy of the enterprise’s technologies and its data. Monitor current and future security trends, changes in the business and business environment, as well as the evolving regulatory landscape and incorporate emerging trends into architecture engagements and strategic planning. Produce written technical reports and documentation; develop presentations on security approaches and solutions. Work directly with program and project teams to ensure that all relevant security risks are identified, evaluated, and appropriate security solutions are implemented to help manage risks to the enterprise. Provide strategic and technical security guidance for cloud programs and projects deploying in cloud environments. Responsible for the identification and documentation of architectural gaps and inefficiencies in existing solutions; support remediation and mitigation efforts through appropriate planning and roadmap development. Solid understanding of services and capabilities delivered by mainstream cloud service providers. Solid understanding of DevOps processes and associated security requirements and capabilities. Contribute to the Security Architecture guidance library including the development of reference architecture, security standards, security baselines, and other reference material. Strong work ethic and sense of urgency Ability to influence technical discussions and decisions. Ability to interact with a broad cross-section of personnel throughout the global enterprise to explain and compel adoption of security requirements. Other job duties as assigned. Experience Desired: Certification GIAC Defensible Security Architecture (GDSA) or other security architecture certification (ex. SABSA). Familiarity with Security life cycle, design review across concept, development through deployment Experience with threat modeling (all OSI layers), security analysis Education and Training Required: BE degree in MIS/Computer Science or related degree required. Professional Certification such as (any one): Certified Information Systems Security Professional (CISSP) SANS GIAC Certification(s) AWS/Azure Cloud Engineering Certifications Primary Skills: Written Communication Produce written technical documentation and reports that will be consumed by partners in the U.S. and throughout the global enterprise. Verbal Communication Ability to communicate with and influence a broad cross-section of personnel throughout the global enterprise to explain and compel adoption of security requirements. Time Management Relationship Management Self-Starter About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Information Protection Associate Advisor - HIH - Evernorth Position Summary: The Security Architect role will report to the Senior Director of CIP Global Security Architecture and will be responsible for the development and maintenance of the Enterprise Security Architecture documents that comprise the security guidance library to support the enterprise security frameworks which consist of; Security Architecture Requirements, Design Patterns and Reference Architecture documents. This role engages with strategic initiatives and enterprise solutions in the development of security guidance and requirements that aims to better protect the confidentiality, integrity, availability, and privacy of the technology and data of the enterprise. Experience Required: 8+ years’ experience in information technology 5+ years’ experience in an information security architecture or similar role 3+ years administrating and configuring IT systems Practical experience in the application of security controls in security engineering, design, or developing reference architectures: NIST 800-53r(4/5), ISO 27001 Annex A / ISO 27002, Cloud Security Alliance – Cloud Controls Matrix (CCM v4), Center for Internet Security – Critical Security Controls (v7/8) UML diagramming using tools such as MS Visio Job Description & Responsibilities : Monitor current and future security trends, changes in the business and business environment, as well as the evolving regulatory landscape and incorporate emerging trends into security architecture guidance and input into strategic planning. Produce written technical documentation and reports; develop presentations on security approaches and solutions. Maintain a centralized Information Security Architecture data repository that includes reference architectures, security design patterns, security requirements, and other security reference material. Provide technical and security expertise to IT and business teams with a focus on developing the reference architectures, design patterns and associated security standards that ensure the protection of the corporate assets, brand, and data. Solid understanding of security protocols, cryptography, authentication, authorization, and other information security controls and associated best practices. Proven ability to influence other key IT and engineering constituents on the opportunity and appropriate use of security patterns and frameworks. Excellent written and verbal communication skills as well as business acumen. Strong work ethic and sense of urgency. Other job duties as assigned. Experience Desired: Security architecture certification (SABSA) or Architecture certification (TOGAF). Experience with threat modeling (all OSI layers), security analysis Familiarity with Security life cycle, design review across concept, development through deployment Solid understanding of services and capabilities delivered by mainstream cloud service providers. Education and Training Required: BA/BS degree in MIS/Computer Science or related degree required. Professional Certification/Training such as: Certified Information Systems Security Professional (CISSP) SANS GIAC Certification(s) Primary Skills: Written Communication Produce written technical documentation and reports that will be consumed by partners in the U.S. and throughout the global enterprise. Verbal Communication Ability to communicate with and influence a broad cross-section of personnel throughout the global enterprise to explain and compel adoption of security requirements. Presenting security concepts to technical and non-technical audiences in-person and online video conferencing Time Management Relationship Management Self-Starter About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

What are we looking for? Consultants, Senior Consultants Where are we hiring? India Job Requirements: Responsible AI SME/Project Manager We are looking for people who have demonstrated proven success in roles and through abilities in managing AI Governance projects, perform RAI assessments, understanding of global AI regulations and exposure to implementing AI guardrails . The candidate will be working as part of a Responsible AI and risk management team and deliver individual competencies as per the delivery plan. Infosys is a global leader in next-generation digital services and consulting with annual revenues of $16.31B (FY ‘22). We enable clients in 46 countries to navigate their digital transformation. Infosys Consulting partners with clients from strategy through execution to transform their businesses in areas such as business/ IT strategy, processes, organization, systems and risk. Infosys Consulting has 2,500+ people across the US, Europe, APAC and India from strategy / setting direction through execution, including operating and optimizing delivered solutions. IC-LS is dedicated to serving Life Sciences firms globally. Activities in scope for the requirement : Develop Responsible AI roadmap for the client to transition from current state to target state Perform AI governance maturity assessment to understand the current state Responsible AI capabilities and if required recommend the target state and outline a roadmap from AS-IS to TO-BE state. Identify Responsible AI principles applicable for different clients Identify risks associated with different use case themes like consumer facing chatbots, marketing use cases, contact center operations, etc. Identify risks associated due to data used, model being used, industry where AI product will operate, version of AI product, intended and impacted end users Categorize risk level of use cases based on EUR AI Act Recommend mitigation strategies against the risks identified and ensuring that the recommendations are implemented Identify relevant controls for organizations based on ISO 42001:2023 and NIST AI RMF Collaborate with Governance, risk and compliance team to help draft AI related documents Development of AI literacy roadmap based on regulatory requirements. Able to identify preliminary mitigation steps required to be followed for high-risk use cases Conduct Responsible AI knowledge sharing sessions for clients Recommend the suitable AI governance tool to the client based customized to their needs Lead client proposals around Responsible AI strategy and implementation Contribute to Responsible AI process refinement. Skill requirements : Mandatory Requirements : Experience in working on different types of risks related to AI – pre implementation, during implementation and post implementation Experience in categorizing risks & conducting RAI assessments for different types of use cases/applications/tools Experience in assessing both in-house and 3rd party procured AI/Gen AI applications to identify relevant risks Experience in working on go-to-market strategy with RAI offering/capability Experience in working on AI governance tools like OneTrust, Archer, IBM WatsonX Experience managing vendors and stakeholders for the end-to-end implementation of an AI governance solution at the organizational level. Understanding of global regulatory requirement related to AI development and implementation (EUR AI Act, NIST AI framework, ISO 42001:2023) Experience in working on training modules for Responsible AI implementation Display a strong awareness of the current landscape in terms of data and AI and associated risks. Display original thinking and ability to collaborate to ideate and implement innovative solutions to complex problems, aligned to the organization’s data and AI risk appetite Excellent communication skills, both verbal and written. Able to identify and establish relationships with senior stakeholders and be able to simplify complex problems to be quickly understood. Preferred Requirements: Master’s degree or local equivalent. Proven experience of Responsible AI or AI governance from a large organization. Experience in FMCG, FMCH, Pharmaceutical Industries. Knowledge of AI, Gen AI and RAI. Where are we hiring? Multiple Locations (India) Key words: Responsible AI , AI Governance, RAI assessments, RAI, AIGP, AI risks, RAI frameworks, AI risk management, Responsible AI compliance, Adherence to Responsible AI standards, Responsible AI maturity assessment

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY-Digital Risk – OT – Manager As part of our Risk Consulting, you will be joining the Digital Risk Consulting Team. As part of the Consulting, you will handle leading and managing OT security engagements for various clients across the MENA region. Working with Digital Risk team, you will also perform IT/IS/OT Risk assessment, IT/IS Governance, ERP reviews and conduct maturity assessment on the client’s current IT/IS/OT posture. The client base spans across various sectors and includes collaboration with other teams within Consulting services. The opportunity We are looking for a manager with expertise in IT/ OT Assessments/Framework Implementation to join the Digital Risk team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of our service offering. Your Key Responsibilities Responsible for working with multiple client engagements and teams at a Senior level within the MENA region. Lead and deliver OT Risk assessments, Architecture review, and maturity evaluation across DCS and ICS environments. You can expect to work with high level client personnel to address Information security, IT/OT Security and Business continuity risks. You are also expected to perform internal control testing, develop control frameworks, and provide internal audit services in IT/OT/InfoSec space for the MENA stakeholders. You will assess the client’s current state of internal controls and identify risks and subsequent recommendations. Working with client personnel to analyse, evaluate and enhance systems facilitating the process control, and assisting clients and other technology professionals in performing IT/OT control audits, IT/OT security framework development engagements. Mentor and coach junior team members, fostering their technical and professional development. Help develop/respond to go to market, RFP/RFI responses. Practice building Skills And Attributes For Success Strong knowledge of industrial control systems (ICS), SCADA systems, and other OT technologies. Good understanding of how OT and IT devices interact with each other and how OT devices work. Good to have knowledge of regulatory requirements and standards related to ICS/OT security (e.g., NIST, IEC 62443) Excellent communication and stakeholder management skills, especially in cross functional industrial settings. Experience with network security solutions, including firewalls, intrusion detection systems (IDS) etc. Analytical skills to screen through data and logs to identify the patterns indicative of cyber threats or threat actor methods. Effective communication skills for interacting with technical and non-technical colleagues and stakeholders. Demonstrating and applying strong project management skills, inspiring teamwork, and responsibility with engagement team members Relevant certifications are desirable. To qualify for the role, you must have A bachelor’s degree A minimum of 10-15 years of experience working as Information security professional with IT/IS/OT internal audit background in a professional services firm. Excellent communication skills with consulting experience preferred. A valid passport for travel. Ideally, you’ll also have B. Tech/ B.E. / B.Sc. / M. Sc. in Computer Applications / Engineering, or a related discipline. ISA 62443 expert, CISA, CISSP, GICSP (anyone certification is desired) What Working At EY Offers At EY, we are dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

Our client in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Our professionals provide the experience to help companies stay on track and deal with risks that could unhinge their business survival. Our services enable clients to effectively co-ordinate their key growth, quality and operational challenges and working in partnership with us, clients have the benefits of the client's experienced, objective, and industry-grounded viewpoints. Requirements Role & RESPONSIBILTY: Cyber Security Strategy and Governance Roles and Responsibilities: You will be responsible to perform multiple risk and gap assessments on various applications, services and Infrastructure components. You will be required to have impeccable interpersonal skill and will require to connect with various stakeholders across the globe. >> Skills: Knowledge of various Information Security Compliance and frameworks such as ISO 27001, NIST, etc Ability to understand and have experience in ISO 27001 : 2013 implementation for large organizations Ability to write information security policies and procedures as per best practices Possess understanding of key cyber security tools and solutions Ability to assess maturity of cyber security using various standards and guidelines Ability to "talk the security language" with client's management Possess excellent communication skills and should be willing to walk the extra mile on client delivery and excellence Must be an excellent team member and willing to participate in organization's initiatives on cyber security >> For Senior Managers: Should demonstrate capabilities of driving sales and engagement management for clients Should be a Technically capable of showcasing SME abilities on cyber security domains Candidates from other consulting firms will be preferred >> Certifications: Candidates must possess ISO 27001 : 2013 LI/LA and should be able to demonstrate their knowledge on the certified standard CISA, CISSP, CISM would be preferred Cloud certifications like CCSP, CompTIA would be an added advantage >> Educational Qualifications: Bachelor of Science / Bachelor in Engineering or Technology Masters program in Technology / IT or Information Security >> Compensation Compensation is competitive with industry standards Details of the compensation breakup will be shared with short-listed candidates only Benefits People BENEFITS Continuous learning program Driving a culture of recognition through ‘ENCORE' our quarterly rewards and recognition program Comprehensive medical insurance coverage for staff and family Expansive general and accidental coverage for staff Executive Health check-up (Manager & above, and for staff above the age of 30) Les Concierge desks Internal & Global mobility Various other people friendly initiatives Strong commitment to our Values such as CSR initiatives

Role: Security Engineer – Security Audit & Compliance Management Location: Turbhe Working Days: 6 days a week (Alternative Saturdays off) Salary Range - 22LPA Job Description: To ensure the organization's security controls, processes, and systems comply with internal policies, industry standards, and regulatory requirements by managing audits and driving continuous compliance improvements. Responsibilities: Lead and support internal and external audits (e.g., ISO 27001, SOC 2, PCI-DSS). Ensure security controls meet compliance obligations. Collaborate with teams to collect evidence, close audit findings, and improve security posture. Conduct compliance assessments and risk-based control reviews. Maintain documentation, compliance dashboards, and audit logs. Align security practices with frameworks like NIST, CIS, and COBIT. Monitor regulatory changes and update policies accordingly. Work with stakeholders to address gaps and enhance audit readiness. Promote a culture of compliance across the organization. Establish compliance framework including supporting policies, procedures, checklists, control narrations for new regulatory circulars and notification. Liase across organization for validating and improving security controls If you feel interested call or Whatsapp -8591744131

Our client in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Our professionals provide the experience to help companies stay on track and deal with risks that could unhinge their business survival. Our services enable clients to effectively co-ordinate their key growth, quality and operational challenges and working in partnership with us, clients have the benefits of the client's experienced, objective, and industry-grounded viewpoints. Requirements Role & RESPONSIBILTY: Cyber Security Strategy and Governance Roles and Responsibilities: You will be responsible to perform multiple risk and gap assessments on various applications, services and Infrastructure components. You will be required to have impeccable interpersonal skill and will require to connect with various stakeholders across the globe. >> Skills: Knowledge of various Information Security Compliance and frameworks such as ISO 27001, NIST, etc Ability to understand and have experience in ISO 27001 : 2013 implementation for large organizations Ability to write information security policies and procedures as per best practices Possess understanding of key cyber security tools and solutions Ability to assess maturity of cyber security using various standards and guidelines Ability to "talk the security language" with client's management Possess excellent communication skills and should be willing to walk the extra mile on client delivery and excellence Must be an excellent team member and willing to participate in organization's initiatives on cyber security >> For Senior Managers: Should demonstrate capabilities of driving sales and engagement management for clients Should be a Technically capable of showcasing SME abilities on cyber security domains Candidates from other consulting firms will be preferred >> Certifications: Candidates must possess ISO 27001 : 2013 LI/LA and should be able to demonstrate their knowledge on the certified standard CISA, CISSP, CISM would be preferred Cloud certifications like CCSP, CompTIA would be an added advantage >> Educational Qualifications: Bachelor of Science / Bachelor in Engineering or Technology Masters program in Technology / IT or Information Security >> Compensation Compensation is competitive with industry standards Details of the compensation breakup will be shared with short-listed candidates only Benefits People BENEFITS Continuous learning program Driving a culture of recognition through ‘ENCORE' our quarterly rewards and recognition program Comprehensive medical insurance coverage for staff and family Expansive general and accidental coverage for staff Executive Health check-up (Manager & above, and for staff above the age of 30) Les Concierge desks Internal & Global mobility Various other people friendly initiatives Strong commitment to our Values such as CSR initiatives

Our client in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Our professionals provide the experience to help companies stay on track and deal with risks that could unhinge their business survival. Our services enable clients to effectively co-ordinate their key growth, quality and operational challenges and working in partnership with us, clients have the benefits of the client's experienced, objective, and industry-grounded viewpoints. Requirements Role & RESPONSIBILTY: Cyber Security Strategy and Governance Roles and Responsibilities: You will be responsible to perform multiple risk and gap assessments on various applications, services and Infrastructure components. You will be required to have impeccable interpersonal skill and will require to connect with various stakeholders across the globe. >> Skills: Knowledge of various Information Security Compliance and frameworks such as ISO 27001, NIST, etc Ability to understand and have experience in ISO 27001 : 2013 implementation for large organizations Ability to write information security policies and procedures as per best practices Possess understanding of key cyber security tools and solutions Ability to assess maturity of cyber security using various standards and guidelines Ability to "talk the security language" with client's management Possess excellent communication skills and should be willing to walk the extra mile on client delivery and excellence Must be an excellent team member and willing to participate in organization's initiatives on cyber security >> For Senior Managers: Should demonstrate capabilities of driving sales and engagement management for clients Should be a Technically capable of showcasing SME abilities on cyber security domains Candidates from other consulting firms will be preferred >> Certifications: Candidates must possess ISO 27001 : 2013 LI/LA and should be able to demonstrate their knowledge on the certified standard CISA, CISSP, CISM would be preferred Cloud certifications like CCSP, CompTIA would be an added advantage >> Educational Qualifications: Bachelor of Science / Bachelor in Engineering or Technology Masters program in Technology / IT or Information Security >> Compensation Compensation is competitive with industry standards Details of the compensation breakup will be shared with short-listed candidates only Benefits People BENEFITS Continuous learning program Driving a culture of recognition through ‘ENCORE' our quarterly rewards and recognition program Comprehensive medical insurance coverage for staff and family Expansive general and accidental coverage for staff Executive Health check-up (Manager & above, and for staff above the age of 30) Les Concierge desks Internal & Global mobility Various other people friendly initiatives Strong commitment to our Values such as CSR initiatives

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. About The Job As a global leader in assurance, tax, transaction and advisory services, we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom. At EY, we don't just focus on who you are now, but who you can become. We believe that it’s your career and ‘It’s yours to build’ which means potential here is limitless and we'll provide you with motivating and fulfilling experiences throughout your career to help you on the path to becoming your best professional self. About EY-Parthenon EY-Parthenon is a leading global strategy consulting organization, providing deep sector expertise and strategic insights to help clients navigate complex business challenges. We offer a dynamic work environment that fosters innovation and growth, with a strong emphasis on client impact and personal development. Within SaT – EY Parthenon, the Transaction Strategy and Execution team services clients with a full range of hands-on, operationally focused support and advice across the transaction life cycle, across buyers and sellers. We cover a wide range of operational aspects, including divestiture advisory services, carve-out readiness and support, operational due diligence, synergy assessment and delivery, day-one readiness assessment, 100- day planning, integration process support, carve-out/stand-alone costs assessment and risks, and cost reduction. Our professionals work on transactions and business development across the globe. GDS SaT – Transaction Strategy and Execution – Deal Tech - IT Infrastructure - Manager, India The Opportunity EY-Parthenon’s GDS Transaction Strategy and Execution (TSE) Technology team helps clients with IT-related aspects of M&A transactions: IT diligence: EY-Parthenon professionals evaluate a target's IT infrastructure & Cyber security to help clients assess its attractiveness. Deal tech: The TSE Technology team assesses the technology ecosystem and its role in M&A transactions. Infrastructure: Managing IT due diligence, sign-to-close, and post-integration activities from an IT Infrastructure perspective EY-Parthenon’s GDS TSE Technology professionals help clients navigate transaction risk and increase value from the beginning of a deal to its execution. This role requires prior expertise in managing complex IT integrations, separations, and transitions during mergers, acquisitions with extensive knowledge of IT systems, Datacentre, Cloud, Networking, Microsoft 365 and IT Security. Key Responsibilities Manage large to mid-sized engagements or workstreams of large engagements that help our clients solve some of their most pressing issues during transaction lifecycle. Support key decision makers in developing and executing their transaction strategy to secure deal value. Lead projects that span one or more IT Infrastructure (Hosting, Network, Digital Workplace, Messaging & Collaboration, Active Directory, Service Excellence) and cyber security (identifying vulnerabilities, risks, and gaps) functions in both deal and non-deal environments. Manage engagements, problem-solve, facilitate, ensure engagement success, and quality in delivery, Establish regular connectivity and reporting to the regional TSE partners. Build relationships with EY offices across the globe. Responsible for high degree of GDS user satisfaction with engagement processes and work products Assist in business development activities, including preparing internal materials, GTM content and presentations for client and internal pursuit meetings, engage on larger SaT projects and pitch for potential technology interventions. Ability to analyse the evolving market environment and build solutions / services to cater to the same. Develop Point of View documents and support business development initiatives Provide insights and observations based on technology, industry and functional knowledge and best practices. Leverage expertise in transactions, synergy assessments, and deal implementation on transactions related projects Conduct IT due diligence to assess the IT infrastructure of target companies, including hardware, software, networks, datacentres, and cybersecurity. Develop IT integration plans and roadmaps that align with the overall deal strategy and business objectives. Collaborate with cross-functional teams to ensure seamless IT integration during the sign-to-close phase. Manage the execution of IT integration projects, ensuring they are completed on time, within budget, and to the required quality standards. Identify risks and issues related to IT infrastructure during the deal process and develop mitigation strategies. Provide expertise in IT infrastructure optimization and consolidation post-deal closure. Lead IT infrastructure transitions during M&A, including cloud and datacentre migration, network integration, and identity management, ensuring minimal disruption and security compliance. Oversee Microsoft 365 migration, service desk consolidation, and IT monitoring to enable seamless post-transaction operations. Establish and maintain communication with key stakeholders to provide updates on project status and resolve any concerns. Ensure compliance with regulatory requirements and company policies throughout the deal process. Document lessons learned and best practices to improve future IT deal processes Skills And Attributes For Success Business and Commercially Driven - work in a fast-paced, exciting environment with strong business acumen to drive value to our clients Capability Development - contribute to our practice development initiatives, supporting the continued focus on our team as a great place to work Learning - learn and develop technical and personal skills to support achievement of career goals, through a blend of structured learning, coaching and experiences Building Relationships - cultivate strong working relationships with clients and support to key decision makers To qualify for the role, you must have A post Graduate degree in business management from a premier institute with 5-8 years of applicable consulting experience At least 4 years of experience in Transaction Strategy, Technology Strategy or Technology Transformation in a top tier consulting firm Lead large IT project execution experience with in-depth knowledge of IT project life cycles. Broad knowledge and deep understanding of one or more technical areas such as Infrastructure and Network, Cyber Security Framework (e.g., NIST, ISO 27001, GDPR, HIPAA), Solution Architecture / Pre-Sales, IT Contracts Management, Enterprise Architecture, Cloud / On-premise Technology etc. Experience in Technology aspects of Transaction lifecycle during Mergers, Acquisitions, Divestitures, and Carveouts. Due Diligence: Working experience in Due Diligence, particularly IT Due Diligence, Cyber Diligence, and Technology Diligence. Post-Deal transaction lifecycle: Working experience in post-deal lifecycle for Sell and Separate and Buy and Integrate transactions: Separation / Integration planning, Standalone models and Costing, Infrastructure Separation, Cutover Management, TSA Costing and Exit, Day-1 planning, and Logical Separation Technology Strategy: Experience in Technology Cost optimization, Technology Business Management, IT Budget forecasting, IT Chargeback, Cloud Economics, Cloud Financial Management, IT Value realization, IT Org sizing Experienced in Business Development activities such as RFPs, opportunity pursuits, winning large to mid-sized deals Strong leadership and team management abilities, with experience in building and motivating high-performing teams Exceptional communication and interpersonal skills, with the ability to engage and influence stakeholders at all levels Good to have relevant certifications (e.g., AWS/Azure/GCP Solution Architect, PMP, ITIL, MCSE, CCNA) What You Can Look For A Team of people with commercial acumen, technology experience and enthusiasm to learn new things in this fast-moving environment An opportunity to be a part of market-leading, multi-disciplinary team of 3,500+ professionals Opportunities to work with EY SaT practices globally with leading businesses across a range of industries What We Offer EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across six locations – Argentina, China, India, the Philippines, Poland and the UK – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career. Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next. Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way. Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Broad Role Description As a Customer Success Manager – Azure & Security , you will be the key point of contact for customers adopting Microsoft Azure and Cybersecurity solutions. Your mission is to drive customer success by ensuring secure and effective adoption of TTBS offered services, managing customer relationships, and supporting long-term strategic cloud and security goals. It's an Individual Contributor role. Key Role Deliverables 1. Act as a trusted advisor for customers implementing Azure infrastructure, services, and security frameworks. 2. Lead onboarding, training, and enablement for customers transitioning to Azure and Microsoft Security solutions (e.g., Defender, Sentinel, Entra). 3. Monitor customer health, usage, and satisfaction to proactively address risks and promote solution value. 4. Drive adoption of Azure-native security tools and best practices to strengthen cloud environments. 5. Collaborate with technical delivery, cloud architecture, and support teams to ensure customer success and alignment. 6. Conduct regular Executive Business Reviews (EBRs) and strategic planning sessions with key stakeholders. 7. Maintain a deep understanding of Microsoft’s Azure & Security roadmap to guide clients on optimization and innovation. 8. Identify expansion and upsell opportunities in areas like Azure cost optimization, compliance, Zero Trust architecture, etc. Right Person (Qualification & Experience) 1. B. Tech (Computer Science, Electronics etc.) 2. 5- 8+ years in Customer Success, Technical Account Management, or Cloud Consulting with a focus on Azure and/or cybersecurity. 3. Strong knowledge of Microsoft Azure, including core services (IaaS, PaaS), networking, identity, and security features. 4. Familiarity with Security solutions: Defender for Cloud, SIEM, SOAR, VAPT, SOC, Purview, etc. 5. Experience with compliance frameworks (e.g., NIST, ISO 27001, GDPR) and security best practices in the cloud. 6. Ability to manage technical conversations with C-level stakeholders and IT teams. 7. Strong project management, communication, and interpersonal skills. 8. Certifications preferred: Microsoft Certified: Azure Solutions Architect Expert Microsoft Certified: Security, Compliance, and Identity Fundamentals Microsoft Certified: Azure Security Engineer Associate

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Integrated Security Risk Management Good to have skills : Security Architecture Design Minimum 7.5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. Roles & Responsibilities: - Expected to be an SME. - Collaborate and manage the team to perform. - Responsible for team decisions. - Engage with multiple teams and contribute on key decisions. - Provide solutions to problems for their immediate team and across multiple teams. - Conduct regular assessments of security frameworks to ensure alignment with evolving business needs. - Facilitate training sessions for team members to enhance their understanding of security protocols. Professional & Technical Skills: - Must To Have Skills: Proficiency in Integrated Security Risk Management. - Good To Have Skills: Experience with Security Architecture Design. - Strong knowledge of cloud security principles and practices. - Experience in risk assessment methodologies and frameworks. - Familiarity with compliance standards such as ISO 27001 and NIST. Additional Information: - The candidate should have minimum 7.5 years of experience in Integrated Security Risk Management. - This position is based at our Chennai office. - A 15 years full time education is required.

Skills:- vulnerability management, information security, or a related discipline, Qualys, Tenable, or Rapid7, Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls), Experience with ITSM tools and ticketing systems for remediation tracking. Experience:- 3-5 Years Location:- Hyderabad Shift Timing:- 11.00 am - 8.00 pm Analyst, Vulnerability Management Omnicom Global Solutions, Hyderabad IN About Omnicom Global Solutions Omnicom Global Solutions is an integral part of Omnicom Group, a leading global marketing and corporate communications company. Omnicom’s branded networks and numerous specialty firms provide advertising, strategic media planning and buying, digital and interactive marketing, direct and promotional marketing, public relations, and other specialty communications services to over 5,000 clients in more than 70 countries. OGS India plays a critical role for our group companies and global agencies by providing stellar products, solutions, and services across Creative Services, Technology, Marketing Science (Data & Analytics), Advanced Analytics, Market Research, Business Support Services, Media Services, and Project Management. With over 4000 talented colleagues in India, we are growing rapidly and are looking for professionals like you to help build the next chapter of our journey. Role Overview We have an exciting opportunity for an Analyst, Vulnerability Management at our Hyderabad office. This role is central to maintaining and enhancing Omnicom’s cybersecurity framework by overseeing vulnerability assessments, remediation guidance, and program governance. As a Vulnerability Management Specialist, you will drive day-to-day scanning operations, review security exposures, and ensure that the organization’s attack surface is minimized through proactive analysis and mitigation. You’ll also collaborate on vendor assessments and support strategic improvements to our enterprise vulnerability management program. Key Responsibilities Maintain and operate vulnerability scanning tools and associated processes. Conduct regular scans and assessments of enterprise environments to detect security vulnerabilities. Review findings, prioritize risks, and recommend remediations or security patches in coordination with IT and security teams. Develop and present exception and management reports; track remediation status and escalate unresolved risks. Assist in creating and maintaining quality metrics and dashboards for vulnerability program performance. Monitor vendor and third-party security postures; support governance and compliance protocols. Collaborate with cross-functional teams to support risk mitigation strategies and secure configuration management. Contribute to the evolution of Omnicom’s next-generation vulnerability management and threat detection frameworks. Required Qualifications 3–5 years of experience in vulnerability management, information security, or a related discipline. Proficiency with vulnerability scanning tools such as Qualys, Tenable, or Rapid7. Familiarity with patch management workflows and remediation lifecycle practices. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Ability to analyze technical findings, assess business impact, and provide actionable remediation guidance. Effective communication skills with experience in stakeholder engagement and reporting. Detail-oriented with strong problem-solving skills and the ability to work independently or in a team setting. Preferred Qualifications Security certifications such as CompTIA Security+, CEH, or equivalent. Exposure to vendor risk management and third-party security assessment. Experience with ITSM tools and ticketing systems for remediation tracking.

We are seeking a highly skilled and experienced Security Consultant to join our team. The ideal candidate should have experience in ISO consulting and implementation, with a strong understanding of information security standards and best practices. . Experience: 5+ years. Location: Kozhikode, Kerala. Working Mode : Hybrid Key Responsibilities: ISO27001 Consulting: Conduct gap analysis and readiness assessments for ISO27001 . Develop and implement Information Security Management Systems (ISMS) based on ISO27001 standards. Perform internal audits and support clients during external audits. Provide ongoing support and guidance to ensure continuous compliance with ISO27001. GDPR / Data Privacy: Assist in conducting data privacy impact assessments ( DPIAs ). Develop data protection policies and procedures. Support the implementation of data privacy frameworks. Risk Management: Identify, assess, and mitigate risks related to information security and data privacy. Develop risk management strategies and frameworks. Conduct risk assessments and provide recommendations for risk treatment. Client Engagement: Work closely with clients from India & Middle East to understand their specific needs and requirements. Prepare detailed reports and presentations for clients. Qualifications: Bachelor’s degree in Computer Science, Information Security, or related field. At least 5-6 years of experience in information security. Experience in ISO consulting and implementation. Familiarity with security frameworks such as NIST, CIS , and ISO 27001. Strong analytical and problem-solving skills. Excellent communication and interpersonal skills. Ability to work independently and as part of a team. Relevant certifications such as CISA or ISO Lead Implementer/Auditor are preferred. Job Types: Full-time, Permanent Pay: ₹1,000,000.00 - ₹2,000,000.00 per year Benefits: Flexible schedule Health insurance Paid sick time Provident Fund Work from home Application Question(s): Do you have the certificate of ISO27001 ? Experience: Cybersecurity: 5 years (Required) data privacy impact assessments : 5 years (Required) ISMS based on ISO27001 standards: 5 years (Required) NIST, CIS: 5 years (Required) data protection policies and procedures. : 5 years (Required) Location: Kozhikode, Kerala (Required) Work Location: In person

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Delivery Governance Good to have skills : NA Minimum 12 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring compliance with security policies and regulations. You will also engage in proactive monitoring of security systems and respond to incidents, all while maintaining a focus on safeguarding information and business processes against cyber threats. Roles & Responsibilities: - Expected to be an SME. - Collaborate and manage the team to perform. - Responsible for team decisions. - Engage with multiple teams and contribute on key decisions. - Expected to provide solutions to problems that apply across multiple teams. - Facilitate training sessions to enhance team knowledge on security best practices. - Conduct regular security audits and assessments to ensure compliance with industry standards. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Delivery Governance. - Strong understanding of risk management frameworks and methodologies. - Experience with security incident response and management. - Familiarity with security compliance standards such as ISO 27001 and NIST. - Knowledge of network security protocols and technologies. Additional Information: - The candidate should have minimum 12 years of experience in Security Delivery Governance. - This position is based at our Gurugram office. - A 15 years full time education is required.

Job Title: Senior Manager – Microsoft Defender Security Location: Mumbai / Bangalore / Gurgaon Experience: 8+ Years Mode of Work: Hybrid Position Type: Full-Time Department: Cybersecurity & Risk Services About the Role: We are seeking a dynamic Senior Manager – Microsoft Defender Security with proven expertise in architecting, implementing, and managing Microsoft security technologies across enterprise environments. The ideal candidate will have a strong understanding of the Microsoft 365 E5 security suite, cloud security (Azure), and incident response mechanisms, with a vision to define robust security strategies and ensure regulatory compliance across diverse industry verticals. Key Responsibilities: Lead end-to-end security solution design and implementation using Microsoft Defender XDR , Microsoft Sentinel , and Azure-native security tools . Drive Zero Trust architecture initiatives and deploy Microsoft 365 Security tools including Defender for Endpoint, Identity, Office 365, Cloud Apps, and Microsoft Information Protection. Manage security projects including threat protection, endpoint management, and external attack surface reduction using Microsoft EASM and DigitalShadows. Act as a technical advisor and escalation point for security incidents and vulnerabilities , ensuring timely resolution and continuous improvement. Build and manage cross-functional teams for security assessment, remediation, and solution delivery in alignment with PCI-DSS, NIST, CIS, ISO 27001, and CMMI standards. Engage with stakeholders including CISOs, CTOs, and business heads to translate business goals into actionable security strategies. Conduct assessments and audits, prepare reports, and drive remediation activities for endpoint security, compliance, and governance. Provide guidance on migration and modernization projects including Azure Landing Zone security, Defender for Cloud integration, and AIP deployments. Mentor and guide junior security consultants and architects within the cybersecurity practice. Liaise with Microsoft and other OEMs for certifications, partner recognitions, and incentive programs. Required Skills & Experience: 8+ years of experience in cybersecurity with strong hands-on in Microsoft Defender Suite , Microsoft Sentinel , Azure Security , and Zero Trust implementations . Deep understanding of Microsoft 365 security tools and frameworks such as: Microsoft Defender for Endpoint, Identity, Office365, and Cloud Apps Microsoft Information Protection (AIP, Purview) Microsoft Sentinel (SIEM) Microsoft Defender for Cloud (CSPM, CWPP) Experience in incident handling and response , malware analysis, data loss prevention, and advanced threat protection. Strong scripting knowledge with PowerShell for automation and orchestration of security operations. Familiarity with external threat monitoring and digital risk protection using tools like DigitalShadows . Experience with email security platforms (e.g., Proofpoint, Ironscales) and Microsoft Exchange Online Protection . Certifications (Preferred): CISSP – Certified Information Systems Security Professional ECIH – EC-Council Certified Incident Handler Microsoft Certifications (any of the below): SC-100 : Cybersecurity Architect Expert SC-200 : Security Operations Analyst Associate SC-300 : Identity and Access Administrator Associate SC-400 : Information Protection Administrator Associate SC-900 , MS-500 , or any relevant Defender/Sentinel-related certifications Good to Have: Experience working with global clients in BFSI, energy, manufacturing, or retail sectors. Exposure to Microsoft Partner ecosystem , incentive programs, and technical pre-sales. Why Join Us? Work on cutting-edge Microsoft security technologies in transformative projects across India and the Middle East. Lead security modernization journeys of Fortune 500 clients. Opportunity to define security architecture standards for enterprise customers. Dynamic work environment with continuous learning and certification support.

Job Summary: We are seeking skilled SOC Analysts (L2 and L3) to strengthen our Security Operations Center team. The candidates will be responsible for monitoring, analyzing, and responding to security incidents using advanced security tools and processes. The L2 role will focus on deeper analysis and initial remediation, while the L3 role will handle complex threats, lead incident response efforts, and support threat hunting and tuning. Key Responsibilities: SOC Analyst – L2 Monitor security events and alerts from SIEM tools (e.g., Microsoft Sentinel, Splunk, QRadar). Investigate and triage alerts to identify false positives and real incidents. Perform initial incident response actions (isolate systems, reset credentials). Escalate high-severity or complex incidents to L3 analysts. Document findings, actions, and recommendations in ticketing systems. Work with threat intelligence feeds to understand attack trends and indicators. Support vulnerability management efforts and patch validations. Assist in playbook execution and incident lifecycle management. SOC Analyst – L3 Lead end-to-end incident response, including containment, eradication, and recovery. Perform in-depth forensic investigations, malware analysis, and root cause analysis. Develop and tune SIEM detection rules and use cases. Mentor L1/L2 analysts and review their investigations. Threat hunting using behavioral analytics and threat intelligence sources. Collaborate with threat intelligence teams for proactive defenses. Work closely with other teams (IT, Cloud, Endpoint) for coordinated responses. Create and maintain runbooks, incident reports, and compliance documentation. Required Skills and Qualifications: Solid understanding of cybersecurity principles, MITRE ATT&CK, and NIST framework. Familiarity with tools: SIEM (Sentinel/Splunk/QRadar), EDR (Defender, CrowdStrike), SOAR platforms. Hands-on experience in log analysis, network traffic analysis, and endpoint investigations. Understanding of firewalls, proxies, IDS/IPS, and cloud security. L3 Specific: 5+ years in a SOC environment or cybersecurity field. Advanced knowledge of threat analysis, malware reverse engineering, and threat hunting. Experience in tuning and optimizing SIEM/SOAR rules. Industry certifications preferred (e.g., GCIA, GCIH, CEH, CISSP, Microsoft SC-200, SC-300). L2 Specific: 2–4 years of SOC or cybersecurity operations experience. Good understanding of the incident handling process. Basic scripting or automation knowledge (PowerShell, Python) is a plus.

WPP is the creative transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities. Working at WPP means being part of a global network of more than 100,000 talented people dedicated to doing extraordinary work for our clients. We operate in over 100 countries, with corporate headquarters in New York, London and Singapore. WPP is a world leader in marketing services, with deep AI, data and technology capabilities, global presence and unrivalled creative talent. Our clients include many of the biggest companies and advertisers in the world, including approximately 300 of the Fortune Global 500. Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. Why we're hiring: WPP ET provides IT services for WPP, group owned operating companies and agencies. The WPP group is the world’s largest communications services group, and as a creative transformation company, WPP is helping its clients transform the future through extraordinary work. WPP IT is an integral part of that journey, and we are proud to provide technology for some of the world’s most creative brands. As part of the organisational design initiative at WPP the Group CIO has created a new Target Operating Model (T.O.M), which consist of 4 distinct business clusters in the group. These are: Integrated Creative, Media, Production, PR & Specialist and the Corporate Business Cluster. You will bring deep expertise in managing SOX ITGC audits, risk, and compliance standards, frameworks, and methodologies for publicly listed organisations to strengthen the risk and compliance posture. As part of the Corporate Cluster, you will implement WPP CCRCO mandated processes and practices across WPP HQ functions. Actively managing and driving SOX audit remediation, you will oversee technology risk resolution, communication, and collaborate with the Corporate Director of Cyber Risk & Compliance to prioritise remediation efforts, minimizing impact on the Corporate Cluster and the wider WPP group. Who you'll be working with: WPP Enterprise Technology are proud technology solutions partner for WPP Corporate Functions. Our collaboration is instrumental in coordinating and assuring end-to-end change delivery, managing the IT technology lifecycle, and maintaining a robust innovation pipeline. The CRC discipline within WPP ET plays a crucial role in this partnership. We are responsible for providing advisory and support to the corporate business cluster on critical areas such as Technology Audits, Technology Risks, Control Assurance, and Technology Compliance. Our objective is to ensure that all central functions at WPP HQ operate in a safe, secure, and compliant manner. The CRC function in the Corporate Business Cluster drives compliant IT operations for WPP HQ teams, managing Legal, regulatory, and contractual obligations. As a Risk & Compliance Manager, you will play a critical role in developing and implementing a world-class technology risk and compliance program to support WPP HQ Finance Functions. You will collaborate with the WPP Chief Cyber, Risk and Compliance Officer (CCRCO), WPP CISO, Director of Cyber, Risk and Compliance, and WPP HQ Finance department heads to set the CRC function's vision and strategy, and manage escalations for technology operational risks, compliance, audit, BCP, and DR assessments. As an SME, you will lead and develop a highly effective risk and compliance function, strengthening defences and promoting a proactive, collaborative approach. You will operate in a highly complex environment with multiple risk categories, including IT operations, information security, legal, regulatory, financial and commercial with broad impacts spanning both the Corporate Cluster and the WPP Group. What you'll be doing: Work closely with and assist CRC department head in developing a risk and compliance strategy for the corporate cluster that is aligned to WPP ET and CRC strategies. Establish technology risk & compliance community across the range of WPP HQ functions to drive the implementation and standardisation of agreed security governance, risk & compliance approach. Drive the Cluster’s CRC strategy and approach, by closely working with Corporate CRC Director CRC Discipline Lead and other ET stakeholders. Drive BC/DR planning to the appropriate level across the Cluster and ensure BC/DR plans are updated and reviewed annually. Conduct and support Technology Risk Assessments – e.g., quarterly risk landscaping - owning and driving Cluster-specific risk mitigation actions. Respond to tracking and reporting from Internal, External or Client Audit findings within the Corporate Cluster. Conduct CRC Cluster self-certification and self-monitoring of IT controls, and maintain an active liaising channel with the IT Ops function at WPP group level. Support CRC Cluster-wide input into the WPP IT Asset Register and CMDB owned by IT Ops teams. Be CRC point of contact for relevant business stakeholder escalations relating to Technology risk and compliance. Lead and oversee resolution of the most complex, critical, and impactful risk & compliance issues. Work across the CRC Cluster teams like Operational Security, Technology Operations, and Strategy and Architecture to design controls, deliver management information (KRIs) and risk mitigation plans. Drive engagement, comms and adoption for all risk, compliance and security tasks to ensure the rationale for task is understood, the mandate is embedded, and colleagues and partners are trained and can perform effectively and efficiently. Design and deliver a range of educational activities and material to embed a strong SOX Compliant culture, mindset and behaviours across the Cluster. Build strong relationships with the external stakeholders (customer, suppliers, other major bodies) as well as build a network of peers to bring innovation and insights on industry best practice, standards, frameworks, and processes to deliver a future-fit capability. Ensure that the Corporate Function remains compliant with national legislative, regulatory, contractual and WPP technology governance obligations. Support Cluster teams and functions during client pitch for winning new work by providing a compelling narrative to our prospective clients around the strength of our risk, compliance and security proposition. What you'll need: A minimum of 5 to 7 years of strong and deep background in managing SOX ITGC audits in complex global organisations. Key certifications (e.g. CISA, CRISC, CISSP, CISM, Azure & Dynamic 365) desirable but not essential Degree or equivalent (i.e. BSc, BEng, MSc) desirable but not essential Comprehensive knowledge of information security risk standards, frameworks and best practices (i.e., COBIT, SOX ITGC, ISO27K1, NIST, CIS, SOC, Cyber Essentials, GDPR) Ability to provide leadership on complex and unfamiliar situations, often involving risk and emotion Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders Able to lead highly complex programmes across multiple units and geographies with high-pressure deliverable Risk and Compliance subject-matter-expert with in-depth knowledge of technology governance in the cloud and on-prem IT technologies Good understanding of managing internal and external audits (i.e., SOC:1-2, SOX) and assurance activities, including testing the design and operational effectiveness of security controls Ability to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organisational / geographical complexity A genuine desire to lead, develop, coach and mentor junior team members Who you are: You're open : We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. You're optimistic : We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day. What we'll give you: Passionate, inspired people – We aim to create a culture in which people can do extraordinary work. Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge? We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process. WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers. Please read our Privacy Notice (https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.

Job Description Expect more. Connect more. Be more at Diebold Nixdorf. Our teams automate, digitize, and transform the way more than 75 million people around the globe bank and shop in this hyper-connected, consumer-centric world. Join us in connecting people to commerce in this vital, rewarding role. Supports the full cycle of vulnerability management: from discovery / asset identification through risk assessment, remediation, verification and reporting. Works with Information Security, engineering, other technical and product / operational stakeholders to ensure understanding of and commitment to relevant vulnerability standards and practices. Proactively monitors system, network and other changes to ensure their inclusion in vulnerability assessment / remediation activity. Responsibilities Identifies application and infrastructure owners of vulnerable assets for assignment of remediation. Assists in remediation efforts within IT and security environments by: Conducting vulnerability scans, Prioritizing remediation activities through risk ratings of vulnerabilities and assets, Catalyzing technology and business teams' remediation efforts, Validating the impact of remediation efforts. Transforms vulnerability scan data for analysis and posts for future reference. May contribute to web-based vulnerability remediation on public-facing applications and interfaces, cloud-based remediation, and other facilitating duties as assigned. Learns and follows established escalation and communication standards. Learns and applies industry standards (that is, protocol developed by the National Institute of Standards and Technology). Qualifications Required Qualifications Diploma or equivalent work experience. Minimum of 0-2 years of relevant experience or equivalent combination of education and experience in Vulnerability Management. Good business English skills (Written and spoken), good negotiation and persuasion skills. Preferred Qualifications Knowledge of Threat Intelligence collection, dissemination, analysis and delivery. Knowledge of Windows/Linux OS or general application patching, configuration, or upgrade. Knowledge of multiple security and privacy concepts such as: OSINT, HUMINT, SOCMINT, NIST, PCI, GDPR. GCIA, GHIH, CEH, or CISSP Certification. Knowledge of ISO Quality management, ITSM, and/or Risk Management. Knowledge of Security Regulations (SOX, PCI, GLBA) is an advantage. About Us Why should you join Diebold Nixdorf? Brightest minds + technology and innovation + business transformation The people of Diebold Nixdorf are 23,000+ teammates of diverse talents and expertise in more than 130 countries, harnessing future technologies to deliver personalized, secure consumer experiences that connect people to commerce. Our culture is fueled by our values of collaboration, decisiveness, urgency, willingness to change, and accountability. –Diebold Nixdorf is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity, age, marital status, veteran status, or disability status. To all recruitment agencies: Diebold Nixdorf does not accept agency resumes. Please do not forward resumes to our jobs alias, Diebold Nixdorf employees or any other organization location. Diebold Nixdorf is not responsible for any fees related to unsolicited resumes** We are a global Company operating in multiple Locations and Entities. As we are keen to find the best solution for our candidates several legal entities might be applicable for a Job offer. A List of our operating entities can be found here - https://www.dieboldnixdorf.com/en-us/about-us/global-locations

Yotta Data Services is a new-age Digital Transformation service provider, offering data center, cloud and a wide range of managed IT, application modernization, connectivity, and cybersecurity services . Job Title: Cybersecurity Lead Location: Delhi Department: Cybersecurity Experience Required: 8–12 years Responsibilities : Lead and manage cybersecurity operations including SOC, SIEM, endpoint security, and incident response. Design and implement security architecture for cloud (IaaS, PaaS, SaaS), on-prem, and hybrid setups. Evaluate and deploy tools across the cybersecurity stack—WAF, DDoS, EDR/XDR, PAM, IAM, ZTNA, SOAR, etc. Lead VAPT, compliance audits, and risk assessments; ensure alignment with ISO 27001, NIST, and regulatory requirements. Develop secure coding practices and embed DevSecOps across CI/CD pipelines. Create and maintain cybersecurity policies, standards, and response procedures. Collaborate with IT, DevOps, compliance, and business stakeholders to ensure security by design. Mentor a team of analysts and security engineers; build a high-performance security culture. Engage with OEMs and partners for solution evaluations, joint initiatives, and technology updates. Qualifications : Bachelor’s or master’s in computer science, IT, or any graduation. Industry certifications: CISSP, CISM, CEH, OSCP, or equivalent. Deep understanding of threat landscape, cloud security, network security, and regulatory frameworks. Strong experience in managing SIEM/SOAR, firewalls, identity solutions, and secure software development. Excellent communication and stakeholder management skills. Required Skills : Deep understanding of threat landscape, cloud security, network security, and regulatory frameworks. Strong experience in managing SIEM/SOAR, firewalls, identity solutions, and secure software development. Excellent communication and stakeholder management skills. Preferred Skills : Industry certifications: CISSP, CISM, CEH, OSCP, or equivalent.

inFeedo is a fast-growing, AI-led enterprise focused on transforming the employee experience through human-centric technology. As data and intelligent systems become core to our mission, we’re seeking a seasoned Risk Manager to build and oversee our frameworks around data privacy risk, AI governance and risk management, third-party risk, and information security. This role will be an integral part of our Data Privacy, Risk, and Compliance Team. No. of positions: 1 What will you be doing? 🌐 Enterprise Risk Management Design and implement enterprise risk frameworks tailored to a high-growth SaaS environment, and in line with global standards. Partner with business units and product teams to embed risk-aware decision-making. 🔐 Data Privacy & Information Security Oversee compliance and security standards (e.g., ISO 27001, SOC 2, NIST CSF, GDPR, DPDP, etc.). Conduct privacy impact assessments and data classification audits. Guide data lifecycle policies and secure data handling practices. 🤖 AI/MLRisk Establish controls and review mechanisms for fairness, explainability, model drift, and systemic AI risk. Support internal AI ethics boards or review councils. Ensure compliance with emerging AI regulations (e.g., EU AI Act, NIST AIRMF). 🧩 Third-Party & Vendo r RiskPerform risk assessments for third-party tools and data processors. Implement contractual clauses and SLAs that uphold compliance and security. ⚙️ Operational Risk & Incident Response Lead tabletop exercises, red teaming simulations, and post-incident reviews with relevant stakeholders. Collaborate with the Security Engineer and Legal for incident handling and reporting. Who will you work with? Varun, Seema, and of course the rest of the jovial inFee do team. Ideal Profile : 6–7 years of experience in data governance, AI/ML risk, cybersecurity, or risk management roles. Strong grounding in global frameworks: NIST CSF, NIST AI RMF, ISO 27001/27701, SOC2, GDPR, DPDP. Prior experience working with security architects, ML engineers, and compliance teams. Certifications such as CIPT, CISA, CRISC, ISO 27001 LA, or AI Governance programs are a plus. Comfortable working with cross-functional stakeholders, with the ability to influence without authority. Strong inclination to learn and adapt to new technologies. Bonus if you've led risk functions in SaaS or high-scale digital-first organizations. Our expectations before you click Apply Now” Read about inFeedo& Amber We are an equal-opportunity employer and value diversity at inFeedo. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or education. [Attitude>Skills >Education]

Summary Position Summary Red Team —Consultant 2 - Solution Delivery Advisor Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Works on projects with clearly defined guidelines as team member with responsibility for project delivery Works on the projects with clearly defined guidelines such as standard operating procedures Adhers to Service Level Agreements Works under general supervision with few direct instructions Performs development and customization work on larger security and data protection technology implementation projects Understands basic business and information technology management processes. Demonstrates knowledge of firm apposes methodologies, frameworks and tools (required) Participate in practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong communication skills (written & verbal) Understanding of basic business and information technology management processes Knowledge and understanding of Dev-Sec-Ops Vulnerability Management, Threat Management, Penetration testing, Mobile Testing, Red Teaming, Phishing. Experience with tools related to the domains mentioned above Experienced in one or more of the above areas (as the career progresses) Deep knowledge of commonly used protocols such as TCP/IP, DNS Understanfing of ITIL and ITSM Understaing of SANS TOP 25 Additional Skills Familiarity with industry standards and frameworks such as OWASP, CIS, NIST ISO/IEC 17799, etc. Assist clients with discovering vulnerabilities and rogue assets (such as shadow IT) in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and procedures used by cyber criminals. Configure and execute vulnerability scans enumerating vulnerabilities within the internal and external network. Analyze, enrich and prioritize specific activities designed to remediate discovered vulnerabilities such as patch deployment or configuration hardening. Assist in producing a comprehensive operating picture and cyber security situational awareness. Work with various vulnerability threat feeds (such as vendor bulletins), assessment tools, asset inventory tools as well as reporting tools and frameworks to match assets to identified vulnerabilities and produce reports. Respond to requests for ad-hoc reporting and research topics from management and analysts as required. Identify gaps in available asset information and engage with leadership on strategies to meet service-level requirements through affirmative handoff with remediation partners. Quickly understand and deliver on company and customer requirements Aid in and participate in daily, weekly, quarterly, and yearly production reporting for clients, partners, and internal teams Adhere to internal operational security and other Understanding of common network infrastructure devices such as routers and switches Understanding of basic networking protocols such as TCP/IP, DNS, HTTP Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Basic knowledge in system security architecture and security solutions Mandatory Certification - CEH, Security+ Preffered Certification: OSCP, OSWP, CRTO, CREST Certified Certified Web Application Tester, OSCE, CREST Certified Simulated Attack Specialist, CREST Certified Certified Simulated Attack Specialist), AWS Security Speciaist, CKE, Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc. Preferred: B. E / B.Tech (Tier 2 or 3)/ M.S in any engineering discipline; 3-5 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300420

Our technology services client is seeking multiple DevSecOps Security Engineer to join their team on a contract basis. These positions offer a strong potential for conversion to full-time employment upon completion of the initial contract period. Below are further details about the role: Role: DevSecOps Security Engineer Experience: 5- 7 Years Location: Mumbai, Pune, Hyderabad, Bangalore, Chennai, Kolkata Notice Period: Immediate- 15 Days Mandatory Skills: Devops Support, GitHub Actions, CI/CD Pipelines, Argocd , Snyk, multicloud (AWS/AZure/GCP) GIT, MS Tools, Docker, Kubernetes, Jfrog, SCA & SAST Job Description: A security expert who can write code as needed and knows the difference between Object vs Class vs Function programming. Strong passion and thorough understanding of what it takes to build and operate secure, reliable systems at scale. Strong passion and technical expertise to automate security functions via code. Strong technical expertise with Application, Cloud, Data, and Network Security best practices. Strong technical expertise with multi-cloud environments, including container/serverless and other microservice architectures. Strong technical expertise with older technology stacks, including mainframes and monolithic architectures. Strong technical expertise with SDLC, CI/CD tools, and Deployment Automation. Strong technical expertise with operating security for Windows Server and Linux Server systems. Strong technical expertise with configuration management, version control, and DevOps operational support. Strong experience with implementing security measures for both applications and data, with an understanding of the unique security requirements of data warehouse technologies such as Snowflake. Role Responsibilities Development & Enforcement Develop and enforce engineering security policies and standards. Develop and enforce data security policies and standards. Drive security awareness across the organization. Collaboration & Expertise Collaborate with Engineering and Business teams to develop secure engineering practices. Serve as the Subject Matter Expert for Application Security. Work with cross-functional teams to ensure security is considered throughout the software development lifecycle Analysis & Configuration Analyze, develop, and configure security solutions across multi-cloud, on-premises, and colocation environments, ensuring application security, integrity, confidentiality, and availability of data. Lead security testing, vulnerability analysis, and documentation. Operational Support Participate in operational on-call duties to support infrastructure across multiple regions and environments (cloud, on-premises, colocation). Develop incident response and recovery strategies. Qualifications Basic Qualifications 5+ years of experience in developing and deploying security technologies. A minimum of a Bachelor’s degree in Computer Science, Software Development, Software Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience is required. Experience with modern Software Development Lifecycles and CI/CD practices Experience for the remediation of vulnerabilities sourced from Static Analysis (SAST), Open Source Scanning (SCA), Mobile Scanning (MAST) and API Scanning Proficiency in Public Clo\ud (AWS/Azure/GCP) & Network Security. Experience with Docker, Kubernetes, Security-as-Code, and Infrastructure-as-Code. Experience with one or more general-purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, Shell Script, PowerShell. Strong experience with implementing and managing data protection measures and compliance with data protection regulations (e.g., GDPR, CCPA). Preferred Qualifications Strong technical expertise with Architecting Public Cloud solutions and processes. Strong technical expertise with Networking and Software-Defined Networking (SDN) principles. Strong technical expertise with developing and interpreting Network, Sequence, and Dataflow diagrams. Familiarity with OWASP Application Security Verification Standard Experience with direct, remote, and virtual teams. Understanding of at least one compliance framework (HIPAA, HITRUST, PCI, NIST, CSA). Strong technical expertise with Static Analysis, Open Source Scanning, Mobile Scanning, and API Scanning security solutions for data warehouses and big data platforms, particularly with technologies like GitHub Advanced Security, CodeQL, Checkmarx, and Snyk. Strong technical expertise in defining and implementing cyber resilience standards, policies, and programs for distributed cloud and network infrastructure, ensuring robust redundancy and system reliability. Education A minimum of a Bachelor’s degree in Computer Science, Software Development, Software Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience is required. If you are interested, share the updated resume to hema.g@s3staff.com