1810 Nist Jobs - Page 49

Company Description We are Allied Boston – a leading consulting and training organization worldwide, based in Noida. Our experienced consultants, trainers, and assessors help companies enhance their capabilities, optimize processes, and manage compliance to achieve business goals. We offer expertise in business operations, risk management, and compliance to maximize efficiency and support growth. Educational Qualifications: B.Tech or above Professional Qualifications : ISO 27001 LA/CISA or equivalent Experience Required: 1-5 Years Location: Willing to travel to client locations whenever required. Responsibilities: Evaluate information security governance-risk-compliance practices at client organization using frameworks like ISO 27001, PCI-DSS, NIST, COBIT, ISO 31000, GDPR/DPDPA, SOC2, ISO 27701, ISO 22301, etc. Assess risk management strategies and compliance with various national and international frameworks and relevant regulatory guidelines such as RBI, IRDAI, SEBI, UIDAI, DOT, CEA, NSE etc. Stay updated with various regulatory changes w.r.t. GRC aspects. Good understanding of application and IT infrastructure VAPT reports. Perform testing of controls to identify and assess IT risks. Ensure controls are aligned with industry best practice standards and frameworks. Produce reports detailing assessment findings and present them to management. Plan and initiate compliance activities, including documentation of policies & procedures, to ensure adherence to implementation of various information & cyber security frameworks and regulatory requirements. Implement necessary changes to ensure compliance with evolving regulatory requirements. Facilitate clients during external audits by their regulators, including responding to queries raised during audits by the agencies. Required Competencies: Proven experience in information security governance, risk management, and compliance audits. In-depth knowledge of Indian regulatory guidelines, including RBI, IRDAI, SEBI, UIDAI, DOT, CEA, NSE, etc. Ability to stay updated with regulatory changes and adapt compliance measures accordingly. Ability to perform thorough audits /assessments, identifying areas for improvement and facilitating in implementation of effective solutions. Detail-oriented with strong analytical and problem-solving abilities. Excellent communication skills, including the ability to present findings and recommendations to the client management team. Must have excellent skills in preparing reports using MS Office like Word, Excel, and PPT. Note: Immediate Joiners will be preferred. Show more Show less

About Client: Our Client is a global IT services company headquartered in Southborough, Massachusetts, USA. Founded in 1996, with a revenue of $1.8B, with 35,000+ associates worldwide, specializes in digital engineering, and IT services company helping clients modernize their technology infrastructure, adopt cloud and AI solutions, and accelerate innovation. It partners with major firms in banking, healthcare, telecom, and media. Our Client is known for combining deep industry expertise with agile development practices, enabling scalable and cost-effective digital transformation. The company operates in over 50 locations across more than 25 countries, has delivery centers in Asia, Europe, and North America and is backed by Baring Private Equity Asia. Job Title: Risk Management , Audit Management , Archer IRM , AWS Security , Compliance Management , ISO 27001 , Vulnerability Key Skills: Management Security Control Assessment, Cyber security control operations, Archer IRM (GRC tools) Job Locations: Chennai, Bangalore, Pune Experience: 7 – 9 Years Budget: 12 – 15 LPA Education Qualification : Any Graduation Work Mode: Hybrid Employment Type: Contract Notice Period: Immediate - 15 Days Interview Mode: 2 Rounds of Technical Interview + Including Client round ISO 27001 Job Description: Primary mandate skill required – Risk Management , Audit Management , Archer IRM , AWS Security , Compliance Management , ISO 27001 , Vulnerability Secondary mandate skill required. Management Security Control Assessment, Cyber security control operations, Archer IRM (GRC tools) Flexible to hire in any location – If not, please mention job location – Pune, BLR, Chennai Detailed Job Description – Technology: 1. Experienced in Security Control Assessment 2. Experience in Security standards such as ISO 27001, NIST, SOX, PCI, Privacy laws 3. Knowledge on Cyber security control operations. Job Responsibility: • Initiate App Governance Standard Assessment based on Ally’s Security standards and assessment questionnaire • Conduct walkthrough assessment session with the application managers. • Follow up and collect questionnaire responses during the assessment session. • Review and challenge responses based on Ally’s security standards and industry best practices. • Capture additional information to support assessments comments • Assess the severity of gaps and prioritize based on risk and compliance requirements • Discuss existing controls and identify potential control gaps. • Publish draft application assessment report for review to Assessment SMEs • Initiate Follow up emails on 15-30-45-60 days with the application manager for gap remediation status. Soft skills: 1. Excellent communication (oral, written, presentation), interpersonal and consultative skills. 2. Ability to prioritize work. 3. Proactive team player Interested Candidates please share your CV to pnomula@people-prime.com Show more Show less

Job Title: Cloud Security Engineer – AWS Compliance Location: Remote / Pune Employment Type: Full-time /Permanent/ contract Experience: 5+ years Job Overview: We’re looking for a Cloud Security Engineer with expertise in AWS security and compliance frameworks such as NIST 800-53 Rev5 and FedRAMP . You’ll be responsible for securing our AWS infrastructure and ensuring adherence to regulatory standards. Key Responsibilities: Implement and maintain security controls in AWS. Ensure compliance with NIST 800-53 , FedRAMP , and other frameworks. Perform audits, risk assessments, and security monitoring. Collaborate with DevOps and engineering teams on secure deployments. Prepare documentation for compliance and audit readiness. Requirements: Strong experience with AWS security tools and IAM . Hands-on knowledge of NIST 800-53 , FedRAMP , or similar frameworks. Experience with IaC tools (e.g., Terraform, CloudFormation). Familiarity with cloud compliance tools and monitoring solutions. Relevant certifications (e.g., AWS Security, CISSP, CCSP) are a plus. Show more Show less

In an era where workplace safety is of utmost importance, the role of a Safety Officer has become more vital than ever. Industries such as construction, oil and gas, manufacturing, and mining are heavily regulated to prevent workplace accidents. This is where trained safety officers play a key role in ensuring the health and safety of workers. If you’re planning to build a career that involves leadership, responsibility, and the satisfaction of protecting lives, then a Safety Officer Course might be the right path for you. This comprehensive guide will walk you through everything you need to know, right from eligibility and course content to certifications and career prospects. Read Also: GP Rating Course: A Complete Guide to Starting Your Career in the Merchant Navy What is a Safety Officer Course? A Safety Officer Course is a professional training program designed to equip individuals with the knowledge and skills required to manage workplace health and safety risks. The course emphasizes accident prevention, risk assessment, safety audits, and legal compliance with occupational safety standards. Key Highlights Course Duration: 6 months to 1 year (varies by program) Eligibility: 10th/12th pass or graduate (depending on the course level) Job Role: Health & Safety Officer, HSE Officer, Safety Supervisor Certifications: NEBOSH, IOSH, OSHA, Diploma in Industrial Safety Why Pursue a Safety Officer Course? Here are some compelling reasons to pursue a safety officer certification: High Demand Across Industries With increasing industrialization and stricter safety regulations, safety professionals are in demand worldwide. Lucrative Salary Packages Safety officers earn competitive salaries, especially in the oil & gas and construction sectors. Global Career Opportunities Internationally recognized certifications like NEBOSH open doors to jobs abroad. Job Security Health and safety roles are stable even in economic downturns. Social Responsibility You directly contribute to creating safer work environments and saving lives. Types of Safety Officer Courses There Are Several Types Of Courses Available Based On Duration, Accreditation, And Level Of Expertise. Below Are The Most Popular Options NEBOSH (National Examination Board in Occupational Safety and Health) Internationally recognized Offers General Certificate and Diploma Suitable for those seeking global opportunities IOSH (Institution of Occupational Safety and Health) Short-term course Good for beginners Often a stepping-stone to NEBOSH OSHA (Occupational Safety and Health Administration) U.S.-based safety certification 10-hour or 30-hour safety training Suitable for those targeting jobs in the USA or U.S. companies Diploma in Industrial Safety 1-year diploma program Offered by many Indian universities and institutes Suitable for those working in factories, plants, and industrial environments Post Graduate Diploma in Health and Safety Management Ideal for graduates from an engineering, science, or management background Covers advanced safety protocols, audits, and compliance Eligibility Criteria The eligibility for safety officer courses varies depending on the type of course: For Certificate Courses Minimum Qualification: 10th or 12th pass Age Limit: No strict age limit Language Proficiency: Basic knowledge of English (some courses are offered in Hindi/regional languages too) For Diploma/PG Diploma Educational Qualification: Diploma holders, graduates in Science or Engineering Work Experience: Some institutes require 1–2 years of industrial experience Top Institutes Offering Safety Officer Courses in India Here’s a list of top institutes offering safety officer training programs: Institute Name Location Courses Offered National Institute of Fire & Safety Engineering (NIFSE) Nagpur Diploma in Industrial Safety Green World Group Chennai NEBOSH, IOSH, OSHA Indian Institute of Fire Engineering (IIFE) Nagpur Diploma and PG Diploma NIST Institute Pvt. Ltd. Multiple Cities NEBOSH, IOSH, ISO Lead Auditor Courses Central Labour Institute (CLI) Mumbai PG Diploma in Industrial Safety Fire and Safety Forum Online & Offline Safety Officer, Fire Safety, NEBOSH Tip: Always ensure the institute is accredited by relevant bodies like NEBOSH, IOSH, or the Directorate General of Factory Advice Service and Labour Institutes (DGFASLI). Course Curriculum and Subjects While the curriculum may differ by course type and level, the core subjects generally include: Core Modules Occupational Health & Safety Fire Prevention and Protection Industrial Hazards and Risk Management First Aid and Emergency Procedures Environmental Safety Construction Site Safety Electrical Safety Legal Regulations and Compliance Accident Investigation Safety Audit and Inspection Practical Training Use of Personal Protective Equipment (PPE) Fire drill simulations Safety audits Case studies and project work Job Roles After the Safety Officer Course After completing a safety officer course, you can apply for a wide range of roles in both domestic and international markets. Popular Job Titles Safety Officer HSE Officer (Health, Safety, Environment) Safety Supervisor Fire & Safety Officer Risk Assessment Officer EHS Manager (Environment, Health & Safety) Industries Hiring Safety Officers Construction Oil & Gas Manufacturing Chemicals & Pharmaceuticals Shipping and Marine Aviation Mining IT/Data Centers Career Growth Path Safety is a field where experience and certifications directly influence growth. Here’s a typical career progression: Safety Assistant / Trainee Safety Officer Senior Safety Officer Safety Manager HSE Manager Chief Safety Officer / Director of Safety With certifications like NEBOSH Diploma and ISO Auditor, you can fast-track to managerial or consultant-level positions. Salary Expectations Salaries vary depending on your location, industry, and certification. India Role Salary Range (Monthly) Safety Officer ₹20,000 – ₹40,000 Senior Safety Officer ₹40,000 – ₹80,000 HSE Manager ₹80,000 – ₹1.5 Lakhs Safety Consultant ₹1.5 Lakhs – ₹3 Lakhs Abroad (Middle East, Gulf, Africa) Role Salary Range (Monthly) Safety Officer $800 – $1500 Safety Supervisor $1500 – $2500 HSE Manager $3000 – $5000 Safety officers are highly sought after in countries like the UAE, Saudi Arabia, Qatar, Oman, and Kuwait . Read Also: Top 30 Engineering Colleges in Bangalore: Your Complete Guide for 2025 Step-by-Step Application Process How to Apply for a Safety Officer Course Choose the Right Course (NEBOSH, IOSH, Diploma, etc.) Check Eligibility and gather necessary documents. Select an Accredited Institute. Apply online/Offline through the official institute website or in person. Pay the Course Fee (₹30,000 to ₹1.5 Lakhs, depending on the course). Attend Classes and Training (some are available online). Appear for Exams and complete practical assessments. Receive a Certificate upon successful completion. Documents Required Prepare the following documents for admission: Mark sheets (10th, 12th, or graduation) ID proof (Aadhar, PAN, Passport) Passport-sized photographs Medical certificate (optional but preferred) Experience certificate (if required) Tips for Success in a Safety Career Keep Learning: Continue upgrading your skills with advanced certifications. Stay Updated: Know the latest safety norms and industrial regulations. Network: Join professional communities like IOSH or NSC. Be Observant: A good safety officer is always alert and proactive. Documentation Skills: Maintain logs, audits, and incident reports professionally. Conclusion A Safety Officer Course is more than just a certification—it’s a commitment to safeguarding human lives and ensuring smooth industrial operations. With the increasing focus on occupational safety across sectors, the demand for trained safety professionals is only going to rise. Whether you’re starting or looking to switch careers, this field offers strong job stability, respectable income, and immense job satisfaction. So, if you’re passionate about workplace safety, now is the right time to enroll in a safety officer course and build a rewarding career. Frequently Asked Questions (FAQs) What is the duration of a Safety Officer Course? It ranges from a few days (for basic IOSH/OSHA) to 1 year (Diploma or PG Diploma). Can I do a Safety Officer Course online? Yes, many institutes offer online NEBOSH, IOSH, and Diploma courses with virtual classes and assessments. What is the minimum qualification to become a Safety Officer? You must have passed at least the 10th grade for basic courses. Higher-level diplomas require graduation or relevant experience. Is NEBOSH mandatory to become a Safety Officer? NEBOSH is not mandatory but is highly preferred, especially for international placements. What industries need Safety Officers? Construction, Oil & Gas, Manufacturing, Mining, Pharmaceuticals, and IT all require safety professionals. Is the Safety Officer’s job physically demanding? Yes, it often involves site visits, audits, and on-field supervision. What is the cost of the Safety Officer Course in India? Costs range from ₹30,000 to ₹1.5 lakhs, depending on the course and institute. Can women become Safety Officers? Absolutely. Many organizations actively recruit and promote female safety officers. Do Safety Officers work in shifts? Yes, in industries like oil & gas or construction, rotational and shift work is common. How can I get a job abroad as a Safety Officer? Obtain globally recognized certifications (like NEBOSH), gain experience, and apply through international job portals or consultancies. Related Posts Top Skills in Demand in India: How to Position Yourself for Success 10 Proven Resume Hacks to Land More Job Interviews Top 10 Remote Customer Service Jobs You Can Start Today The Pros and Cons of Working Remote Data Entry Jobs How to Land Your First Remote Entry-Level Job: Tips and Tricks How to Thrive in Remote Customer Service Jobs: Tips for Success GETCO Careers 2025: Explore Openings and Growth Prospects Explore Lucrative Career Opportunities with Odisha Govt Jobs Show more Show less

Job Summary Looking for a Senior Network Engineer || Bangalore to join a team of rockstar developers. The candidate should have a min of 7 years of experience. About Us CodeVyasa is a mid-sized product engineering company that works with top-tier product/solutions companies such as McKinsey, Walmart, RazorPay, Swiggy, and others. We are about 550+ people strong and we cater to Product & Data Engineering use-cases around Agentic AI, RPA, Full-stack and various other GenAI areas. Key Responsibilities Technical Leadership & Mentorship Mentor junior engineers and help build team capabilities by imparting hands-on training on networking technologies, test methodologies, and automation. Design onboarding programs and skill enhancement tracks for lab engineers. Lead comprehensive test programs covering switching, routing, VOIP, and wireless equipment. Ensure adherence to certification requirements from bodies such as TEC, NABL, NIST and other regulatory frameworks. Provide in-depth technical support for diagnosing and resolving issues encountered during testing and certification processes across various technologies and product types. Develop and maintain test strategies, methodologies, and detailed test cases aligned with evolving standards. Spearhead efforts in expanding the scope of Lab’s test capabilities by exploring emerging networking technologies and products. Collaborate with other domain leads to conduct new research and draft whitepapers or internal capability documents. Serve as a technical manager ensuring CNLABS meets the quality, compliance, and documentation requirements of NABL, TEC, and other relevant certification and accreditation bodies. Define and uphold best practices in line with ISO/IEC 17025 standards. Actively participate in national and international technical forums, standardization committees, and industry working groups. Contribute to shaping policies, guidelines, and frameworks related to network testing and certification. Required Qualifications Experience: 7+ years in the development or testing of networking products and solutions. Technical Skills: Strong fundamentals in switching, routing, VOIP protocols. Hands-on with TCP/IP protocol suite: IPv6, OSPFv2/v3, BGPv4/v6, MBGP, LDP, MPLS-TP, STP, SNMP, SIP, MGCP etc. Experience in virtualization technologies: VMware, KVM, Containers. Certifications: CCNP or equivalent is mandatory. Desirable: Familiarity with wireless testing, SDN/NFV, Cybersecurity, and ISO 17025 practices. Why Join CodeVyasa? Work on innovative, high-impact projects with a team of top-tier professionals. Continuous learning opportunities and professional growth. Flexible work environment with a supportive company culture. Competitive salary and comprehensive benefits package. Free healthcare coverage. Here's a glimpse of what life at CodeVyasa looks like Life at CodeVyasa. Show more Show less

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Senior Associate Job Description & Summary We are seeking a highly skilled Sailpoint Developer .If candidate has experience of 2-3 years, he/she must be Sailpoint Certified, above 3 years experience sailpoint certification is not mandatory but good to have. *Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary : We are seeking a professional to join our Cybersecurity and Privacy services team, where you will have the opportunity to help clients implement effective cybersecurity programs that protect against threats, drive transformation, and foster growth. As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As an L3 Analyst/SOC Manager, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalated from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit. Responsibilities: Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. Follow up on cybersecurity incident tickets until closure . Guide L1 and L2 analysts in analyzing events and response activities. Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. Review and provide suggestions for information security policies and best practices in client environments. Ensure compliance with SLAs and contractual requirements , maintaining effective communication with stakeholders. Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. Update and review documents, playbooks, and standard operational procedures. Validate and update client systems and IT infrastructure documentation. Share knowledge on current security threats, attack patterns, and tools with team members. Create and review new use cases based on evolving attack trends. Analyze and interpret Windows, Linux OS, firewall , web proxy, DNS, IDS, and HIPS log events. Develop and maintain threat detection rules, parsers, and use cases. Understand security analytics and flows across SaaS applications and cloud computing tools. Validate use cases through selective testing and logic examination. Maintain continuous improvement processes and build/groom teams over time. Develop thought leadership within the SOC. Mandatory skill sets: Bachelor’s degree ( minimum requirement). 2 -8 years of experience in SOC operations. Experience analyzing malicious traffic and building detections. Experience in application security, network security, and systems security. Knowledge of security testing tools (e.g., BurpSuite , Mimikatz , Cobalt Strike, PowerSploit , Metasploit, Nessus, HP Web Inspect). Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NY-DFS). Experience with traditional security operations, event monitoring, and SIEM tools. Knowledge of MITRE or similar frameworks and procedures used by adversaries. Ability to develop and maintain threat detection rules and use cases. Preferred skill sets: Strong communication skills, both written and oral. Experience with SMB and large enterprise clients. Good understanding of ITIL processes (Change Management, Incident Management, Problem Management). Strong expertise in multiple SIEM tools and other SOC environment devices. Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Understanding of raw log formats of various security devices. Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Relevant certifications (CEH, CISA, CISM, etc.) . Strong work ethic and time management skills. Coachability and dedication to consistent improvement. Ability to mentor and encourage junior teammates. Knowledge of regex and parser creation. Ability to deploy SIEM solutions in customer environments. Years of experience required : 2 - 12 + years Education qualification: B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills SoCs Optional Skills Accepting Feedback, Accepting Feedback, Access Control Models, Access Control System, Access Management, Active Listening, Analytical Thinking, Authorization Compliance, Authorization Management Systems, Azure Active Directory, Cloud Identity and Access Management (IAM), Communication, Creativity, CyberArk Management, Cybersecurity, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Federated Identity Management, ForgeRock Identity Platform, Identity and Access Management (IAM), Identity-Based Encryption, Identity Federation, Identity Governance Framework (IGF) {+ 22 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

Job Summary The Deputy Manager - IT GRC (Governance, Risk, and Compliance) role at ENGIE India is crucial in ensuring the organization's Digital & IT landscape is secure, compliant, and aligned with business objectives. This role involves developing, implementing, and managing IT GRC, risk management, and ensuring compliance with regulations and internal controls. This is an individual contributor role based in Pune, India, with occasional onsite travel to support Digital & IT audits. Main Objectives The primary objective is to ensure the IT landscape is secure, compliant, and aligned with business goals. This involves: Implementing comprehensive IT GRC strategies. Implementing INCOME framework for D&IT function Implement and Manage - Risk management processes. Ensuring adherence to regulations and standards. Maintain Digital &IT internal control requirements Lead the Digital & IT Internal Control and Compliance Key Responsibilities Audit Preparation and Management: Prepare processes, teams, and documents for internal and external audits. Track and remediate audit observations with corrective and preventive actions. Risk Management: Manage and track all technology-related risks for timely closure. Oversee formal risk analysis and self-assessment programs for various systems and processes. Compliance : Ensure compliance with privilege access management processes and relevant IT regulations and standards, such as ISO 27001 and NIST CSF. Documentation and Communication: Maintain strong documentation and communication skills. Ensure clear communication with stakeholders and effective conflict resolution. Implementing Initiatives: Coordinate with various departments to ensure smooth execution and monitor progress. Continuous Improvement: Foster a culture of continuous improvement within the IT GRC team. Stakeholder Engagement: Engage with key stakeholders, including management and department heads, to ensure IT GRC strategies are well-supported and integrated. Conducting Risk Assessments: Oversee comprehensive risk assessments to identify potential risks. Developing Mitigation Strategies: Implement controls and safeguards to reduce the likelihood and impact of risks. Monitoring and Reporting: Establish effective monitoring mechanisms and regularly report on risk status to management. Collaboration with Departments: Work closely with various departments to ensure effective implementation of risk management strategies. Adhering to Regulations: Ensure compliance with all relevant IT regulations and standards. Implementing Best Practices: Promote the adoption of industry best practices within the organization. Internal and External Audits: Conduct regular internal audits and manage relationships with external auditors and regulatory bodies. Policy Development: Develop and maintain comprehensive IT GRC policies. Coordination and Collaboration Cross-Departmental Collaboration: Collaborate with various departments to ensure effective implementation of GRC initiatives. Stakeholder Communication: Ensure stakeholders are informed about the progress and impact of GRC activities. Conflict Resolution: Resolve conflicts that arise during the implementation of GRC initiatives. Internal Audits: Conduct internal audits to assess the effectiveness of IT GRC controls and processes. Managing External Audits: Ensure the organization is well-prepared for external audits and address any findings promptly. Audit Preparation: lead the preparation for audits to ensure a smooth process. Addressing Audit Findings: Develop and implement action plans to resolve audit findings and prevent recurrence. Continuous Improvement: Use audit insights to drive continuous improvement in GRC practices. Regular Reporting: Provide regular reports on IT GRC activities to management and the board. Clear Communication: Ensure GRC-related information is communicated clearly and consistently. Training and Awareness: Promote awareness of GRC policies and practices within the organization through training sessions and resources. Technical Knowledge and Skills Understanding IT Systems: Strong understanding of IT systems, including Cloud services, IT-OT convergence, hardware, software, networks, and data management practices. Security Principles: Deep understanding of security principles, including encryption and access control. Risk Management Frameworks: Familiarity with frameworks such as ISO 31000 and NIST RMF. Emerging Technologies: Stay updated on emerging technologies and their impact on IT GRC practices. Technical Certifications: Relevant certifications such as CRISC are valuable. Compliance Knowledge Regulatory Requirements: Deep knowledge of relevant regulatory requirements, such as CEA guidelines, Internal Controls (ITGC), IT Act, Indian and global Energy sector compliance, GDPR, HIPAA, and SOX. Industry Standards: Familiarity with industry standards like ISO 27001 and NIST CSF. Compliance Assessment: Conduct regular compliance assessments and develop comprehensive compliance policies. Training and Awareness: Promote awareness of compliance requirements within the organization. Analytical and Problem-Solving Risk Analysis: Conduct formal risk analysis to identify potential vulnerabilities. Problem-Solving : Develop and implement effective solutions to mitigate risks. Data Analysis: Analyze data to identify trends, assess risks, and make informed decisions. Decision-Making: Make informed decisions based on risk and compliance analysis. Continuous Improvement: Promote a culture of continuous improvement in GRC practices. Qualifications and Experience Strong background in Information Technology, Cybersecurity, or a related discipline. Knowledge of frameworks like ISO 27001, NIST, GDPR, and HIPAA. 5-8 years in IT GRC, preferably in the Energy sector. Hands-On Experience: Identifying, assessing, and mitigating risks.

CoreStack, an AI-powered multi-cloud governance solution, empowers enterprises to rapidly achieve Continuous and Autonomous Cloud Governance at Scale. CoreStack enables enterprises to realize outcomes such as 40% decrease in cloud costs and 50% increase in operational efficiencies by governing operations, security, cost, access, and resources. CoreStack also assures 100% compliance with standards such as ISO, FedRAMP, NIST, HIPAA, PCI-DSS, AWS CIS & Well Architected Framework (WAF). We work with many large global customers across multiple industries including Financial Services, Healthcare, Retail, Education, Telecommunications, Technology and Government. Responsibilities Part of a Cloud Governance product team responsible for installing, configuring, automating and monitoring various Cloud Services (IaaS, PaaS, and SaaS) Be at the forefront of Cloud technology, assisting a global list of customers that consume multiple cloud environments. Ensure availability of internal & customers' hosts and services thru monitoring, analysing metric trends, investigating alerts. Explore and implement a broad spectrum of open source technologies. Help the team/customer to resolve technical issues. Extremely customer focused, flexible to be available on-call for solving critical problems. Contribute towards the process improvement involving the Product deployments, Cloud Governance & Customer Success. Skills Required Minimum 3+ Years of experience with a B.E/B.Tech Experience in managing Azure IaaS, PaaS services for customer production environments Well versed in DevOps technologies, automation, infrastructure orchestration, configuration management and CI/CD Experience in Linux and Windows Administration, server hardening and security compliance Web and Application Server technologies (e.g. Apache, Nginx, IIS) Good command in at least one scripting language (e.g. Bash, PowerShell, Ruby, Python) Networking protocols such as HTTP, DNS and TCP/IP Experience in managing version control platforms (e.g. Git, SVN) Skills:- Google Cloud Platform (GCP), Amazon Web Services (AWS), Microsoft Windows Azure, IaaS, Platform as a Service (PaaS), Linux/Unix and Scripting language Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Cyber Security Strategy, Risk, Compliance and Resilience – Technology Consulting – Senior As part of our EY Strategy, Risk, Compliance and Resilience (SRCR) Technology Consulting team, you would work on various SRCR projects for our customers across the globe. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Senior Security Consultant with expertise in cyber / information security, risk and controls concepts. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Engage in Cyber Strategy & Governance, Cyber Risk & Compliance, Cyber Resilience, Cyber Transformation and Co-Sourcing, Application & Network Security engagements Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress. Execute the engagement requirements, along with review of work by junior team members. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Build strong internal relationships within EY Consulting Services and with other services across the organization Contribute to people related initiatives including recruiting and retaining Cyber Transformation professionals Maintain an educational program to continually develop personal skills of staff Understand and follow workplace policies and procedures Building a quality culture at GDS Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members Manage the performance management for the direct reportees, as per the organization policies. Foster teamwork and lead by example; training and mentoring of project resources Participating in the organization-wide people initiatives Skills And Attributes For Success Hands-on experience of more than 5 years with key components of cybersecurity including (but not limited to): Vendor/3rd Party Risk Management & Assessment Cyber Strategy & Governance, Cyber Transformation, Cyber Dashboarding Regulations/standards such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53 Business Continuity & Disaster Recovery Must have experience in working in client facing roles, interacting with the third parties, assessing different kinds of environments (IT and non-IT) and ability to apply cyber security concepts in all these sectors. Experienced in creation and review of security policy/procedures, and in performing risk assessments. Good to have experience in assessing ITGC requirements across various industries including both Cybersecurity and resilience requirements. Should have a good understanding of VAPT process, common application security vulnerabilities, exploitation techniques and remediation measures. Basic understanding of Network Security and network architecture diagram reviews, access and perimeter control, vulnerability management and intrusion detection, firewall rule-based reviews. Good understanding of logging and monitoring tools (SIEM). Knowledge in any one of the SIEM tools is a plus. To qualify for the role, you must have: BE - B. Tech / MCA / M. Tech/ MBA with background in computer science and programming. More than 5 Years of relevant experience. Strong Excel and PowerPoint skills. Should be proficient in leading medium to large engagements and coach junior staff. Ideally, you’ll also have CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer. Project management skills. What We Look For A team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Senior Associate Job Description & Summary We are seeking a highly skilled Sailpoint Developer .If candidate has experience of 2-3 years, he/she must be Sailpoint Certified, above 3 years experience sailpoint certification is not mandatory but good to have. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary: We are seeking a professional to join our Cybersecurity and Privacy services team, where you will have the opportunity to help clients implement effective cybersecurity programs that protect against threats, drive transformation, and foster growth. As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As an L3 Analyst/SOC Manager, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalated from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit. Responsibilities Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. Follow up on cybersecurity incident tickets until closure. Guide L1 and L2 analysts in analyzing events and response activities. Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. Review and provide suggestions for information security policies and best practices in client environments. Ensure compliance with SLAs and contractual requirements, maintaining effective communication with stakeholders. Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. Update and review documents, playbooks, and standard operational procedures. Validate and update client systems and IT infrastructure documentation. Share knowledge on current security threats, attack patterns, and tools with team members. Create and review new use cases based on evolving attack trends. Analyze and interpret Windows, Linux OS, firewall, web proxy, DNS, IDS, and HIPS log events. Develop and maintain threat detection rules, parsers, and use cases. Understand security analytics and flows across SaaS applications and cloud computing tools. Validate use cases through selective testing and logic examination. Maintain continuous improvement processes and build/groom teams over time. Develop thought leadership within the SOC. Mandatory Skill Sets Bachelor’s degree (minimum requirement). 2-8 years of experience in SOC operations. Experience analyzing malicious traffic and building detections. Experience in application security, network security, and systems security. Knowledge of security testing tools (e.g., BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect). Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NY-DFS). Experience with traditional security operations, event monitoring, and SIEM tools. Knowledge of MITRE or similar frameworks and procedures used by adversaries. Ability to develop and maintain threat detection rules and use cases. Preferred Skill Sets Strong communication skills, both written and oral. Experience with SMB and large enterprise clients. Good understanding of ITIL processes (Change Management, Incident Management, Problem Management). Strong expertise in multiple SIEM tools and other SOC environment devices. Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Understanding of raw log formats of various security devices. Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Relevant certifications (CEH, CISA, CISM, etc.). Strong work ethic and time management skills. Coachability and dedication to consistent improvement. Ability to mentor and encourage junior teammates. Knowledge of regex and parser creation. Ability to deploy SIEM solutions in customer environments. Years Of Experience Required 2-12 + years Education Qualification B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills SoCs Optional Skills Accepting Feedback, Accepting Feedback, Access Control Models, Access Control System, Access Management, Active Listening, Analytical Thinking, Authorization Compliance, Authorization Management Systems, Azure Active Directory, Cloud Identity and Access Management (IAM), Communication, Creativity, CyberArk Management, Cybersecurity, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Federated Identity Management, ForgeRock Identity Platform, Identity and Access Management (IAM), Identity-Based Encryption, Identity Federation, Identity Governance Framework (IGF) {+ 22 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Technology Risk – Senior As part of our EY- Technology Risk team you will contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships. You will also identify potential business opportunities for Ernst & Young within existing engagements and escalate these as appropriate. Similarly, you will anticipate and identify risks within engagements and share any issues with senior members of the team. The opportunity We are looking for a senior to join the Cyber COE group of our EY-Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Competencies and Expertise Needed Understanding of Identity and Access Management (IAM) principles, frameworks, and best practices. Strong consulting and advisory skills, capable of understanding and addressing clients’ needs. Hands-on experience with Privileged Access Management (PAM) tools and strategies, including the implementation of solutions like PAM services. In-depth knowledge of identity lifecycle management processes, encompassing user provisioning, de-provisioning, and role management, as demonstrated in various IAM implementation projects. Skilled in analysing security risks associated with identity and access, and formulating effective mitigation strategies, as evidenced by successful project outcomes. Understanding of role-based access control (RBAC), multi-factor authentication (MFA), and single sign-on (SSO) implementations. Interest in working on security compliance projects related to IAM. Experience or interest in leading workshops, trainings, or presentations for clients. Desire to work collaboratively with IT teams to implement IAM and PAM solutions by ensuring seamless integration and operational efficiency. Responsible for ISO 27001 based Information Security Management System implementation and sustenance Assess client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling Responsible for conducting clients’ vendors risk assessment and providing a holistic view of client’s risk exposure due to outsourcing Responsible for advising and assisting clients to develop and implement Information classification framework Conduct Information Systems audits covering IT infrastructure assets Serves as technical lead or subject matter specialist on security and privacy implementation projects, responsible for design, build, testing and deployment of solutions Technical Knowledge of Security Capabilities such as, CSPM, EDR, SIEM/SOAR, Vulnerability Management will be a plus. Have a knowledge of cyber security concepts around Vulnerability Management, Identity Management, Risk Management, etc. Good understanding of overall cyber security objective of the organization and having an ability translate data into actionable metrics to drive initiatives to improve cyber security posture. Understanding of Senior stakeholder’s requirements in the organization such CISO, CIO, CRO and ability to communicate with them in an effective manner with excellent verbal and written communication skills. Experienced in conducting information security assessments including business continuity plan audits, network security audits, GenAI Audit, and infrastructure audits. Performed NIST assessments, ISO assessments, and privacy impact audits, Data Privacy and GDPR implementation, experience in developing Data inventory and Third-Party Risk Assessment. Familiar with IT industry frameworks such as ISO27001, ISO42001, NIST, PCI-DSS, TISAX, DSA/DMA, GDPR, NIS2 and HITRUST. Your Key Responsibilities Test and supervise the delivery of assigned controls not limited to ITGC and ITAC but ISO27001 & NIST assessment, Privacy Assessment, Cyber Maturity Assessment, IT Policies Standards Assessment, Software Development Lifecycle (SDLC), System Architecture, Operating Systems, Databases, Networks, Security Systems, Cloud Services, Asset Inventories, Incident Management, Recovery Management and knowledge to intervene and redirect testing as required, resolving, or redirecting escalations as required. Collaborate with your team to manage control owners and other stakeholders, ensuring the success of each assigned reviews, minimising contention where possible and requesting support, where deemed necessary. Apply judgement and risk management concepts to identify, formulate findings and provide valuable insights to the clients to improve processes and manage risks to achieving operational and strategic goals. Review IT Policies and Standards and ensure that they are as per the different industry standard. Stay current with cybersecurity regulations and promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the enterprise. To qualify for the role, you must have. Graduate (CS/ IT, Electronics, Electronics & Telecommunications,)/MBA/M.Sc. with at least 4-7 years of experience. Having industry certification such as CISSP, CISM, CRISC or CISA a strong plus Bring your significant experience in applying relevant technical knowledge in at least one of the following engagements: (a) ISO assessments (b) NIST assessments (c) Data privacy audits (d) Network and Infrastructure audits (e) Cyber Maturity Assessment (f) IT Policies and Standards Assessment (g) IAM and IT Asset Management (h) IT Health Check (i) BCP/DR audit (j) Application security audits. What We Look For A Team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment Opportunities to work with EY Assurance practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we are dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Technology Risk – Senior As part of our EY- Technology Risk team you will contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships. You will also identify potential business opportunities for Ernst & Young within existing engagements and escalate these as appropriate. Similarly, you will anticipate and identify risks within engagements and share any issues with senior members of the team. The opportunity We are looking for a senior to join the Cyber COE group of our EY-Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Competencies and Expertise Needed Understanding of Identity and Access Management (IAM) principles, frameworks, and best practices. Strong consulting and advisory skills, capable of understanding and addressing clients’ needs. Hands-on experience with Privileged Access Management (PAM) tools and strategies, including the implementation of solutions like PAM services. In-depth knowledge of identity lifecycle management processes, encompassing user provisioning, de-provisioning, and role management, as demonstrated in various IAM implementation projects. Skilled in analysing security risks associated with identity and access, and formulating effective mitigation strategies, as evidenced by successful project outcomes. Understanding of role-based access control (RBAC), multi-factor authentication (MFA), and single sign-on (SSO) implementations. Interest in working on security compliance projects related to IAM. Experience or interest in leading workshops, trainings, or presentations for clients. Desire to work collaboratively with IT teams to implement IAM and PAM solutions by ensuring seamless integration and operational efficiency. Responsible for ISO 27001 based Information Security Management System implementation and sustenance Assess client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling Responsible for conducting clients’ vendors risk assessment and providing a holistic view of client’s risk exposure due to outsourcing Responsible for advising and assisting clients to develop and implement Information classification framework Conduct Information Systems audits covering IT infrastructure assets Serves as technical lead or subject matter specialist on security and privacy implementation projects, responsible for design, build, testing and deployment of solutions Technical Knowledge of Security Capabilities such as, CSPM, EDR, SIEM/SOAR, Vulnerability Management will be a plus. Have a knowledge of cyber security concepts around Vulnerability Management, Identity Management, Risk Management, etc. Good understanding of overall cyber security objective of the organization and having an ability translate data into actionable metrics to drive initiatives to improve cyber security posture. Understanding of Senior stakeholder’s requirements in the organization such CISO, CIO, CRO and ability to communicate with them in an effective manner with excellent verbal and written communication skills. Experienced in conducting information security assessments including business continuity plan audits, network security audits, GenAI Audit, and infrastructure audits. Performed NIST assessments, ISO assessments, and privacy impact audits, Data Privacy and GDPR implementation, experience in developing Data inventory and Third-Party Risk Assessment. Familiar with IT industry frameworks such as ISO27001, ISO42001, NIST, PCI-DSS, TISAX, DSA/DMA, GDPR, NIS2 and HITRUST. Your Key Responsibilities Test and supervise the delivery of assigned controls not limited to ITGC and ITAC but ISO27001 & NIST assessment, Privacy Assessment, Cyber Maturity Assessment, IT Policies Standards Assessment, Software Development Lifecycle (SDLC), System Architecture, Operating Systems, Databases, Networks, Security Systems, Cloud Services, Asset Inventories, Incident Management, Recovery Management and knowledge to intervene and redirect testing as required, resolving, or redirecting escalations as required. Collaborate with your team to manage control owners and other stakeholders, ensuring the success of each assigned reviews, minimising contention where possible and requesting support, where deemed necessary. Apply judgement and risk management concepts to identify, formulate findings and provide valuable insights to the clients to improve processes and manage risks to achieving operational and strategic goals. Review IT Policies and Standards and ensure that they are as per the different industry standard. Stay current with cybersecurity regulations and promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the enterprise. To qualify for the role, you must have. Graduate (CS/ IT, Electronics, Electronics & Telecommunications,)/MBA/M.Sc. with at least 4-7 years of experience. Having industry certification such as CISSP, CISM, CRISC or CISA a strong plus Bring your significant experience in applying relevant technical knowledge in at least one of the following engagements: (a) ISO assessments (b) NIST assessments (c) Data privacy audits (d) Network and Infrastructure audits (e) Cyber Maturity Assessment (f) IT Policies and Standards Assessment (g) IAM and IT Asset Management (h) IT Health Check (i) BCP/DR audit (j) Application security audits. What We Look For A Team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment Opportunities to work with EY Assurance practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we are dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. In digital assurance at PwC, you will focus on providing assurance services over clients' digital environment, including processes and controls, cyber security measures, data and AI systems, and their associated governance, to help organisations and their stakeholders build trust in their technology while complying with relevant regulations. Driven by curiosity, you are a reliable, contributing member of a team. In our fast-paced environment, you are expected to adapt to working with a variety of clients and team members, each presenting varying challenges and scope. Every experience is an opportunity to learn and grow. You are expected to take ownership and consistently deliver quality work that drives value for our clients and success as a team. As you navigate through the Firm, you build a brand for yourself, opening doors to more opportunities. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Apply a learning mindset and take ownership for your own development. Appreciate diverse perspectives, needs, and feelings of others. Adopt habits to sustain high performance and develop your potential. Actively listen, ask questions to check understanding, and clearly express ideas. Seek, reflect, act on, and give feedback. Gather information from a range of sources to analyse facts and discern patterns. Commit to understanding how the business works and building commercial awareness. Learn and apply professional and technical standards (e.g. refer to specific PwC tax and audit guidance), uphold the Firm's code of conduct and independence requirements. Job Description ▪ We are looking for a self-motivated individual who will relish the opportunity to join a growing part of the PwC business, using their skills in developing key internal relationships. ▪ Participate in a wide range of projects and collaborate across multiple work streams or teams; consistently demonstrating creative thinking, individual initiative and timely completion of assigned work ▪ Consistently demonstrate teamwork dynamics by working as a team member: understand personal and team roles; contribute to a positive working environment by building solid relationships with team members; and proactively seek guidance, clarification and feedback. ▪ Serve as participant on communications with numerous engagement teams ▪ The individual should have the ability to work effectively under pressure without compromising professional standards or quality of the work being performed. ▪ Knowledge and understanding of cyber security frameworks, standards, and best practices such as NIST, ISO 27001,etc ▪ Familiarity with Identity and Access Management (IAM) systems and processed would be a plus ▪ Has a basic understanding of SOC1/SOC2/SOX reporting ▪ Has a basic understanding of Internal controls and compliance. ▪ Staying up-to-date on the latest information technology (IT) and cybersecurity developments Responsibilities ▪ Perform Audit procedures and provide related deliverables in accordance with PwC’s documentation and quality standards. ▪ Perform IT security assessments for clients (e.g. security risk assessments, IT network infrastructure reviews, system technical configurations review, information security policies and processes/procedures review etc. ▪ Evaluate and analyze threat, vulnerability, impact and risk to security issues discovered from security assessments ▪ Advise clients on the security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the processes and controls ▪ Perform assessment (pre and post implementation) of security solutions and advise client on Industry best practices. ▪ Conduct in-depth research on emerging cybersecurity threats, trends, and technologies, and incorporate findings into actionable recommendations. ▪ Collaborate with cross-functional teams to ensure the effective implementation of security policies, standards, and best practices ▪ Maintain working knowledge of IAC User Guides and Audit Standards ▪ Monitor time and manage deadlines ▪ Adhere to PwC IAC policies and procedures ▪ Participate in training, coaching and other developmental opportunities. Requirements Minimum Degree(s): ▪ Bachelors or Masters degree in engineering with specialization in Management Information Systems, Computer Science, Information Systems, Information Technology or equivalent ▪ Understanding of audit concepts and latest regulations ▪ 1 -3 years’ experience in the domains mentioned in the Job Description above & Candidates with “Big 4” or equivalent experience would be preferred Certification(s) Preferred ▪ CISSP / ISO 27001 LA / CRISC / CISM / certifications are preferred. ▪ Understanding of Cyber security concepts and audit regulations Knowledge And Skill Set Required ▪ Working knowledge of appropriately applying internal control principles and business/technical knowledge including Application Controls, IT General Controls and Financial Reporting Concepts. ▪ Working knowledge of security controls, programming, networks and operating systems would be an added advantage ▪ Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.), including an understanding of the v-lookup, text, reference and logical and information functionality in excel. ▪ Team player, committed to providing high quality and maintaining timeliness ▪ Effective written and verbal communication skills including English ▪ Demonstrated self-motivation and a desire to take responsibility for personal growth and development ▪ Commitment to continuous training and to proactively learn new processes. ▪ Should have strong work ethics and commitment to delivering/ownership of work deliverables as per agreed timelines. Show more Show less

At PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing advice, and solutions. They help organisations navigate complex regulatory landscapes and enhance their internal controls to mitigate risks effectively. As a risk management generalist at PwC, you will provide advisory and practical support to teams across a wide range of specialist risk and compliance areas. Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isn’t clear, you ask questions, and you use these moments as opportunities to grow. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Respond effectively to the diverse perspectives, needs, and feelings of others. Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems. Use critical thinking to break down complex concepts. Understand the broader objectives of your project or role and how your work fits into the overall strategy. Develop a deeper understanding of the business context and how it is changing. Use reflection to develop self awareness, enhance strengths and address development areas. Interpret data to inform insights and recommendations. Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements. The NIST experienced Senior Associate will play a vital role in identifying cyber risks and describing the desired outcomes. The ideal candidate should have a strong understanding of NIST CSF (NIST Cybersecurity Framework) and other NIST and industry recognized standards, possess excellent communication and organizational skills, and be able to work independently as well as part of a team. The NIST Experienced Senior Associate is expected to assist in the following activities: Independently perform NIST CSF Maturity Assessments in collaboration with the client’s sponsor, identify and engage with stakeholders across different functional areas, including but not limited to the business, IT, Security, Legal & Compliance, and HR. Understand clients’ security organization, including roles and responsibilities, interactions with other enterprise functions and role of third parties, etc. Participate or facilitate workshops and/or individual interviews to identify, document gaps and current state of Cybersecurity. Review IT and security architectures, design patterns, and other technical documentation. Draft assessment reports including Executive Summary, observations/recommendations/peer comparisons, benchmark etc. Suggest Cybersecurity strategic initiatives to achieve future/target state. Create a roadmap for identified cyber initiatives. Conduct NIST CSF, NIST 800-53, NIST 800-171, ISO, CRI etc. gap assessments or compliance testing. Perform evidence validation to ensure compliance. Define testing and sampling procedures. Develop SOW’s, RFP’s in alignment to client’s requirements and lead the CoE. Lead business development efforts in alignment to NIST CoE requirements. Years Of Experience 4-8 years of Information Security industry experience and min 3+ relevant experience in NIST CSF Maturity Assessments, ISO,FFIEC, Cloud security CRI (desired). Position Requirements Conduct Maturity assessments based on NIST frameworks. Perform gap assessments and Control testing using NIST standard/frameworks. Good understanding of compliance standards/frameworks like ISO 27001/27002, NIST, COBIT, SOX, GLBA, SSAE16/SOC 2, etc. will be an advantage. Excellent written and oral communication skills, can express thoughts clearly, knows how to listen, take detailed notes and contribute in a team environment. Desired Knowledge NIST CSF, NIST 800-53, NIST 800-171, Cloud security and other industry standards such as ISO, PCI, HITRUST etc. Excellent leadership, teamwork and collaboration skills. Ability to quickly acquire and utilize knowledge on new technologies and solutions, emerging threats and vulnerabilities. Desired Skills Excellent MS-Office skills Results oriented, high energy, self-motivated. Flexible to learn cross-skills Professional and Educational Background MCA / BE / B Tech / MS (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems). Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC). Additional Information Travel Requirements: Not Applicable Line of Service: Advisory Industry: Consulting Must be ready to work on-site full-time (timings will be 2 pm or sooner until 11 pm IST) Minimum Years Of Experience 3 - 8 years Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Technology Risk – Senior As part of our EY- Technology Risk team you will contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships. You will also identify potential business opportunities for Ernst & Young within existing engagements and escalate these as appropriate. Similarly, you will anticipate and identify risks within engagements and share any issues with senior members of the team. The opportunity We are looking for a senior to join the Cyber COE group of our EY-Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Competencies and Expertise Needed Understanding of Identity and Access Management (IAM) principles, frameworks, and best practices. Strong consulting and advisory skills, capable of understanding and addressing clients’ needs. Hands-on experience with Privileged Access Management (PAM) tools and strategies, including the implementation of solutions like PAM services. In-depth knowledge of identity lifecycle management processes, encompassing user provisioning, de-provisioning, and role management, as demonstrated in various IAM implementation projects. Skilled in analysing security risks associated with identity and access, and formulating effective mitigation strategies, as evidenced by successful project outcomes. Understanding of role-based access control (RBAC), multi-factor authentication (MFA), and single sign-on (SSO) implementations. Interest in working on security compliance projects related to IAM. Experience or interest in leading workshops, trainings, or presentations for clients. Desire to work collaboratively with IT teams to implement IAM and PAM solutions by ensuring seamless integration and operational efficiency. Responsible for ISO 27001 based Information Security Management System implementation and sustenance Assess client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling Responsible for conducting clients’ vendors risk assessment and providing a holistic view of client’s risk exposure due to outsourcing Responsible for advising and assisting clients to develop and implement Information classification framework Conduct Information Systems audits covering IT infrastructure assets Serves as technical lead or subject matter specialist on security and privacy implementation projects, responsible for design, build, testing and deployment of solutions Technical Knowledge of Security Capabilities such as, CSPM, EDR, SIEM/SOAR, Vulnerability Management will be a plus. Have a knowledge of cyber security concepts around Vulnerability Management, Identity Management, Risk Management, etc. Good understanding of overall cyber security objective of the organization and having an ability translate data into actionable metrics to drive initiatives to improve cyber security posture. Understanding of Senior stakeholder’s requirements in the organization such CISO, CIO, CRO and ability to communicate with them in an effective manner with excellent verbal and written communication skills. Experienced in conducting information security assessments including business continuity plan audits, network security audits, GenAI Audit, and infrastructure audits. Performed NIST assessments, ISO assessments, and privacy impact audits, Data Privacy and GDPR implementation, experience in developing Data inventory and Third-Party Risk Assessment. Familiar with IT industry frameworks such as ISO27001, ISO42001, NIST, PCI-DSS, TISAX, DSA/DMA, GDPR, NIS2 and HITRUST. Your Key Responsibilities Test and supervise the delivery of assigned controls not limited to ITGC and ITAC but ISO27001 & NIST assessment, Privacy Assessment, Cyber Maturity Assessment, IT Policies Standards Assessment, Software Development Lifecycle (SDLC), System Architecture, Operating Systems, Databases, Networks, Security Systems, Cloud Services, Asset Inventories, Incident Management, Recovery Management and knowledge to intervene and redirect testing as required, resolving, or redirecting escalations as required. Collaborate with your team to manage control owners and other stakeholders, ensuring the success of each assigned reviews, minimising contention where possible and requesting support, where deemed necessary. Apply judgement and risk management concepts to identify, formulate findings and provide valuable insights to the clients to improve processes and manage risks to achieving operational and strategic goals. Review IT Policies and Standards and ensure that they are as per the different industry standard. Stay current with cybersecurity regulations and promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the enterprise. To qualify for the role, you must have. Graduate (CS/ IT, Electronics, Electronics & Telecommunications,)/MBA/M.Sc. with at least 4-7 years of experience. Having industry certification such as CISSP, CISM, CRISC or CISA a strong plus Bring your significant experience in applying relevant technical knowledge in at least one of the following engagements: (a) ISO assessments (b) NIST assessments (c) Data privacy audits (d) Network and Infrastructure audits (e) Cyber Maturity Assessment (f) IT Policies and Standards Assessment (g) IAM and IT Asset Management (h) IT Health Check (i) BCP/DR audit (j) Application security audits. What We Look For A Team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment Opportunities to work with EY Assurance practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we are dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Technology Risk – Senior As part of our EY- Technology Risk team you will contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships. You will also identify potential business opportunities for Ernst & Young within existing engagements and escalate these as appropriate. Similarly, you will anticipate and identify risks within engagements and share any issues with senior members of the team. The opportunity We are looking for a senior to join the Cyber COE group of our EY-Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Competencies and Expertise Needed Understanding of Identity and Access Management (IAM) principles, frameworks, and best practices. Strong consulting and advisory skills, capable of understanding and addressing clients’ needs. Hands-on experience with Privileged Access Management (PAM) tools and strategies, including the implementation of solutions like PAM services. In-depth knowledge of identity lifecycle management processes, encompassing user provisioning, de-provisioning, and role management, as demonstrated in various IAM implementation projects. Skilled in analysing security risks associated with identity and access, and formulating effective mitigation strategies, as evidenced by successful project outcomes. Understanding of role-based access control (RBAC), multi-factor authentication (MFA), and single sign-on (SSO) implementations. Interest in working on security compliance projects related to IAM. Experience or interest in leading workshops, trainings, or presentations for clients. Desire to work collaboratively with IT teams to implement IAM and PAM solutions by ensuring seamless integration and operational efficiency. Responsible for ISO 27001 based Information Security Management System implementation and sustenance Assess client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling Responsible for conducting clients’ vendors risk assessment and providing a holistic view of client’s risk exposure due to outsourcing Responsible for advising and assisting clients to develop and implement Information classification framework Conduct Information Systems audits covering IT infrastructure assets Serves as technical lead or subject matter specialist on security and privacy implementation projects, responsible for design, build, testing and deployment of solutions Technical Knowledge of Security Capabilities such as, CSPM, EDR, SIEM/SOAR, Vulnerability Management will be a plus. Have a knowledge of cyber security concepts around Vulnerability Management, Identity Management, Risk Management, etc. Good understanding of overall cyber security objective of the organization and having an ability translate data into actionable metrics to drive initiatives to improve cyber security posture. Understanding of Senior stakeholder’s requirements in the organization such CISO, CIO, CRO and ability to communicate with them in an effective manner with excellent verbal and written communication skills. Experienced in conducting information security assessments including business continuity plan audits, network security audits, GenAI Audit, and infrastructure audits. Performed NIST assessments, ISO assessments, and privacy impact audits, Data Privacy and GDPR implementation, experience in developing Data inventory and Third-Party Risk Assessment. Familiar with IT industry frameworks such as ISO27001, ISO42001, NIST, PCI-DSS, TISAX, DSA/DMA, GDPR, NIS2 and HITRUST. Your Key Responsibilities Test and supervise the delivery of assigned controls not limited to ITGC and ITAC but ISO27001 & NIST assessment, Privacy Assessment, Cyber Maturity Assessment, IT Policies Standards Assessment, Software Development Lifecycle (SDLC), System Architecture, Operating Systems, Databases, Networks, Security Systems, Cloud Services, Asset Inventories, Incident Management, Recovery Management and knowledge to intervene and redirect testing as required, resolving, or redirecting escalations as required. Collaborate with your team to manage control owners and other stakeholders, ensuring the success of each assigned reviews, minimising contention where possible and requesting support, where deemed necessary. Apply judgement and risk management concepts to identify, formulate findings and provide valuable insights to the clients to improve processes and manage risks to achieving operational and strategic goals. Review IT Policies and Standards and ensure that they are as per the different industry standard. Stay current with cybersecurity regulations and promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the enterprise. To qualify for the role, you must have. Graduate (CS/ IT, Electronics, Electronics & Telecommunications,)/MBA/M.Sc. with at least 4-7 years of experience. Having industry certification such as CISSP, CISM, CRISC or CISA a strong plus Bring your significant experience in applying relevant technical knowledge in at least one of the following engagements: (a) ISO assessments (b) NIST assessments (c) Data privacy audits (d) Network and Infrastructure audits (e) Cyber Maturity Assessment (f) IT Policies and Standards Assessment (g) IAM and IT Asset Management (h) IT Health Check (i) BCP/DR audit (j) Application security audits. What We Look For A Team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment Opportunities to work with EY Assurance practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we are dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

We are M&G Global Services Private Limited (formerly known as 10FA India Private Limited, and prior to that Prudential Global Services Private Limited). We are a fully owned subsidiary of the M&G plc group of companies, operating as a Global Capability Centre providing a range of value adding services to the Group since 2003. At M&G our purpose is to give everyone real confidence to put their money to work. As an international savings and investments business with roots stretching back more than 170 years, we offer a range of financial products and services through Asset Management, Life and Wealth. All three operating segments work together to deliver attractive financial outcomes for our clients, and superior shareholder returns. M&G Global Services has rapidly transformed itself into a powerhouse of capability that is playing an important role in M&G plc’s ambition to be the best loved and most successful savings and investments company in the world. Our diversified service offerings extending from Digital Services (Digital Engineering, AI, Advanced Analytics, RPA, and BI & Insights), Business Transformation, Management Consulting & Strategy, Finance, Actuarial, Quants, Research, Information Technology, Customer Service, Risk & Compliance and Audit provide our people with exciting career growth opportunities. Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent. CyberArk Administration: Configure, manage, and maintain CyberArk components such as the Vault, Password Vault Web Access (PVWA), Privileged Session Manager (PSM), Privileged Session Manager Proxy (PSMP), Central Policy Manager (CPM), Application Identity Manager (AIM), Application Access Manager (AAM), and Secure Web Sessions (SWS). PAM Operations: Implement and maintain privileged access control policies, workflows, and automation to secure privileged accounts. Privileged Account Lifecycle: Manage the onboarding, offboarding, and rotation of privileged accounts, ensuring compliance with security policies and minimising exposure to risk. Incident Response & Monitoring: Monitor privileged account usage for unusual or unauthorised activities, respond to security incidents, and escalate issues when needed. Integration with IAM & Security Tools: Collaborate with the Identity and Access (IAM) team and security operations to integrate CyberArk with other tools, applications, and platforms Leading and Managing the PAM Operations Team: As the Team Lead, you will be responsible for overseeing the daily operations of the PAM (Privileged Access Management) team. This includes providing guidance, support, and mentorship to team members, ensuring that they have the resources and training needed to perform their duties effectively. You will also be responsible for setting performance goals, conducting regular performance reviews, and fostering a collaborative and high-performing team environment. Arranging Shift and On-Call Rotas: You will be tasked with organising and managing the shift schedules and on-call rotas to ensure that there is adequate service coverage at all times. This involves coordinating with team members to create a fair and balanced schedule that meets the operational needs of the organisation while considering the well-being and work-life balance of the team. You will also be responsible for ensuring that on-call support is available for any critical, high, and medium service incidents that may occur outside of regular operating hours Additional Responsibilities Automation & Scripting: Use automation and scripting (e.g. PowerShell) to streamline PAM processes, improve operational efficiency, and enhance security controls. Audit & Compliance: Ensure all privileged access activities comply with internal policies and external regulatory standards. Conduct regular audits and reporting to demonstrate compliance. Training & User Support: Provide training to internal users on CyberArk tools and PAM best practices, offering ongoing support for troubleshooting and user queries. Documentation: Maintain accurate technical documentation, including PAM policies, configurations, procedures, and incident response protocols. Security Awareness: Stay current on security best practices, threat landscapes, and PAM trends to continuously improve the security posture of the organisation. Collaboration: Work closely with IT, cybersecurity, and compliance teams to ensure the alignment of PAM initiatives with broader security and business objectives. Key Stakeholder Management Internal Enterprise Security & Privacy BAU team Enterprise IT M&G business Risk & Internal Audit External External Audit Software Vendor Knowledge & Skills Knowledge, Skills, Experience & Educational Qualification CyberArk Expertise: In-depth knowledge of CyberArk PAM solutions, including the Vault, Password Vault Web Access (PVWA), Privileged Session Manager (PSM), Privileged Session Manager Proxy (PSMP), Central Policy Manager (CPM), Application Identity Manager (AIM), Application Access Manager (AAM), and Secure Web Sessions (SWS). Strong understanding of best practices for privileged access management. IAM & Access Control: Familiarity with Identity and Access Management (IAM) principles and controls models (e.g. RBAC, ABAC). Scripting & Automation: Proficiency in scripting languages such as PowerShell, Python, or other relevant languages for task automation and PAM integration. Security Frameworks & Compliance: Knowledge of relevant security frameworks (NIST, ISO 27001) and industry compliance requirements (e.g. AAF, SOX). Problem-Solving & Analytical Thinking: Strong troubleshooting and analytical skills for identifying security risks and implementing effective solutions. Communication Skills: Excellent communication skills, with the ability to explain complex security concepts to both technical and non-technical stakeholders. Attention to Detail: Strong attention to detail, particularly when managing privileged accounts and ensuring compliance with security policies. Strong understanding of authentication protocols, APIs, and integration patterns. Experience 10+ years of experience in cybersecurity, with at least 3 years of hands-on experience in Privileged Access Management (PAM), with a focus on CyberArk. Proven experience in administering and maintaining PAM tools in a complex IT environment. Familiarity with Cloud Security, virtualisation technologies, and their impact on privileged access controls is a plus. Relevant Qualifications A degree in Computer Science, Information Security, or a related field. Professional certifications such as CISSP, CISA, CompTIA Security+ are preferred. CyberArk certifications (Defender, Sentry, or Guardian) are highly desirable. M&G Behaviours relevant to all roles: Tell it like it is: Respectfully speaking up to create better ways forward – both direct and empathetic. Own it now: Putting your name on things with confidence to drive progress and result quickly. Move it forward together: Forming cross-functional teams to seize the right opportunities and solve real problems. …. with care and integrity. Diversity & Inclusion is vital to the success of our business: M&G is an inclusive employer. Enterprise Security and Technology is deeply committed to leading the way for M&G in celebrating diverse approaches and points of view; we believe that diversity drives innovation. We are building a culture where difference is valued and a workforce that is more representative of world, we live in. Therefore, we value applications from candidates of all races, religions, gender identifications, abilities, and sexual orientation. We have a diverse workforce and an inclusive culture at M&G Global Services, regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks. Show more Show less

ISA is a premier technology solution provider for the Aviation industry. We are backed by Air Arabia and headquartered in Sharjah, UAE, while the Research and Development center is located in Colombo, Sri Lanka and Pune, India. We are a 100% owned subsidiary of Air Arabia Location: Pune https://isa.ae/ Address : Smartworks Building, Nexa Soft, Core Ops,5th Floor, 43EQ, Survey No 44, PLOT A, H. No. 8/1 (P, opp. Opp. Ravindranath Tagore School of Excellence, Balewadi, Pune, Maharashtra 411045 Job Title: Security Engineer (Penetration Tester) Job Type: Full-time Reports To: Security Architect Job Overview: We are seeking a highly skilled Security Engineer to design, implement, and manage the security architecture of our organization. The ideal candidate will be responsible for firewall and endpoint security, WAF implementation, VAPT, fraud investigation, dark web monitoring, brand monitoring, email security, and compliance enforcement . The role requires expertise in securing IT infrastructure, conducting risk assessments, ensuring compliance, and implementing Microsoft security layers to strengthen the organization's security posture. Key Responsibilities: 1. Firewall, Endpoint & WAF Security Design, configure, and manage firewalls (Palo Alto, Fortinet, Cisco ASA, Check Point). Deploy and maintain Web Application Firewalls (WAF) for web security (Cloudflare, Imperva, AWS WAF). Implement Endpoint Detection & Response (EDR) solutions like Microsoft Defender for Endpoint, CrowdStrike, SentinelOne . Conduct regular firewall rule audits, optimize configurations, and enforce Zero Trust principles . 2. Microsoft Security Layer Implementation a. Microsoft Email Security Configure and manage Microsoft Defender for Office 365 to protect against phishing, malware, and email threats. Implement Safe Links, Safe Attachments, and Anti-Phishing policies . Monitor and respond to email security alerts in Microsoft Security Portal . Conduct email security threat hunting using Defender for O365 and advanced hunting queries. b. Microsoft Endpoint Security Deploy and manage Microsoft Defender for Endpoint (MDE) to protect corporate devices. Enforce attack surface reduction (ASR) rules for endpoint protection. Configure endpoint compliance policies using Microsoft Intune . Implement DLP (Data Loss Prevention) policies to prevent data exfiltration. c. Compliance & Risk Management Implement and monitor Microsoft Purview Compliance Manager for risk assessment. Enforce Information Protection & Encryption Policies using Microsoft Purview. Configure and manage Conditional Access Policies in Microsoft Entra ID . Ensure compliance with security frameworks like ISO 27001, NIST, CIS, and GDPR . 3. Dark Web Monitoring & Brand Protection Monitor dark web forums, marketplaces, and underground networks for stolen credentials, data leaks, and insider threats. Implement dark web intelligence tools such as Recorded Future, Digital Shadows, or Microsoft Defender Threat Intelligence. Work with threat intelligence platforms to detect and respond to brand impersonation, phishing sites, and fraudulent domains . Collaborate with legal and compliance teams to enforce takedowns of malicious content. 4. Fraudulent Incident Investigation & Threat Hunting Investigate fraud incidents, phishing attempts, and business email compromise (BEC) . Conduct forensic analysis on compromised endpoints, servers, and email accounts. Develop and implement threat intelligence and threat hunting processes. Work closely with SOC teams for incident response and mitigation . 5. VAPT & IT Security Operations Perform Vulnerability Assessments & Penetration Testing (VAPT) on infrastructure, applications, and cloud environments. Implement and manage intrusion detection/prevention systems (IDS/IPS) . Monitor, analyze, and mitigate vulnerabilities from external and internal security scans . Work with teams to remediate vulnerabilities and harden IT assets. 6. IT Security & Compliance Management Develop and enforce security policies, standards, and procedures . Implement Zero Trust Architecture and IAM policies . Conduct security awareness training and phishing simulations. Ensure compliance with ISO 27001, NIST, CIS, PCI-DSS, GDPR, and other industry standards . Required Qualifications & Skills: Technical Skills: ✅ Firewall & Network Security: Palo Alto, Fortinet, Cisco ASA, Check Point ✅ Microsoft Security Stack: Defender for Endpoint, Defender for Office 365, Intune, Purview Compliance ✅ Endpoint Security & EDR: Microsoft Defender, CrowdStrike, SentinelOne ✅ WAF & Web Security: Imperva, AWS WAF, Akamai, Cloudflare ✅ VAPT & Red Teaming: Burp Suite, Nessus, Metasploit, Kali Linux, OWASP ZAP ✅ SIEM & Threat Intelligence: Microsoft Sentinel, Splunk, QRadar, ELK Stack, MITRE ATT&CK ✅ Cloud Security: Azure Security Center, AWS Security Hub, GCP Security Command Center ✅ IAM & Zero Trust: Okta, Microsoft Entra ID, Conditional Access Policies, PAM ✅ Dark Web & Brand Monitoring: Recorded Future, Digital Shadows, Microsoft Defender Threat Intelligence Soft Skills: Strong analytical and problem-solving skills. Excellent communication and stakeholder management abilities. Ability to work independently and in cross-functional teams. Proactive security mindset with attention to detail. Certifications (Preferred, but not mandatory): ✔️ CISSP – Certified Information Systems Security Professional ✔️ CEH – Certified Ethical Hacker ✔️ OSCP – Offensive Security Certified Professional ✔️ CISM/CISA – Certified Information Security Manager/Auditor ✔️ Microsoft Certified: Cybersecurity Architect (SC-100) ✔️ Microsoft Certified: Security Operations Analyst (SC-200) ✔️ Microsoft Certified: Information Protection Administrator (SC-400) Experience Required: 🔹 5+ years of experience in IT Security, Cybersecurity, and Threat Intelligence . 🔹 Hands-on expertise in firewall management, endpoint security, WAF, email security, and compliance . 🔹 Strong experience in fraud investigation, dark web monitoring, and brand protection . 🔹 Proven ability to secure cloud, hybrid, and on-premise environments . . Please send resumes to careers@isa.ae Show more Show less

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. As an IT Security Risk Manager, you would support information security policies, standards, and procedures to secure and protect data. Work directly with user departments to implement procedures and systems for the protection, conservation, and accountability of proprietary, personal, or privileged electronic data. Primary Responsibilities Perform audits to identify control gaps and implement corrective action plans Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Monitor compliance with corrective action plans, and address non-compliance issues appropriately Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools) Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards Facilitate/lead security incident investigation Analyse business requirements and ensure that solutions meet established security policies and controls Maintain metrics and report them. Maintain current knowledge on information security topics and their applicability program requirements Communicate professionally with stakeholders/end users through multiple communication Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Bachelor's degree or higher level of education 4+ years of Information security experience Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Proven auditing skills and the ability to manage risk assessments / projects independently Proven excellent communication skills both verbal and written Proven good presentation skills particularly ability to present technology elements in manner personnel can follow and act Preferred Qualification CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.

At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. In digital assurance at PwC, you will focus on providing assurance services over clients' digital environment, including processes and controls, cyber security measures, data and AI systems, and their associated governance, to help organisations and their stakeholders build trust in their technology while complying with relevant regulations. Driven by curiosity, you are a reliable, contributing member of a team. In our fast-paced environment, you are expected to adapt to working with a variety of clients and team members, each presenting varying challenges and scope. Every experience is an opportunity to learn and grow. You are expected to take ownership and consistently deliver quality work that drives value for our clients and success as a team. As you navigate through the Firm, you build a brand for yourself, opening doors to more opportunities. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Apply a learning mindset and take ownership for your own development. Appreciate diverse perspectives, needs, and feelings of others. Adopt habits to sustain high performance and develop your potential. Actively listen, ask questions to check understanding, and clearly express ideas. Seek, reflect, act on, and give feedback. Gather information from a range of sources to analyse facts and discern patterns. Commit to understanding how the business works and building commercial awareness. Learn and apply professional and technical standards (e.g. refer to specific PwC tax and audit guidance), uphold the Firm's code of conduct and independence requirements. Job Description ▪ We are looking for a self-motivated individual who will relish the opportunity to join a growing part of the PwC business, using their skills in developing key internal relationships. ▪ Participate in a wide range of projects and collaborate across multiple work streams or teams; consistently demonstrating creative thinking, individual initiative and timely completion of assigned work ▪ Consistently demonstrate teamwork dynamics by working as a team member: understand personal and team roles; contribute to a positive working environment by building solid relationships with team members; and proactively seek guidance, clarification and feedback. ▪ Serve as participant on communications with numerous engagement teams ▪ The individual should have the ability to work effectively under pressure without compromising professional standards or quality of the work being performed. ▪ Knowledge and understanding of cyber security frameworks, standards, and best practices such as NIST, ISO 27001,etc ▪ Familiarity with Identity and Access Management (IAM) systems and processed would be a plus ▪ Has a basic understanding of SOC1/SOC2/SOX reporting ▪ Has a basic understanding of Internal controls and compliance. ▪ Staying up-to-date on the latest information technology (IT) and cybersecurity developments Responsibilities ▪ Perform Audit procedures and provide related deliverables in accordance with PwC’s documentation and quality standards. ▪ Perform IT security assessments for clients (e.g. security risk assessments, IT network infrastructure reviews, system technical configurations review, information security policies and processes/procedures review etc. ▪ Evaluate and analyze threat, vulnerability, impact and risk to security issues discovered from security assessments ▪ Advise clients on the security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the processes and controls ▪ Perform assessment (pre and post implementation) of security solutions and advise client on Industry best practices. ▪ Conduct in-depth research on emerging cybersecurity threats, trends, and technologies, and incorporate findings into actionable recommendations. ▪ Collaborate with cross-functional teams to ensure the effective implementation of security policies, standards, and best practices ▪ Maintain working knowledge of IAC User Guides and Audit Standards ▪ Monitor time and manage deadlines ▪ Adhere to PwC IAC policies and procedures ▪ Participate in training, coaching and other developmental opportunities. Requirements Minimum Degree(s): ▪ Bachelors or Masters degree in engineering with specialization in Management Information Systems, Computer Science, Information Systems, Information Technology or equivalent ▪ Understanding of audit concepts and latest regulations ▪ 1 -3 years’ experience in the domains mentioned in the Job Description above & Candidates with “Big 4” or equivalent experience would be preferred Certification(s) Preferred ▪ CISSP / ISO 27001 LA / CRISC / CISM / certifications are preferred. ▪ Understanding of Cyber security concepts and audit regulations Knowledge And Skill Set Required ▪ Working knowledge of appropriately applying internal control principles and business/technical knowledge including Application Controls, IT General Controls and Financial Reporting Concepts. ▪ Working knowledge of security controls, programming, networks and operating systems would be an added advantage ▪ Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.), including an understanding of the v-lookup, text, reference and logical and information functionality in excel. ▪ Team player, committed to providing high quality and maintaining timeliness ▪ Effective written and verbal communication skills including English ▪ Demonstrated self-motivation and a desire to take responsibility for personal growth and development ▪ Commitment to continuous training and to proactively learn new processes. ▪ Should have strong work ethics and commitment to delivering/ownership of work deliverables as per agreed timelines. Show more Show less

At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. In digital assurance at PwC, you will focus on providing assurance services over clients' digital environment, including processes and controls, cyber security measures, data and AI systems, and their associated governance, to help organisations and their stakeholders build trust in their technology while complying with relevant regulations. Driven by curiosity, you are a reliable, contributing member of a team. In our fast-paced environment, you are expected to adapt to working with a variety of clients and team members, each presenting varying challenges and scope. Every experience is an opportunity to learn and grow. You are expected to take ownership and consistently deliver quality work that drives value for our clients and success as a team. As you navigate through the Firm, you build a brand for yourself, opening doors to more opportunities. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Apply a learning mindset and take ownership for your own development. Appreciate diverse perspectives, needs, and feelings of others. Adopt habits to sustain high performance and develop your potential. Actively listen, ask questions to check understanding, and clearly express ideas. Seek, reflect, act on, and give feedback. Gather information from a range of sources to analyse facts and discern patterns. Commit to understanding how the business works and building commercial awareness. Learn and apply professional and technical standards (e.g. refer to specific PwC tax and audit guidance), uphold the Firm's code of conduct and independence requirements. Job Description ▪ We are looking for a self-motivated individual who will relish the opportunity to join a growing part of the PwC business, using their skills in developing key internal relationships. ▪ Participate in a wide range of projects and collaborate across multiple work streams or teams; consistently demonstrating creative thinking, individual initiative and timely completion of assigned work ▪ Consistently demonstrate teamwork dynamics by working as a team member: understand personal and team roles; contribute to a positive working environment by building solid relationships with team members; and proactively seek guidance, clarification and feedback. ▪ Serve as participant on communications with numerous engagement teams ▪ The individual should have the ability to work effectively under pressure without compromising professional standards or quality of the work being performed. ▪ Knowledge and understanding of cyber security frameworks, standards, and best practices such as NIST, ISO 27001,etc ▪ Familiarity with Identity and Access Management (IAM) systems and processed would be a plus ▪ Has a basic understanding of SOC1/SOC2/SOX reporting ▪ Has a basic understanding of Internal controls and compliance. ▪ Staying up-to-date on the latest information technology (IT) and cybersecurity developments Responsibilities ▪ Perform Audit procedures and provide related deliverables in accordance with PwC’s documentation and quality standards. ▪ Perform IT security assessments for clients (e.g. security risk assessments, IT network infrastructure reviews, system technical configurations review, information security policies and processes/procedures review etc. ▪ Evaluate and analyze threat, vulnerability, impact and risk to security issues discovered from security assessments ▪ Advise clients on the security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the processes and controls ▪ Perform assessment (pre and post implementation) of security solutions and advise client on Industry best practices. ▪ Conduct in-depth research on emerging cybersecurity threats, trends, and technologies, and incorporate findings into actionable recommendations. ▪ Collaborate with cross-functional teams to ensure the effective implementation of security policies, standards, and best practices ▪ Maintain working knowledge of IAC User Guides and Audit Standards ▪ Monitor time and manage deadlines ▪ Adhere to PwC IAC policies and procedures ▪ Participate in training, coaching and other developmental opportunities. Requirements Minimum Degree(s): ▪ Bachelors or Masters degree in engineering with specialization in Management Information Systems, Computer Science, Information Systems, Information Technology or equivalent ▪ Understanding of audit concepts and latest regulations ▪ 1 -3 years’ experience in the domains mentioned in the Job Description above & Candidates with “Big 4” or equivalent experience would be preferred Certification(s) Preferred ▪ CISSP / ISO 27001 LA / CRISC / CISM / certifications are preferred. ▪ Understanding of Cyber security concepts and audit regulations Knowledge And Skill Set Required ▪ Working knowledge of appropriately applying internal control principles and business/technical knowledge including Application Controls, IT General Controls and Financial Reporting Concepts. ▪ Working knowledge of security controls, programming, networks and operating systems would be an added advantage ▪ Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.), including an understanding of the v-lookup, text, reference and logical and information functionality in excel. ▪ Team player, committed to providing high quality and maintaining timeliness ▪ Effective written and verbal communication skills including English ▪ Demonstrated self-motivation and a desire to take responsibility for personal growth and development ▪ Commitment to continuous training and to proactively learn new processes. ▪ Should have strong work ethics and commitment to delivering/ownership of work deliverables as per agreed timelines. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Technology Risk – Senior As part of our EY- Technology Risk team you will contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships. You will also identify potential business opportunities for Ernst & Young within existing engagements and escalate these as appropriate. Similarly, you will anticipate and identify risks within engagements and share any issues with senior members of the team. The opportunity We are looking for a senior to join the Cyber COE group of our EY-Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Competencies and Expertise Needed Understanding of Identity and Access Management (IAM) principles, frameworks, and best practices. Strong consulting and advisory skills, capable of understanding and addressing clients’ needs. Hands-on experience with Privileged Access Management (PAM) tools and strategies, including the implementation of solutions like PAM services. In-depth knowledge of identity lifecycle management processes, encompassing user provisioning, de-provisioning, and role management, as demonstrated in various IAM implementation projects. Skilled in analysing security risks associated with identity and access, and formulating effective mitigation strategies, as evidenced by successful project outcomes. Understanding of role-based access control (RBAC), multi-factor authentication (MFA), and single sign-on (SSO) implementations. Interest in working on security compliance projects related to IAM. Experience or interest in leading workshops, trainings, or presentations for clients. Desire to work collaboratively with IT teams to implement IAM and PAM solutions by ensuring seamless integration and operational efficiency. Responsible for ISO 27001 based Information Security Management System implementation and sustenance Assess client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling Responsible for conducting clients’ vendors risk assessment and providing a holistic view of client’s risk exposure due to outsourcing Responsible for advising and assisting clients to develop and implement Information classification framework Conduct Information Systems audits covering IT infrastructure assets Serves as technical lead or subject matter specialist on security and privacy implementation projects, responsible for design, build, testing and deployment of solutions Technical Knowledge of Security Capabilities such as, CSPM, EDR, SIEM/SOAR, Vulnerability Management will be a plus. Have a knowledge of cyber security concepts around Vulnerability Management, Identity Management, Risk Management, etc. Good understanding of overall cyber security objective of the organization and having an ability translate data into actionable metrics to drive initiatives to improve cyber security posture. Understanding of Senior stakeholder’s requirements in the organization such CISO, CIO, CRO and ability to communicate with them in an effective manner with excellent verbal and written communication skills. Experienced in conducting information security assessments including business continuity plan audits, network security audits, GenAI Audit, and infrastructure audits. Performed NIST assessments, ISO assessments, and privacy impact audits, Data Privacy and GDPR implementation, experience in developing Data inventory and Third-Party Risk Assessment. Familiar with IT industry frameworks such as ISO27001, ISO42001, NIST, PCI-DSS, TISAX, DSA/DMA, GDPR, NIS2 and HITRUST. Your Key Responsibilities Test and supervise the delivery of assigned controls not limited to ITGC and ITAC but ISO27001 & NIST assessment, Privacy Assessment, Cyber Maturity Assessment, IT Policies Standards Assessment, Software Development Lifecycle (SDLC), System Architecture, Operating Systems, Databases, Networks, Security Systems, Cloud Services, Asset Inventories, Incident Management, Recovery Management and knowledge to intervene and redirect testing as required, resolving, or redirecting escalations as required. Collaborate with your team to manage control owners and other stakeholders, ensuring the success of each assigned reviews, minimising contention where possible and requesting support, where deemed necessary. Apply judgement and risk management concepts to identify, formulate findings and provide valuable insights to the clients to improve processes and manage risks to achieving operational and strategic goals. Review IT Policies and Standards and ensure that they are as per the different industry standard. Stay current with cybersecurity regulations and promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the enterprise. To qualify for the role, you must have. Graduate (CS/ IT, Electronics, Electronics & Telecommunications,)/MBA/M.Sc. with at least 4-7 years of experience. Having industry certification such as CISSP, CISM, CRISC or CISA a strong plus Bring your significant experience in applying relevant technical knowledge in at least one of the following engagements: (a) ISO assessments (b) NIST assessments (c) Data privacy audits (d) Network and Infrastructure audits (e) Cyber Maturity Assessment (f) IT Policies and Standards Assessment (g) IAM and IT Asset Management (h) IT Health Check (i) BCP/DR audit (j) Application security audits. What We Look For A Team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment Opportunities to work with EY Assurance practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we are dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

Who We Are Zinnia is the leading technology platform for accelerating life and annuities growth. With innovative enterprise solutions and data insights, Zinnia simplifies the experience of buying, selling, and administering insurance products. All of which enables more people to protect their financial futures. Our success is driven by a commitment to three core values: be bold, team up, deliver value – and that we do. Zinnia has over $180 billion in assets under administration, serves 100+ carrier clients, 2500 distributors and partners, and over 2 million policyholders. Who You Are You’re a highly organized and proactive technical project manager (TPM) or technical program manager (TPgM) with a strong understanding of cybersecurity. You don’t just track progress – you help shape it. You’ve worked in complex environments, and you know how to bring clarity to chaos. You’re comfortable driving multiple initiatives, projects and programs at once, keeping stakeholders aligned, and pushing security programs forward without losing sight of the details. You’re comfortable working with software engineers, security engineers, and senior stakeholders, and you’ve got a knack for solving problems that don’t have a clear blueprint. You understand how to bridge technical risk and business impact through strategic security program management and clear communication. You’re not afraid of scale, and you see security as a key enabler of trust and innovation – not just a checkbox. What You’ll Do Own the delivery of security initiatives from kickoff through completion – including planning, execution, and tracking Manage several programs simultaneously, working with stakeholders to ensure alignment on goals, priorities, and plans Develop metrics and status reports that clearly communicate progress, blockers, and risks to leadership and others Manage and coordinate initiatives like vulnerability management, penetration testing, security champions etc. Support audit readiness and ensure that findings are remediated on time and tracked through resolution Contribute to strategic planning for broader security programs, where applicable Ensure alignment of security initiatives with regulatory and compliance requirements (e.g., SOC 1, SOC 2, NIST) Assist in budget planning and resource forecasting for security initiatives Be a humble member of our team What You’ll Need 6+ years of experience in project and/or program management, ideally with a focus in Information Security or IT Project Management Professional (PMP), Program Management Professional (PgMP) or other similar certifications Understanding of to security concepts like vulnerability management, penetration testing, and risk management Experience with agile development or methodology, DevOps, CI/CD and secure development lifecycle practices Ability to clearly translate technical details to non-technical stakeholders Strong organizational habits and attention to detail Ability to manage competing priorities and timelines without dropping the ball Comfortable working independently, but collaborative when it counts Strong risk management mindset with experience facilitating risk assessments and mitigation strategies Familiar with tracking and reporting tools like JIRA WHAT’S IN IT FOR YOU? We’re looking for the best and brightest innovators in the industry to join our team. At Zinnia, you collaborate with smart, creative professionals who are dedicated to delivering cutting-edge technologies, deeper data insights, and enhanced services to transform how insurance is done. Visit our website at www.zinnia.com for more information. Apply by completing the online application on the careers section of our website. We are an Equal Opportunity employer committed to a diverse workforce. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability. Show more Show less

HERE’S SOME INFORMATION FOR YOU? You will be responsible for guarding the vision, the development of strategy and the implementation of the Information Security Risk and IT Risk Management program within the organisation as part of DAZN’s information security management system (ISMS) HERE’S A BREAKDOWN OF WHAT YOU’LL DO (NOT ALL OF IT, JUST THE MOST IMPORTANT STUFF) Providing subject matter expertise in the area of information security, including risk requirements Maintaining the Information Security Risk Register and provide management reporting. Keeping the register aligned with the DAZN Risk Framework and supporting the ongoing operations and enhancements for the Cyber Risk program. Provide specialist cyber risk expertise to support IT projects, operational teams, and business units upon request. Identify, analyse and report information security risks through an internal audit plan. Follow up on the implementation status of agreed controls Identify, analyse and report on the internal IT risks, and take ensure of the follow-up. Participate in the maintenance of a certified ISMS. Define risk policies, standards, procedures and guidelines. Ensure effective communication and awareness about risk assessment processes within the business Follow up and report on risk treatment actions implementation and status. Support other generalist information security activities as part of the ISMS YOU’LL NEED TO HAVE THESE ESSENTIALS Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels An understanding of IT Infrastructure and Cloud Services Practical knowledge of information security management frameworks including ISO27001, ISO22301 and PCI DSS Sound knowledge of business and risk management frameworks like ISO 27005, ISO 31000, NIST etc. Experience interacting, presenting and working with C-level executives (CTO, CIO, etc.) Ability to coordinate global team members IT WOULD BE GREAT IF YOU HAD THESE TOO Professional security management certification strongly desirable, such as Certified Risk Information Security Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), ISO27001 Lead Auditor/Implementer or other similar credentials Show more Show less

Title: Infrastructure and Cloud Specialist Experience: 5+ Years and above Position Type : Full-time Timing: Willing to work in US Time zone and extended shift hours. Location : Preferred Mumbai & Pune Location Only. Roles and Responsibilities: Having extensive knowledge and experience in Infrastructure deployments. Architect, implement, and manage cloud environments across Azure, GCP, and AWS. Design multi-cloud strategies, including workload migration, resource optimization, and cost management. Configure and manage identity & access management (IAM) across different cloud providers. Manage Microsoft Azure access and authentication. Create conditional access rules and configure MFA in Microsoft Azure. Configure and manage external and guest access for O365. Monitor O365 alerts and take corrective actions. Create and monitor data loss prevention policies. Create reports capturing user adoption, team usage, app usage, active users, and meeting metrics. Configure Information Rights Management for O365 workloads Configure and monitor data sensitivity labels. Assist with O365 eDiscovery searches and investigations. Manage and optimize Microsoft Azure cloud environments, ensuring security and compliance. Implement and maintain Microsoft Defender for Cloud to protect workloads and improve security posture. Configure and manage Entra ID Enterprise Applications, including authentication, access policies, and API integrations. Conduct risk assessments and security audits to identify vulnerabilities and mitigation strategies. Develop and enforce identity and access management (IAM) policies using Entra ID. Monitor security alerts, investigate incidents, and implement proactive threat mitigation strategies. Collaborate with IT and security teams to enhance cloud security frameworks and best practices. Mentor and provide knowledge transfer of M365 technologies and administration tasks. Independently manage individual work schedule with minimal oversight and proactively communicate status, progress, and risks to management and project leadership. Strong working knowledge of Active Directory, Exchange 2016-2019 installation, configuration, and support, Office 365 configuration and support, Exchange Online Protection, External DNS record configuration (SPF, DKIM, and DMARC), and PowerShell for automation, maintenance, and reporting Strong knowledge of Microsofts Advanced Threat Services and Compliance Providing technical expertise on Office 365 applications: Teams, SharePoint Online, Azure, OneDrive, and PowerBI Experience with PowerShell Scripting for automation. Installing and configuring load balances like Zeus, KEMP, etc Design and implementation of the virtual environment with VMware ESX 4. x and later on HP, DELL, etc with local SCSI and centralized Fiber Channel storage. Deploying the New VM from the template and cloning an existing VM as per the client's request through the change management process. Experience with configuring Cisco, DELL Switches, and Routers. Experience with Fiber Channel switch configuration. Worked on VoIP technologies. Manages servers, including Office365 e-mail, Active Directory, VMWare, SAN storage, print, domain, application, and backup servers and their associated operating systems and software Knowledge of distributed file services and replication and Configuring alarms, managing tasks, events, and alarms, root cause & system log analysis, and reporting. Moving VMs from one LUN to another LUN using Storage VMotion. Adding new virtual disks and extending existing volumes, disk, and hardware monitoring. Installing, configuring, and managing virtual infrastructure and virtual center. Installation OS and configuration of virtual machines in an enterprise SAN environment. Creating raw partitions and iSCSI storage partitions. Moving physical machine to virtual machine using P2V converter. Troubleshooting problems with the help of Event Logs, troubleshooting virtual machine issues. Managing VMs through web access, Configurations of Virtual switches, and network connections. Knowledge of Microsoft System Center Configuration Manager. Experience with Cisco IronPort email gateway configuration. Worked on cloud infrastructures like Amazon, and Azure with VPC network configuration. Adding and deleting users. Kernel compiling. FTP, SSH, SCP Protocols, Software & patch addition, modification & removal. Planning and Implementation of SAN storage solution Allocation of storage to blade servers (Creation of LUNs) Mirrors and RAID 0, 1, and 5 levels. Experience with configuring and managing Virtual disks. Planning and Implementation Virtual Desktop Infrastructure. Support for configuration of thin clients to connect to local servers. IP tables. Identifying project needs and planning an Implementation solution for the Desktop needs, Manage users, groups, permissions, and roles. Planning Implementing and MPLS Network. Installation and configuration of Data Center Router and Branch routers Switches Managing Leased Line Network, Servers Installation OS & MySQL and Oracle enterprise servers in virtual Farm. Worked with command-line editors to create automation jobs and monitoring. Planning and Implementing Apache Web Server, Samba, solutions (In-house) Migration and configuration of CRM, ERP, LMS, Database, and Corporate Website Servers in Virtual farm at DC. Security hardening and Monitoring of VMs & ESX servers (CPU, Memory, Disk, Network Utilization) for Security Compliance. Develops, implements and maintains policies, procedures and associated training plans for network resource administration, appropriate use, business continuity and disaster recovery Experience with Amazon S3, VPN, EC2, CloudFront, CodeBuild, CloudWatch, Load Balancer, etc Required Skills: Worked on Production, DEV, and TEST environments. Worked on Datacenter Implementation. Worked on several Infrastructure and application migrations. Worked on Cloud Migration services. Supported International clients. Ability to work independently and handle crisis management. Managed 100+ servers with multiple technologies like Windows, VMware, Hyper-V, etc. Ability to perform multiple, technical, highly complex tasks with the need to regularly upgrade skills to meet dynamic job conditions Strong knowledge of centralized and automated systems and application deployment via scripting. Strong knowledge of routing, VLAN, and firewall configuration. Industry-standard certifications such as Security+, CISSP, GSEC, ITIL, Microsoft, and Cisco certifications added value. Designing and implementing on-site, off-site, and international server infrastructure. Assessing and administering all equipment, hardware, and enterprise software upgrades. Practice in network asset management, including maintenance of network component inventory, life cycle management, and documentation. Experience with cloud platforms (e.g., AWS, Azure, or GCP) is preferred. Strong expertise in Microsoft Azure, Google Cloud Platform (GCP), and AWS cloud services. Knowledge of cloud networking, hybrid cloud architectures, and performance tuning. Strong background in VMware, Windows and networking. Strong expertise in Microsoft Azure, Microsoft Defender for Cloud, and Entra ID Enterprise Applications. Experience with cloud security posture management (CSPM) and cloud workload protection (CWP). Knowledge of identity and access management (IAM), OAuth 2.0, SAML, and OpenID Connect. Familiarity with Azure API Management, Azure Logic Apps, and automation workflows. Understanding of compliance frameworks, including ISO 27001, NIST, and the Digital Operational Resilience Act (DORA). Technologies: Operating System: Windows, VMware ESX, Citrix, etc Virtualization: KVM, OpenStack, VMware, Hyper-V, Citrix, RedHat Networking: Cisco Nexus, ASA Firewall, SonicWALL, VPN, etc Software: Nginx, Python, Apache, Docker, cPanel, PHPmyAdmin, WordPress, Jira, Confluence, SpiceWorks, etc Monitoring: Ossec, Nagios, Cacti, MRTG, LibreNMS, Observium, etc Database: MySQL, SQL, Sybase ASE, Oracle, DB2, etc Mail Server: Microsoft Exchange, Office 365, Zimbra, Qmail, Cisco IronPort, etc Source Control and Continuous Integration: CVS, Docker, Visual Source, CCNet, Slack, etc VoIP: Trixbox, Asterisk, Elastix, Skype for Business, etc Backup Software: Veeam, Symantec, Linux custom scripting. Load Balancer: F5, Citrix Netscaler, KEMP, Loadbalancer, Zeus (Zenoss), etc Storage: EMC, Nimble, Compellent, HP, etc Cloud Services: Microsoft Azure, AWS, etc Regards, Stella Mary HR Stella.mary@mlogica.com