1769 Nist Jobs - Page 5

Join our Team About this opportunity: Ericsson is seeking an experienced IAM Engineer with a strong background in Identity Management (IDM) and Public Key Infrastructure (PKI) to join our team in Noida or Bangalore. The ideal candidate will bring 8 to 15 years of hands-on experience in designing, implementing, and managing enterprise IAM solutions, ensuring secure and seamless identity lifecycle management and robust cryptographic security. Key Responsibilities: Design, implement, and support enterprise Identity and Access Management (IAM) solutions, focusing on IDM and PKI components. Manage identity lifecycle processes including provisioning, de-provisioning, authentication, authorization, and access governance. Deploy and maintain PKI infrastructure, including certificate lifecycle management, CA operations, and secure key management. Integrate IDM and PKI systems with various applications, cloud platforms, and network services. Collaborate with security teams to enforce access controls, policies, and compliance requirements. Troubleshoot and resolve IAM and PKI related incidents and performance issues. Develop automation scripts and tools to optimize IAM and PKI processes. Participate in security audits and assessments related to IAM and PKI. Document architecture, configurations, and operational procedures. Stay updated with emerging IAM and PKI technologies, trends, and best practices. Required Skills and Qualifications: Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or related field. 8 to 15 years of experience in Identity and Access Management engineering roles. Strong hands-on experience with IDM platforms such as SailPoint, Oracle Identity Manager, IBM Security Identity Manager, or similar. Expertise in PKI technologies including CA management, certificate issuance, revocation, and integration with applications. Experience with directory services (LDAP, Active Directory) and federation technologies (SAML, OAuth, OpenID Connect). Proficiency in scripting languages (Python, Shell, PowerShell) for automation. Knowledge of security standards and compliance frameworks (ISO 27001, NIST, GDPR). Strong troubleshooting, problem-solving, and communication skills. Ability to work collaboratively in cross-functional and global teams. Preferred Qualifications: Certifications such as CISSP, CISA, CISM, or relevant IAM/PKI certifications. Experience in telecom or large-scale enterprise environments. Familiarity with cloud IAM solutions (Azure AD, AWS IAM) and hybrid identity architectures. Exposure to DevOps practices and CI/CD pipelines related to IAM deployments. Show more Show less

Join our Team About this opportunity: Ericsson is seeking an experienced GRC Specialist with 8 to 15 years of expertise in Governance, Risk, and Compliance to join our team in Noida or Bangalore. The ideal candidate will have a strong background in managing risk frameworks, compliance programs, and governance processes within large enterprises, preferably in telecom or IT sectors. Key Responsibilities: Develop, implement, and maintain governance, risk, and compliance frameworks aligned with global standards and Ericsson policies. Perform comprehensive risk assessments and compliance audits to identify gaps and recommend remediation actions. Ensure adherence to regulatory requirements such as ISO 27001, GDPR, NIST, COBIT, and ITIL. Manage and monitor compliance controls and policies to mitigate organizational risks. Collaborate with internal stakeholders and external auditors to facilitate audit readiness and compliance reporting. Drive continuous improvement initiatives for GRC processes and tools. Support incident response and business continuity planning from a GRC perspective. Lead awareness programs and training sessions on governance, risk, and compliance topics. Utilize and optimize GRC platforms (e.g., RSA Archer, MetricStream, ServiceNow GRC) for automated risk management and reporting. Required Skills and Qualifications: Bachelor’s or Master’s degree in Information Technology, Cybersecurity, Business Administration, or related field. 8 to 15 years of experience in Governance, Risk, and Compliance roles. In-depth knowledge of GRC frameworks and standards (ISO 27001, NIST, COBIT, GDPR, ITIL). Practical experience with GRC tools and platforms. Strong understanding of cybersecurity risk management and control frameworks. Excellent analytical, organizational, and communication skills. Ability to work collaboratively across teams and influence senior stakeholders. Relevant certifications such as CISA, CISM, CRISC, CISSP, or similar preferred. Preferred Qualifications: Experience in the telecommunications or IT industry. Knowledge of cloud security and compliance frameworks. Familiarity with data privacy regulations and telecom-specific compliance requirements. Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Noida Req ID: 768424 Show more Show less

Job Title: ISO 27001 Process Consultant with Data Privacy & GRC focus Department: Information Technology / IT Governance & Process Standardization Reports To: IT Operations Head Location: Manesar, Haryana (On-site at Client Location) Employer: VVNT SEQUOR, Noida Summary: VVNT SEQUOR is seeking a talented professional to support our client in Manesar, Haryana (on-site role) in driving IT excellence. You will play a crucial role in ensuring IT operations adhere to industry best practices (ITIL, ISO 27001) and align with business objectives. Your key responsibilities will include: Establishing and maintaining IT governance frameworks aligning with ISO 27001, ITIL, and NIST standards. Developing and enforcing IT policies, SOPs, and regulatory compliance guidelines. Conducting regular audits and risk assessments to ensure IT processes meet compliance requirements. Driving process standardization and optimization to improve operational efficiency. Implementing IT Service Management (ITSM) best practices. Developing and maintaining Change Management and Continuous Improvement frameworks. Developing and enforcing incident response and problem management frameworks. Training IT staff on new processes, policies, and best practices. Acting as a liaison between IT teams, management, and external auditors on compliance matters. We are looking for someone with: Bachelor’s degree in IT, Computer Science, or a related field. 10-12 years of experience in IT process engineering, IT governance, or IT service management. Strong knowledge of ITIL frameworks and ISO 27001 compliance is essential. Experience in process mapping, automation, and optimization techniques. Hands-on experience with ITSM tools (e.g., ServiceNow, BMC Remedy, Jira Service Management). Familiarity with risk assessment methodologies and regulatory compliance audits. Excellent analytical, problem-solving, and communication skills. Bonus points for: ITIL v4 Certification. Experience with ISO 27001 implementation and audit processes. Knowledge of process automation tools and scripting. Understanding of Cloud Governance. Experience in automotive, manufacturing, or R&D environments. Why join VVNT SEQUOR? Opportunities for professional development and growth. Subsidized Cab and Lunch options. Exposure to a dynamic client environment in the automotive sector. Recognition of being associated with a leading organization. To Apply: Please submit your resume along with the cover letter to chaitali@vvntsequor.in or parveen.arora@vvntsequor.in Also, you can connect over WhatsApp +91-9891810196 or +91-8802801739 IMPORTANT: Do mention clearly to Job Role that you are applying for along with your Last Salary Drawn information as well as your Earliest Joining Date in your covering letter or email. Show more Show less

Bangalore,Karnataka,India Job ID 767284 Join our Team About this opportunity: We are seeking a highly motivated and detail-oriented Experienced Cloud Engineer to join our dynamic software DevOps team. You should be a curious professional, eager to grow, and an excellent team player! As a Cloud Engineer, you will work closely with our r-Apps DevOps team to gain exposure to cloud native infrastructure, automation, and optimization tasks. You will support the implementation and maintenance of CI-CDD, Deployments, helm, Security aspects of cloud native applications/environments, assist with troubleshooting and contribute to the SaaS/AaaS based Microservice solutions development team. What you will do: AWS Cloud: Experience with AWS Cloud pipelines and AWS CloudFormation (IaC). Kubernetes & Helm: Kubernetes administration & Cloud native application packaging/management using Helm charts. CI-CDD: Design and implement CI-CDD using Jenkins & spinnaker Automation & Scripting: Develop and maintain scripts to automate routine tasks using technologies such as Ansible, Python, and Shell scripting. Monitoring & Optimization: Monitor microservice resources for performance, availability. Assist in optimizing environments to enhance performance. Troubleshooting: Troubleshoot and resolve issues within AaaS applications, focusing on resource failures, performance degradation, and connectivity disruptions. Documentation: Assist in documenting DevOps infrastructure setups, processes, and workflows, and help maintain knowledge base articles. Learning & Development: Continuously expand your knowledge of cloud technologies and cloud architecture, stay updated on the latest trends in cloud computing. You will bring: Bachelor/ master’s degree in computer science, Software Engineering, or related field Experience of cloud platforms like AWS. Proficiency in containerization and orchestration using Docker and Kubernetes. Proficient in using Helm for managing Kubernetes applications, including creating and deploying Helm charts. Experience in CICD tools like Jenkins, Spinnaker, Gitlab. Experience with monitoring tools such as Prometheus, Grafana. Implement and manage security tools for CI/CD pipelines, cloud environments, and containerized applications. Experience of scripting and automation (e.g., Python, Bash, Ansible). Strong problem-solving skills and the ability to troubleshoot cloud native infrastructure. Good communication skills and the ability to work effectively in a team environment. Eagerness to learn new technologies and contribute to cloud native applications. Understanding of the software development lifecycle (SDLC) and agile methodologies Preferred qualifications: Certifications / Hands-on experience with AWS. Exposure to AI services for DevOps. Predictive analysis on Monitoring of AaaS applications. Design and enforce security best practices across the entire DevOps lifecycle. Familiarity with industry security standards and frameworks (e.g., CIS, NIST, OWASP). Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply?

Key Responsibilities Design and develop secure network architectures for on-premises, cloud, and hybrid environments. Evaluate and recommend security solutions, tools, and technologies. Conduct risk assessments and vulnerability analyses of network infrastructure. Define and enforce security policies, standards, and procedures. Collaborate with IT and DevOps teams to integrate security into system and application design. Monitor network traffic for unusual activity and respond to security incidents. Lead penetration testing and red/blue team exercises. Ensure compliance with regulatory requirements (e.g., ISO 27001, NIST, GDPR, HIPAA). Provide technical guidance and mentorship to security engineers and analysts. Stay current with emerging threats, vulnerabilities, and security Qualifications : Bachelors or Masters degree in Computer Science, Information Security, or related field. 8+ years of experience in network security or cybersecurity roles. Strong knowledge of firewalls, VPNs, IDS/IPS, SIEM, and endpoint protection. Experience with cloud platforms (AWS, Azure, GCP) and their security models. Familiarity with Zero Trust Architecture and Secure Access Service Edge (SASE). Proficiency in scripting and automation (Python, PowerShell, etc.). Relevant certifications (e.g., CISSP, CCSP, CISM, CEH). (ref:hirist.tech) Show more Show less

Responsibilities Participate or Lead engagements for ICS/OT Cyber Security Maturity Assessments, Transformations, Strategy Development, and Target Operating Model design Controls mapping between clients internal frameworks with an industry recognized framework Design solutions and corresponding Roadmap of activities for ICS/OT clients Prepare or support Business Proposals for various KPMG service offerings Understand clients requirements and identify relevant opportunities to better serve the client Present engagement case studies and KPMG approach in internal and external Qualifications : A minimum of five years of experience in cyber security for Operational Technology environment Bachelor`s degree from an accredited college/university or equivalent experience Good understanding of general OT network topologies, Purdue Model, PLCs, SCADA systems, DCS, and OT specific communication protocols such as OPC, Modbus, IEC 60870, DNP3, etc. Working knowledge and deployment of IEC 62443, NIST 800-82, NIST CSF, and familiarity with NIS CAF and NERC CIP Hands-on experience in OT specific cyber security solutions such as Nozomi, Claroty, Splunk, etc. Strong oral and written communication skills. Solid understanding of the relevant industries production processes and operational procedures Cyber OT endpoint OS, Server OS, and embedded systems knowledge Knowledge of OT Capable SIEM, IPS/IDS, Patch Management, Asset Management, security events logging and monitoring technologies and platforms such as Nozomi, Claroty, Nextnine, Industrial defender, Splunk, ArcSight, QRadar, etc. Experience in deploying of unidirectional firewalls, host-based firewalls, Anti-Malware, HIDS in plant and operational environments Strong oral and written communication Characteristics : Certifications in good standing such as : IEC 62443, CISSP, CISM, CISA, CEH, etc. Experience working in a consulting environment or with Big4 firms Demonstrated analytical and complex problem-solving skills Ability to work effectively in a team and across functions, partnering with other teams globally Very strong work ethic and ability to deal with confidential information Develop people through effective coaching and mentoring. Strong interpersonal skills. (ref:hirist.tech) Show more Show less

Requisition Id : 1617252 As a global leader in assurance, tax, transaction and advisory services, we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom. At EY, we don't just focus on who you are now, but who you can become. We believe that it’s your career and ‘It’s yours to build’ which means potential here is limitless and we'll provide you with motivating and fulfilling experiences throughout your career to help you on the path to becoming your best professional self. The opportunity : Consultant-TMT-Assurance-ASU - TR - Technology Risk - Chennai TMT : Industry convergence offers TMT (Technology, Media & Entertainment, and Telecommunications) organizations the chance to evolve and transform, but it also presents challenges around competitiveness and delivering agile corporate strategies for growth. We help TMT companies create compelling employee and customer experiences, retaining skills and talent while achieving enterprise-wide operational excellence. We help them guard their data, brand and reputation. We also enable the pursuit of M&A strategies that methodically create value, reduce risk and transform TMT companies into powerhouses that will lead the technology revolution of the future – building a better working world for all. ASU - TR - Technology Risk : Assurance’s purpose is to inspire confidence and trust to enable a complex world to work. We do so by protecting and serving the public interest, promoting transparency, supporting investor confidence and economic growth and fostering talent to provide future business leaders. We help clients by: Ensuring their accounts comply with the requisite audit standards Providing a robust and clear perspective to audit committees and Providing critical information for stakeholders. Our Service Offerings include External Audit, Financial Accounting Advisory Services (FAAS), IFRS & US GAAP conversion, IPO and other public offering, Corporate Treasury - IFRS 9 accounting & implementation support etc. Your key responsibilities Technical Excellence Working with clients on SOCR and FAIT (Financial Audit Integration) engagements Sharp focus on ITGC Testing Deep knowledge in OS, Network, DB and ERP control testing Process narrative documentation Deep understanding of Compliance subjects (SOCR, FAIT, NIST, ISO and other Info Sec related compliance requirements) Understanding and performing of Testing methodologies Report writing Teaming skills related to on-site delivery Client interation and expectation management Skills and attributes To qualify for the role you must have Qualification BCOM, BCA, BSC, BE/ B.Tech,, or MSC in Computer Science Experience 3 - 6 years of relevant experience What we look for People with the ability to work in a collaborative manner to provide services across multiple client departments while following the commercial and legal requirements. You will need a practical approach to solving issues and complex problems with the ability to deliver insightful and practical solutions. We look for people who are agile, curious, mindful and able to sustain postivie energy, while being adaptable and creative in their approach. What we offer With more than 200,000 clients, 300,000 people globally and 33,000 people in India, EY has become the strongest brand and the most attractive employer in our field, with market-leading growth over compete. Our people work side-by-side with market-leading entrepreneurs, game- changers, disruptors and visionaries. As an organisation, we are investing more time, technology and money, than ever before in skills and learning for our people. At EY, you will have a personalized Career Journey and also the chance to tap into the resources of our career frameworks to better know about your roles, skills and opportunities. EY is equally committed to being an inclusive employer and we strive to achieve the right balance for our people - enabling us to deliver excellent client service whilst allowing our people to build their career as well as focus on their wellbeing. If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible. Join us in building a better working world. Apply now. Show more Show less

Join us as a "CBP Global Regulatory Governance" at Barclays, where you'll spearhead the evolution of our digital landscape, driving innovation and excellence. You'll harness cutting-edge technology to revolutionize our digital offerings, ensuring unapparelled customer experiences. To be successful as a "CBP Global Regulatory Governance", you should have experience with: Lead a team that governs regulatory engagements for Technology & CSO, supporting leadership where necessary. Delivers against the agreed strategy for Technology and CSO regulatory, external audit and client engagement globally. Experience in managing Technology & Cyber Regulatory Engagements and external audits. Excellent knowledge of information technology risks, controls and risk remediation. Collaboration with various stakeholders across the bank and business units to improve overall control effectiveness through detailed documentation of control assessments, procedures, and findings. Some Other Highly Valued Skills May Include Review of Audit findings, self-identified issues and breaches to align them with operational risk, regulatory requirements and Barclay’s Control Framework. Advising IT on pragmatic approaches to meeting regulatory mandated technology controls and risk reduction. Relevant professional certification such as CISA, CISSP, CISM, PMP, CRISC or equivalent. Desirable Skills/Preferred Qualifications Experience in playing a lead role in: Review of Audit findings, self-identified issues and breaches to align them with operational risk, regulatory requirements and Barclay’s Control Framework. Advising IT on pragmatic approaches to meeting regulatory mandated technology controls and risk reduction. Delivering of risk reduction and operational improvement projects. Managing diverse staff and stakeholders. Relevant professional certification such as CISA, CISSP, CISM, PMP, CRISC or equivalent.. You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills. Location-Noida Purpose of the role To assess the integrity and effectiveness of the banks internal control framework to support the mitigation of risk and protection of the banks operational, financial, and reputational risk. Key Accountabilities Lead a team that governs regulatory engagements for Technology & CSO, supporting leadership where necessary Delivers against the agreed strategy for Technology and CSO regulatory, external audit and client engagement globally Advisory around developing the Tech & CSO response to all regulatory requests for information and meetings, providing governance and internal review/quality assurance Responsible for delivering position papers on regulatory policies and statements, identifying impact to Barclays Technology & CSO strategy Supports the conduct of gap assessments and high-level compliance assessments against regulatory standards and preferred governance frameworks. Acts as an escalation point for notification to the regulators of significant events within Barclays Develop an effective working relationship with the Regulatory Relations, Compliance and other key governance stakeholders Tracks progress of all activity associated with commitments made to regulators, ensuring there is a clear plan for delivery and escalating issues as needed Drive the Emerging and Heightened Risk Management Initiative, scan the horizon for external events such as Regulatory actions & penalties, regulatory changes/breaches and emerging threats. Carry out proactive risk assessment to analyse Barclays Controls environment & preparedness and recommend remediation for identified gaps Ensure appropriate security policies and controls are in place that will safeguard bank’s digital information and electronic systems. Promote awareness of applicable technology and security policies, standards and procedures Establish and maintain an effective risk culture Stakeholder Management and Leadership Experience in working with senior stakeholders across businesses & functions Ability to engage and influence key stakeholders related to the role both globally and within India and also strong relationship with key partners such as Control office, Compliance and CSO Excellent written and communication skills Ability to work in a highly matrix environment Decision-making and Problem Solving Coordinate & Manage priorities and organize work to competing and demanding deadlines Ability to develop a fact based point of view, raise issues and engage in a fact-based discussions and problem solving Risk and Control Objective Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Barclays Policies and Policy Standards Person Specification Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment Ability to rapidly assess a situation and identify, isolate and communicate problems and issues. Excellent communication skills (both oral/written) including ability to clearly communicate risks and control issues to technologists and non-technologists. Excellent analytical and methodical approach to respond to internal and external events related to Technology & Cyber, emerging threats, identified vulnerabilities, regulatory actions. Detail orientated with excellent time management skills Problem solving – ability to think unconventionally and find solutions to unstructured problems Ability to network and establish rapport with internal colleagues across global teams Strong interpersonal skills with an ability to communicate difficult or complex ideas clearly and constructively Collaborative, able to drive agreement across varying stakeholders Confident in negotiating and influencing colleagues or stakeholders Degree of independent thinking and decision-making authority, and ability to influence upwards Strong assertiveness skills and ability to challenge effectively at all the levels in the organization on the underlying risk management Being a global role, person must be adaptive and flexible to work across various time zones Essential Skills/Basic Qualifications Bachelor’s degree in Computer Science and equivalent work experience in relevant industry with strong background in risk management, technology and information security Experience in managing Technology & Cyber Regulatory Engagements and external audits Experience of a project environment, in particular planning, testing, and tracking against a plan Experience in leveraging IT risk frameworks such as COBIT5, COSO, NIST Excellent knowledge of information technology risks, controls and risk remediation Key Accountabilities Lead a team that governs regulatory engagements for Technology & CSO, supporting leadership where necessary Delivers against the agreed strategy for Technology and CSO regulatory, external audit and client engagement globally Advisory around developing the Tech & CSO response to all regulatory requests for information and meetings, providing governance and internal review/quality assurance Responsible for delivering position papers on regulatory policies and statements, identifying impact to Barclays Technology & CSO strategy Supports the conduct of gap assessments and high-level compliance assessments against regulatory standards and preferred governance frameworks. Acts as an escalation point for notification to the regulators of significant events within Barclays Develop an effective working relationship with the Regulatory Relations, Compliance and other key governance stakeholders Tracks progress of all activity associated with commitments made to regulators, ensuring there is a clear plan for delivery and escalating issues as needed Drive the Emerging and Heightened Risk Management Initiative, scan the horizon for external events such as Regulatory actions & penalties, regulatory changes/breaches and emerging threats. Carry out proactive risk assessment to analyse Barclays Controls environment & preparedness and recommend remediation for identified gaps Ensure appropriate security policies and controls are in place that will safeguard bank’s digital information and electronic systems. Promote awareness of applicable technology and security policies, standards and procedures Establish and maintain an effective risk culture Stakeholder Management and Leadership Experience in working with senior stakeholders across businesses & functions Ability to engage and influence key stakeholders related to the role both globally and within India and also strong relationship with key partners such as Control office, Compliance and CSO Excellent written and communication skills Ability to work in a highly matrix environment Decision-making and Problem Solving Coordinate & Manage priorities and organize work to competing and demanding deadlines Ability to develop a fact based point of view, raise issues and engage in a fact-based discussions and problem solving Risk and Control Objective Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Barclays Policies and Policy Standards Person Specification Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment Ability to rapidly assess a situation and identify, isolate and communicate problems and issues. Excellent communication skills (both oral/written) including ability to clearly communicate risks and control issues to technologists and non-technologists. Excellent analytical and methodical approach to respond to internal and external events related to Technology & Cyber, emerging threats, identified vulnerabilities, regulatory actions. Detail orientated with excellent time management skills Problem solving – ability to think unconventionally and find solutions to unstructured problems Ability to network and establish rapport with internal colleagues across global teams Strong interpersonal skills with an ability to communicate difficult or complex ideas clearly and constructively Collaborative, able to drive agreement across varying stakeholders Confident in negotiating and influencing colleagues or stakeholders Degree of independent thinking and decision-making authority, and ability to influence upwards Strong assertiveness skills and ability to challenge effectively at all the levels in the organization on the underlying risk management Being a global role, person must be adaptive and flexible to work across various time zones Essential Skills/Basic Qualifications Bachelor’s degree in Computer Science and equivalent work experience in relevant industry with strong background in risk management, technology and information security Experience in managing Technology & Cyber Regulatory Engagements and external audits Experience of a project environment, in particular planning, testing, and tracking against a plan Experience in leveraging IT risk frameworks such as COBIT5, COSO, NIST Excellent knowledge of information technology risks, controls and risk remediation All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave. Show more Show less

Bangalore, India or Chennai, India The Opportunity Anthology delivers education and technology solutions so that students can reach their full potential and learning institutions thrive. Our mission is to empower educators and institutions with meaningful innovation that’s simple and intelligent, inspiring student success and institutional growth. The Power of Together is built on having a diverse and inclusive workforce. We are committed to making diversity, inclusion, and belonging a foundational part of our hiring practices and who we are as a company. For more information about Anthology and our career opportunities, please visit www.anthology.com. Anthology's Security Program is dedicated to the engineering and operation of cutting-edge technologies that monitor and strengthen the confidentiality, integrity, and availability of all our information systems and products. We are building a high-performing team that fosters frictionless collaboration with partners across the organization, driven by transparency, trust, and teamwork. Our goal is to elevate Anthology’s security posture through strong partnerships and proactive engagement. As the Director of Application Security, you will report directly to the Chief Information Security Officer (CISO) and will be responsible for leading, coaching, and mentoring a dynamic team of security professionals. You will oversee the processes and technologies that empower our global development teams to meet Anthology's stringent security standards, ensuring alignment with our clients' objectives. Your leadership will be pivotal in driving a culture of collaboration and security across the organization. You will build and nurture relationships with key leaders and stakeholders within our product and technology teams, advising them on security control requirements, posture, and best practices. You will take ownership of driving a shift-left mindset, ensuring that security is embedded early in the development lifecycle. The ideal candidate will be a proven leader with a track record in program management, a strong understanding of application security, and a deep expertise in integrating security practices and tools into product development processes. Your ability to inspire, guide, and elevate your team, while ensuring seamless collaboration with cross-functional teams, will be critical to the success of our security strategy. The Candidate Required skills/qualifications: Strong leadership skills, including experience with project/program management, performance management, initiating and driving high-value process change and continuous improvement, and developing/mentoring teams Minimum of 7 years of prior relevant experience, with at least 2 years’ experience as a manager or director Experience operating security testing automation and continuous improvement processes with automated testing tools as integrated components of the SDLC to improve software quality across multiple information systems Working knowledge of common application security vulnerabilities, including those cataloged in the OWASP Top 10, SANS CWE Top 25, and implementing processes to prevent, detect, mitigate and remediate vulnerabilities as an ongoingprogram Ability to communicate security posture, risk, and mitigation strategies to technical and non-technical audiences, and act as an evangelist of security objectives to influence decision making at senior management levels in support of business risk management processes and complianceobjectives Experience in software engineering and/or product architecture roles, with a working knowledge of application securityarchitectures Experience managing improvement projects and communicating project riskseffectively Demonstrated ability to communicate and collaborate effectively with stakeholders at multiple levels across the organization Fluency in written and spoken English Minimum of bachelors’ degree in Computer Science or a related field Preferred Skills/qualifications Experience integrating and scaling security testing automation and continuous improvement cycles into the software development process, creating a collaborative and efficient culture across development, security and operations teams Experience managing a security program in a global organization Experience managing technology vendor relationships as an extension of the team and execution of planned projects on schedule and onbudget Familiarity with compliance standards and control catalogs such as ISO 27000 series, NIST 800-53, PCI DSS This job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities at any time. Anthology is an equal employment opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, gender identity/expression, protected military/veteran status, or any other legally protected factor. Show more Show less

Join us as a "CBP Global Regulatory Governance" at Barclays, where you'll spearhead the evolution of our digital landscape, driving innovation and excellence. You'll harness cutting-edge technology to revolutionize our digital offerings, ensuring unapparelled customer experiences. To be successful as a "CBP Global Regulatory Governance", you should have experience with: Lead a team that governs regulatory engagements for Technology & CSO, supporting leadership where necessary. Delivers against the agreed strategy for Technology and CSO regulatory, external audit and client engagement globally. Experience in managing Technology & Cyber Regulatory Engagements and external audits. Excellent knowledge of information technology risks, controls and risk remediation. Collaboration with various stakeholders across the bank and business units to improve overall control effectiveness through detailed documentation of control assessments, procedures, and findings. Some Other Highly Valued Skills May Include Review of Audit findings, self-identified issues and breaches to align them with operational risk, regulatory requirements and Barclay’s Control Framework. Advising IT on pragmatic approaches to meeting regulatory mandated technology controls and risk reduction. Relevant professional certification such as CISA, CISSP, CISM, PMP, CRISC or equivalent. Desirable Skills/Preferred Qualifications Experience in playing a lead role in: Review of Audit findings, self-identified issues and breaches to align them with operational risk, regulatory requirements and Barclay’s Control Framework. Advising IT on pragmatic approaches to meeting regulatory mandated technology controls and risk reduction. Delivering of risk reduction and operational improvement projects. Managing diverse staff and stakeholders. Relevant professional certification such as CISA, CISSP, CISM, PMP, CRISC or equivalent.. You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills. Location-Noida Purpose of the role To assess the integrity and effectiveness of the banks internal control framework to support the mitigation of risk and protection of the banks operational, financial, and reputational risk. Key Accountabilities Lead a team that governs regulatory engagements for Technology & CSO, supporting leadership where necessary Delivers against the agreed strategy for Technology and CSO regulatory, external audit and client engagement globally Advisory around developing the Tech & CSO response to all regulatory requests for information and meetings, providing governance and internal review/quality assurance Responsible for delivering position papers on regulatory policies and statements, identifying impact to Barclays Technology & CSO strategy Supports the conduct of gap assessments and high-level compliance assessments against regulatory standards and preferred governance frameworks. Acts as an escalation point for notification to the regulators of significant events within Barclays Develop an effective working relationship with the Regulatory Relations, Compliance and other key governance stakeholders Tracks progress of all activity associated with commitments made to regulators, ensuring there is a clear plan for delivery and escalating issues as needed Drive the Emerging and Heightened Risk Management Initiative, scan the horizon for external events such as Regulatory actions & penalties, regulatory changes/breaches and emerging threats. Carry out proactive risk assessment to analyse Barclays Controls environment & preparedness and recommend remediation for identified gaps Ensure appropriate security policies and controls are in place that will safeguard bank’s digital information and electronic systems. Promote awareness of applicable technology and security policies, standards and procedures Establish and maintain an effective risk culture Stakeholder Management and Leadership Experience in working with senior stakeholders across businesses & functions Ability to engage and influence key stakeholders related to the role both globally and within India and also strong relationship with key partners such as Control office, Compliance and CSO Excellent written and communication skills Ability to work in a highly matrix environment Decision-making and Problem Solving Coordinate & Manage priorities and organize work to competing and demanding deadlines Ability to develop a fact based point of view, raise issues and engage in a fact-based discussions and problem solving Risk and Control Objective Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Barclays Policies and Policy Standards Person Specification Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment Ability to rapidly assess a situation and identify, isolate and communicate problems and issues. Excellent communication skills (both oral/written) including ability to clearly communicate risks and control issues to technologists and non-technologists. Excellent analytical and methodical approach to respond to internal and external events related to Technology & Cyber, emerging threats, identified vulnerabilities, regulatory actions. Detail orientated with excellent time management skills Problem solving – ability to think unconventionally and find solutions to unstructured problems Ability to network and establish rapport with internal colleagues across global teams Strong interpersonal skills with an ability to communicate difficult or complex ideas clearly and constructively Collaborative, able to drive agreement across varying stakeholders Confident in negotiating and influencing colleagues or stakeholders Degree of independent thinking and decision-making authority, and ability to influence upwards Strong assertiveness skills and ability to challenge effectively at all the levels in the organization on the underlying risk management Being a global role, person must be adaptive and flexible to work across various time zones Essential Skills/Basic Qualifications Bachelor’s degree in Computer Science and equivalent work experience in relevant industry with strong background in risk management, technology and information security Experience in managing Technology & Cyber Regulatory Engagements and external audits Experience of a project environment, in particular planning, testing, and tracking against a plan Experience in leveraging IT risk frameworks such as COBIT5, COSO, NIST Excellent knowledge of information technology risks, controls and risk remediation Key Accountabilities Lead a team that governs regulatory engagements for Technology & CSO, supporting leadership where necessary Delivers against the agreed strategy for Technology and CSO regulatory, external audit and client engagement globally Advisory around developing the Tech & CSO response to all regulatory requests for information and meetings, providing governance and internal review/quality assurance Responsible for delivering position papers on regulatory policies and statements, identifying impact to Barclays Technology & CSO strategy Supports the conduct of gap assessments and high-level compliance assessments against regulatory standards and preferred governance frameworks. Acts as an escalation point for notification to the regulators of significant events within Barclays Develop an effective working relationship with the Regulatory Relations, Compliance and other key governance stakeholders Tracks progress of all activity associated with commitments made to regulators, ensuring there is a clear plan for delivery and escalating issues as needed Drive the Emerging and Heightened Risk Management Initiative, scan the horizon for external events such as Regulatory actions & penalties, regulatory changes/breaches and emerging threats. Carry out proactive risk assessment to analyse Barclays Controls environment & preparedness and recommend remediation for identified gaps Ensure appropriate security policies and controls are in place that will safeguard bank’s digital information and electronic systems. Promote awareness of applicable technology and security policies, standards and procedures Establish and maintain an effective risk culture Stakeholder Management and Leadership Experience in working with senior stakeholders across businesses & functions Ability to engage and influence key stakeholders related to the role both globally and within India and also strong relationship with key partners such as Control office, Compliance and CSO Excellent written and communication skills Ability to work in a highly matrix environment Decision-making and Problem Solving Coordinate & Manage priorities and organize work to competing and demanding deadlines Ability to develop a fact based point of view, raise issues and engage in a fact-based discussions and problem solving Risk and Control Objective Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Barclays Policies and Policy Standards Person Specification Ability to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment Ability to rapidly assess a situation and identify, isolate and communicate problems and issues. Excellent communication skills (both oral/written) including ability to clearly communicate risks and control issues to technologists and non-technologists. Excellent analytical and methodical approach to respond to internal and external events related to Technology & Cyber, emerging threats, identified vulnerabilities, regulatory actions. Detail orientated with excellent time management skills Problem solving – ability to think unconventionally and find solutions to unstructured problems Ability to network and establish rapport with internal colleagues across global teams Strong interpersonal skills with an ability to communicate difficult or complex ideas clearly and constructively Collaborative, able to drive agreement across varying stakeholders Confident in negotiating and influencing colleagues or stakeholders Degree of independent thinking and decision-making authority, and ability to influence upwards Strong assertiveness skills and ability to challenge effectively at all the levels in the organization on the underlying risk management Being a global role, person must be adaptive and flexible to work across various time zones Essential Skills/Basic Qualifications Bachelor’s degree in Computer Science and equivalent work experience in relevant industry with strong background in risk management, technology and information security Experience in managing Technology & Cyber Regulatory Engagements and external audits Experience of a project environment, in particular planning, testing, and tracking against a plan Experience in leveraging IT risk frameworks such as COBIT5, COSO, NIST Excellent knowledge of information technology risks, controls and risk remediation All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave. Back to nav Share job X(Opens in new tab or window) Facebook(Opens in new tab or window) LinkedIn(Opens in new tab or window) Show more Show less

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Solution Development Good to have skills : NA Minimum 15 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education As a Security Solution Architect (SA), candidate would be primarily responsible for solution architecture/presales effort on medium to large complexity or owns multiple components of large complex deals. Lead or work as Lead Solution Architect on complex deals. Independently and with little oversight can come up with the solution. Conduct the solution reviews with SME’s and the delivery approver. Attend calls with the client team to understand the requirement to bring value and differentiated solution. Roles & Responsibilities: Able to participate in requirements gathering, gathering data requirements, and assisting in the reconciliation of technical requirements. Prepare end to end solution including effort estimation & costing. Involved in preparing the client proposal & response. Develop statement of work Performs reviews with the delivery leadership. Participation in the client Orals or presentations. Leads negotiations or develop business terms & conditions. Has led solution development for multiple deal types. Work with delivery leads for the approval of solution/efforts. Bring out technical differentiators and value in the solution. Active ownership or accountability in delivering the solution within the specified time frame. Should be good to work as individual contributor and good team player. When assigned responsibilities to lead the team, candidate should show leadership qualities to manage the team and get the work done. Professional & Technical Skills: Candidate must have been a Presales experience with maximum coverage around following GRC or Privacy or Strategy domains. Skill around domains like Risk & Compliance Advisory and Operation, Compliance Management, Security Strategy Frameworks, Risk and Compliance Strategic Advisory, Cyber Security Assessments, Security Architecture Advisory, NIST CSF, Data Privacy, Third Party Risk Assessment ISO 27001, SOX, GDPR, Risk Assessment Services and GRC automation platforms like Archer, ServiceNow Interpret customer needs and design appropriate GRC, eGRC, Cyber Security Strategy, & Data Privacy Management solutions, experience in developing value based customer proposal closely working with delivery and sales teams. Hands on delivery experience across these domains would be added advantage to utilize the experience while solutioning. Maintain current knowledge of applicable Risk and Data Privacy requirements and accreditation standards, and monitor changes in technology impacting privacy, risk, and compliance posture. Knowledge of leveraging innovation, automation, Gen Ai in GRC solutioning Work with delivery and capability team keep abreast with latest assets, offerings, solution accelerators to bring in value adds while solutioning. Overall knowledge of GRC, TPRM, Data Privacy tool stack Pre-Sales knowledge on Non GRC Security domains will be an added advantage to work in cross functional deals. Flexibility on need basis in line with the nature the nature of SA Strong verbal and written communication are a must to be able to document and present complex topics and solutions. Strong interpersonal and problem-solving skills Stay informed about new products, services, technologies, and other information as required to deliver effective solutions CISSP, CISM, CISA, CGRC Cloud Security knowledge and certification AWS, Azure ISO 27k1, 22301, Privacy, Archer, ServiceNow GRC certifications Additional Information: Minimum 15- year full time education The candidate should have minimum 15 years of experience This position is based at our Gurugram office. Show more Show less

Project Role : Risk and Compliance Representative Project Role Description : Support service delivery through quality and risk management. Increase awareness of compliance policies and processes. Must have skills : Risk Management Good to have skills : Security Compliance Management Minimum 15 Year(s) Of Experience Is Required Educational Qualification : Minimum BE BTech from a reputed university Summary: As a Risk and Compliance Representative, you will support service delivery through quality and risk management. Increase awareness of compliance policies and processes. A typical day involves ensuring adherence to risk management protocols and enhancing compliance awareness. To design and deploy IT Risk Management, Security Governance, and Operational excellence to meet regulatory for large scale technology projects such as data lake, digital platform, and other core business and supporting applications IT GRC Consultant Roles & Responsibilities: - Primary contact for Security governance, risk, and compliance - Take full accountability of GRC domain including compliance related to client’s third-party risk management and supply chain risk management - Take ownership of security compliance related issues and challenges and drive for solutions working with various internal teams and third-party solution providers such as OEMs and technology partners - Define and develop high level operating procedures for seamless operations of the project - Support transition of projects from deployment to operations - Anchor design and implementation of governance processes for risk and compliance - Be a SPOC for all security governance initiatives in existing project and able to navigate through the client’s landscape to upsell new initiatives in security space or able to pave ways for upselling value-driven initiatives for the client in other related domains - Lead the teams across various security governance towers such as vulnerability management, security incident management, and thrive for upskilling and cross skilling to rationalize the resources across the towers and across the clients. - Introduce innovative solutions such as automation to increase productivity and improve service delivery quality - Participate in architecture and design review and approval forums to ensure the security design principles are adhered to for any changes in the existing landscape or any new initiatives being rolled out in the existing landscape - Participate in client account planning and discussions to ensure security level initiatives are accounted for and issues are escalated to the right leaders for resolution - Build strong relationships with all client stakeholders and Accenture project teams for effective collaboration and outcomes Professional & Technical Skills: - Must have: - Strong experience in design and deployment of security controls and processes for FS regulatory mandates, guidelines, and standards such as RBI Cyber Security Framework and NIST Framework - Certified Information Security Auditor - Strong Leadership skills - Strong Communication skills - Ability to drive discussions and ideas with client’s senior leadership forums - Problem solving skills - Good to have - Certification in enterprise security architecture framework Additional Information: - Total IT experience of minimum 18 years; and - Minimum 10 years of experience in designing and deploying security controls and processes for financial institutions governed by regulators such as RBI, SEBI, and IRDA. - This position is based at our Mumbai office. - A Minimum BE BTech from a reputed university is required. Show more Show less

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Solution Development Good to have skills : NA Minimum 15 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education As a Security Solution Architect (SA), candidate would be primarily responsible for solution architecture/presales effort on medium to large complexity or owns multiple components of large complex deals. Lead or work as Lead Solution Architect on complex deals. Independently and with little oversight can come up with the solution. Conduct the solution reviews with SME’s and the delivery approver. Attend calls with the client team to understand the requirement to bring value and differentiated solution. Roles & Responsibilities: Able to participate in requirements gathering, gathering data requirements, and assisting in the reconciliation of technical requirements. Prepare end to end solution including effort estimation & costing. Involved in preparing the client proposal & response. Develop statement of work Performs reviews with the delivery leadership. Participation in the client Orals or presentations. Leads negotiations or develop business terms & conditions. Has led solution development for multiple deal types. Work with delivery leads for the approval of solution/efforts. Bring out technical differentiators and value in the solution. Active ownership or accountability in delivering the solution within the specified time frame. Should be good to work as individual contributor and good team player. When assigned responsibilities to lead the team, candidate should show leadership qualities to manage the team and get the work done. Professional & Technical Skills: Candidate must have been a Presales experience with maximum coverage around following GRC or Privacy or Strategy domains. Skill around domains like Risk & Compliance Advisory and Operation, Compliance Management, Security Strategy Frameworks, Risk and Compliance Strategic Advisory, Cyber Security Assessments, Security Architecture Advisory, NIST CSF, Data Privacy, Third Party Risk Assessment ISO 27001, SOX, GDPR, Risk Assessment Services and GRC automation platforms like Archer, ServiceNow Interpret customer needs and design appropriate GRC, eGRC, Cyber Security Strategy, Data Privacy Management solutions, experience in developing value-based customer proposal closely working with delivery and sales teams. Hands on delivery experience across these domains would be added advantage to utilize the experience while solutioning. Maintain current knowledge of applicable Risk and Data Privacy requirements and accreditation standards, and monitor changes in technology impacting privacy, risk, and compliance posture. Knowledge of leveraging innovation, automation, Gen Ai in GRC solutioning Work with delivery and capability team keep abreast with latest assets, offerings, solution accelerators to bring in value adds while solutioning. Overall knowledge of GRC, TPRM, Data Privacy tool stack Pre-Sales knowledge on Non GRC Security domains will be an added advantage to work in cross functional deals. Flexibility on need basis in line with the nature the nature of SA Strong verbal and written communication are a must to be able to document and present complex topics and solutions. Strong interpersonal and problem-solving skills Stay informed about new products, services, technologies, and other information as required to deliver effective solutions CISSP, CISM, CISA, CGRC Cloud Security knowledge and certification AWS, Azure ISO 27k1, 22301, Privacy, Archer, ServiceNow GRC certifications Additional Information: Minimum 15- year full time education The candidate should have minimum 15 years of experience This position is based at our Gurugram office. Show more Show less

SUMMARY Our client is IT MNC part of one of the major insurance groups based out of Germany and Europe. The Group is represented in around 30 countries worldwide, with Over 40,000 people worldwide, focusing mainly on Europe and Asia. Our client offers a comprehensive range of insurances, pensions, investments and services by focusing on all cutting edge technologies majorly on Could, Digital, Robotics Automation, IoT, Voice Recognition, Big Data science, advanced mobile solutions and much more to accommodate the customers future needs around the globe thru supporting millions of internal and external customers with state of-the-art IT solutions to everyday problems & dedicated to bringing digital innovations to every aspect of the landscape of insurance. Job Location: Hiranandani Gardens, Powai, Mumbai Mode: Work from Office Requirements Key Responsibilities: : Business-Cybersecurity Alignment: o Work closely with business stakeholders, IT security teams, and cross-functional teams to ensure cybersecurity initiatives align with the organization’s broader business goals. o Translate business needs into technical security requirements that can be effectively executed by the security and IT teams. Risk Analysis & Security Assessments: o Conduct risk assessments in the context of hybrid IT environments (cloud, on-premises, and edge) to identify security gaps and vulnerabilities. o Collaborate with security teams to evaluate existing security controls and recommend solutions to mitigate identified risks, balancing business needs with security requirements. Cybersecurity Frameworks & Compliance: o Ensure that all business and technical security requirements comply with relevant regulatory compliance frameworks (e.g., NIST CSF, ISO 27001, GDPR, HIPAA). o Support audits and compliance assessments, identifying any gaps between current practices and regulatory standards. (must have) Security Process Improvement: o Identify opportunities for process improvements within the cybersecurity function, including streamlining security incident response, access management processes, and threat detection workflows. o Develop business cases for proposed security improvements, including cost-benefit analyses and risk assessments. The Business Analyst will have comprehensive responsibilities spanning multiple cybersecurity domains, and should have expertise in at least 5 of the following areas o SIEM Sentinel & Security Operations: Manage and optimize SIEM solutions, particularly Sentinel, for effective monitoring, incident detection, and security event correlation across hybrid environments. Collaborate with security operations teams to ensure proper configuration, tuning, and reporting within SIEM platforms to support proactive threat management. o Security Tools & Technology Integration: Work with security teams to implement and optimize security tools such as SIEM (e.g., Splunk, Microsoft Sentinel), EDR (e.g., CrowdStrike, MS Purview/Defender), SOAR platforms, CASB (Cloud Access Security Broker), and Threat Intelligence systems. Help define and document requirements for the integration of cybersecurity tools into the broader security ecosystem. o User Access Management (UAM) & RBAC: Work closely with identity and access management teams to ensure the implementation of UAM and RBACsystems that align with the organization's security policy and business requirements. Support the development of processes for managing user roles, privileges, and access rights across enterprise systems. o Cloud & Encryption Security: Ensure that security policies and controls are applied across both on-premises and cloud environments(AWS, Azure, Google Cloud), addressing challenges related to cloud security, data encryption, and access management. Collaborate with technical teams to implement strong encryption methods for data - in - transit, data-at-rest, and data-in-use in line with organizational security policies. o AI & ML in Cybersecurity: (Good to have) Contribute to the use of AI/ML technologies to enhance threat detection, anomaly identification, and predictive analytics within the organization’s security operations. Collaborate with data scientists and security teams to define requirements for AI/ML-based security models and incident response automation. o SOAR Integration & Incident Response: Assist with the integration of Security Orchestration, Automation, and Response (SOAR) solutions into the incident response lifecycle to streamline response times and automate repetitive tasks. Support the continuous improvement of incident response procedures and playbooks, ensuring a consistent, rapid, and efficient approach to security incidents. Benefits

Introduction Welcome to Gallagher – a global leader in insurance, risk management, and consulting services. With a growing team of more than 52,000 professionals worldwide, we empower businesses, communities, and individuals to thrive. At Gallagher, you can build a career whether it’s with our brokerage division, our benefits and HR consulting division, or our corporate team. Experience The Gallagher Way, a culture fueled by shared values and a collective passion for excellence. Join one of our dynamic teams, where you'll play a pivotal role in shaping Gallagher's future and unlocking unparalleled opportunities for both clients and yourself. We believe that every candidate brings something special to the table, including you! So, even if you feel that you’re close but not an exact match, we encourage you to apply. Overview The Business Information Security Officer (BISO) – India is responsible for managing the Gallagher Cyber Information Security (GCIS) program of works for the Indian region. This includes identifying, evaluating, and reporting on information security risks across all Gallagher divisions in India, in a manner that meets compliance and regulatory requirements, as well as aligning with the company's risk appetite. In addition to reporting on a regular basis to the UK - based EMEA BISO, this role will work closely with: IT Directors of India and Local CTO for Gallagher India and Gallagher Centre of Excellence The India Senior Business Leaders for IT and QA & Transition GCIS Colleagues globally who have global remits (application security, identity management etc) The India division’s ISMS manager in maintaining their ISO27001 certification GCIS Project Managers delivering both new and enhanced capabilities. This is a hybrid role, in office 2-3 days per week, and can be based out of either our Pune or Bangalore offices, with some travel between the two expected. How You'll Make An Impact Continue to develop and prioritise the information security strategy and roadmap for India that aligns with the GCIS security strategy. Monitor and manage security incidents, vulnerabilities, and threats that affect the various Indian divisions, and work with Gallagher’s global security teams to ensure effective response and remediation. Ensure compliance with applicable laws, regulations, and contractual requirements related to information security throughout India. Work with the Global SOC in the co-ordination and escalation of security incidents to the appropriate Indian authorities when appropriate. Develop and maintain relationships with key stakeholders across India, including business leaders, IT teams, and external partners to ensure effective communication and collaboration on information security matters. Conduct periodic security risk assessments and audits of information systems, networks, applications and suppliers in India to identify and mitigate potential security risks. Lead and coordinate the implementation of security policies, standards, and procedures in India. Ensure security awareness and training programs are in place and effective in India. Manage the security budget for India, ensuring efficient and effective use of resources. Represent India in the appropriate security governance forums and ensure alignment with the region security strategy. Brokerage clients will have time-sensitive due diligence security audits and questionnaires that will need to be managed and responded to. Business suppliers and IT supply chain vendors must be managed to ensure they do not introduce risk to Gallagher. Confidential participation in the Merger and Acquisition process with external companies, lawyers and security consultant About You Bachelor's degree in computer science, information systems, or a related field. A master's degree is preferred. At least 8-10 years of experience in information security, with a minimum of 5 years in a leadership role. Strong knowledge of security frameworks and standards such as ISO 27001, NIST, PCI-DSS, and GDPR. Demonstrated experience in the management of staff and small teams. Experience in managing security incidents and crises. Excellent communication and stakeholder management skills are required. Familiarity with security technologies such as firewalls, intrusion detection systems, and SIEMs. Knowledge of cloud security and Insurance practices is a plus. Relevant certifications such as CISSP, CISM, or CRISC are preferred. Lead auditor experience in ISO27001 is preferred. Additional Information We value inclusion and diversity Inclusion and diversity (I&D) is a core part of our business, and it’s embedded into the fabric of our organization. For more than 95 years, Gallagher has led with a commitment to sustainability and to support the communities where we live and work. Gallagher embraces our employees’ diverse identities, experiences and talents, allowing us to better serve our clients and communities. We see inclusion as a conscious commitment and diversity as a vital strength. By embracing diversity in all its forms, we live out The Gallagher Way to its fullest. Gallagher believes that all persons are entitled to equal employment opportunity and prohibits any form of discrimination by its managers, employees, vendors or customers based on race, color, religion, creed, gender (including pregnancy status), sexual orientation, gender identity (which includes transgender and other gender non-conforming individuals), gender expression, hair expression, marital status, parental status, age, national origin, ancestry, disability, medical condition, genetic information, veteran or military status, citizenship status, or any other characteristic protected (herein referred to as “protected characteristics”) by applicable federal, state, or local laws. Equal employment opportunity will be extended in all aspects of the employer-employee relationship, including, but not limited to, recruitment, hiring, training, promotion, transfer, demotion, compensation, benefits, layoff, and termination. In addition, Gallagher will make reasonable accommodations to known physical or mental limitations of an otherwise qualified person with a disability, unless the accommodation would impose an undue hardship on the operation of our business. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. FS TR- ITC – Tech Risk As Risk consultant, you’ll contribute technically to Risk Consulting client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Seniors Consultants to join the leadership group of our EY-Consulting Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Understanding on Control frameworks such as COSO, internal control principal and related regulations including SOX and J-SOX. Common IT governance and Assurance standards including NIST, COBIT, Risk IT, ITIL and third-party reporting standards as SSAE16. Understanding on independent and risk based operational audits such as Software Development Life Cycle (SDLC), Business Resilience, Cybersecurity audits, Data privacy and data protection audits, Network security audit. Understanding and hands-on experience on data analysis tool such as Tableau, Power Bi, python etc. Conduct performance reviews and contribute to performance feedback for staff. Adhere to the Code of Conduct. The Code of Conduct sets the standards of behaviour, actions, sand decisions we expect from our people. Participate in IT Risk and Assurance engagements. Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Responsible for managing reporting on assurance findings and ensure control owners take remediation action as required. Identify, lead, and manage the continuous improvement of Internal Controls through implementation of continuous control monitoring and automation. Obtain and review evidence of compliance for adherence to standards. Key domains of compliance controls, including change management, access to system, network and Data, computer operations and system development. Stay current with and promote awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise. Skills And Attributes For Success Experience in application controls and Information security experience. Understanding of risk management systems and processes Ability to build relationships with key stakeholders across different levels of seniority. Strong written and verbal communication skills To qualify for the role, you must have. Preferably bachelor’s degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA Minimum of 3-4 years of experience in internal controls and Internal Audit Enterprise risk services with specific focus on IT and related industry standards IT Risk Assurance framework Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX Preferred security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems. Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT Experience of security testing methods and techniques including network, operating and application system configuration review Application controls and security experience: sensitive access and SOD testing controls testing Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. Preferred Certifications: CISA What We Look For We believe that you should own and shape your career. But we’ll provide the support and opportunities to develop the skills, knowledge and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you’ll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. FS TR- ITC – Tech Risk As Risk consultant, you’ll contribute technically to Risk Consulting client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Seniors Consultants to join the leadership group of our EY-Consulting Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Understanding on Control frameworks such as COSO, internal control principal and related regulations including SOX and J-SOX. Common IT governance and Assurance standards including NIST, COBIT, Risk IT, ITIL and third-party reporting standards as SSAE16. Understanding on independent and risk based operational audits such as Software Development Life Cycle (SDLC), Business Resilience, Cybersecurity audits, Data privacy and data protection audits, Network security audit. Understanding and hands-on experience on data analysis tool such as Tableau, Power Bi, python etc. Conduct performance reviews and contribute to performance feedback for staff. Adhere to the Code of Conduct. The Code of Conduct sets the standards of behaviour, actions, sand decisions we expect from our people. Participate in IT Risk and Assurance engagements. Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Responsible for managing reporting on assurance findings and ensure control owners take remediation action as required. Identify, lead, and manage the continuous improvement of Internal Controls through implementation of continuous control monitoring and automation. Obtain and review evidence of compliance for adherence to standards. Key domains of compliance controls, including change management, access to system, network and Data, computer operations and system development. Stay current with and promote awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise. Skills And Attributes For Success Experience in application controls and Information security experience. Understanding of risk management systems and processes Ability to build relationships with key stakeholders across different levels of seniority. Strong written and verbal communication skills To qualify for the role, you must have. Preferably bachelor’s degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA Minimum of 3-4 years of experience in internal controls and Internal Audit Enterprise risk services with specific focus on IT and related industry standards IT Risk Assurance framework Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX Preferred security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems. Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT Experience of security testing methods and techniques including network, operating and application system configuration review Application controls and security experience: sensitive access and SOD testing controls testing Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. Preferred Certifications: CISA What We Look For We believe that you should own and shape your career. But we’ll provide the support and opportunities to develop the skills, knowledge and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you’ll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. FS TR- ITC – Tech Risk As Risk consultant, you’ll contribute technically to Risk Consulting client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Seniors Consultants to join the leadership group of our EY-Consulting Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Understanding on Control frameworks such as COSO, internal control principal and related regulations including SOX and J-SOX. Common IT governance and Assurance standards including NIST, COBIT, Risk IT, ITIL and third-party reporting standards as SSAE16. Understanding on independent and risk based operational audits such as Software Development Life Cycle (SDLC), Business Resilience, Cybersecurity audits, Data privacy and data protection audits, Network security audit. Understanding and hands-on experience on data analysis tool such as Tableau, Power Bi, python etc. Conduct performance reviews and contribute to performance feedback for staff. Adhere to the Code of Conduct. The Code of Conduct sets the standards of behaviour, actions, sand decisions we expect from our people. Participate in IT Risk and Assurance engagements. Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Responsible for managing reporting on assurance findings and ensure control owners take remediation action as required. Identify, lead, and manage the continuous improvement of Internal Controls through implementation of continuous control monitoring and automation. Obtain and review evidence of compliance for adherence to standards. Key domains of compliance controls, including change management, access to system, network and Data, computer operations and system development. Stay current with and promote awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise. Skills And Attributes For Success Experience in application controls and Information security experience. Understanding of risk management systems and processes Ability to build relationships with key stakeholders across different levels of seniority. Strong written and verbal communication skills To qualify for the role, you must have. Preferably bachelor’s degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA Minimum of 3-4 years of experience in internal controls and Internal Audit Enterprise risk services with specific focus on IT and related industry standards IT Risk Assurance framework Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX Preferred security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems. Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT Experience of security testing methods and techniques including network, operating and application system configuration review Application controls and security experience: sensitive access and SOD testing controls testing Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. Preferred Certifications: CISA What We Look For We believe that you should own and shape your career. But we’ll provide the support and opportunities to develop the skills, knowledge and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you’ll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. FS TR- ITC – Tech Risk As Risk consultant, you’ll contribute technically to Risk Consulting client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Seniors Consultants to join the leadership group of our EY-Consulting Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Understanding on Control frameworks such as COSO, internal control principal and related regulations including SOX and J-SOX. Common IT governance and Assurance standards including NIST, COBIT, Risk IT, ITIL and third-party reporting standards as SSAE16. Understanding on independent and risk based operational audits such as Software Development Life Cycle (SDLC), Business Resilience, Cybersecurity audits, Data privacy and data protection audits, Network security audit. Understanding and hands-on experience on data analysis tool such as Tableau, Power Bi, python etc. Conduct performance reviews and contribute to performance feedback for staff. Adhere to the Code of Conduct. The Code of Conduct sets the standards of behaviour, actions, sand decisions we expect from our people. Participate in IT Risk and Assurance engagements. Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Responsible for managing reporting on assurance findings and ensure control owners take remediation action as required. Identify, lead, and manage the continuous improvement of Internal Controls through implementation of continuous control monitoring and automation. Obtain and review evidence of compliance for adherence to standards. Key domains of compliance controls, including change management, access to system, network and Data, computer operations and system development. Stay current with and promote awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise. Skills And Attributes For Success Experience in application controls and Information security experience. Understanding of risk management systems and processes Ability to build relationships with key stakeholders across different levels of seniority. Strong written and verbal communication skills To qualify for the role, you must have. Preferably bachelor’s degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA Minimum of 3-4 years of experience in internal controls and Internal Audit Enterprise risk services with specific focus on IT and related industry standards IT Risk Assurance framework Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX Preferred security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems. Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT Experience of security testing methods and techniques including network, operating and application system configuration review Application controls and security experience: sensitive access and SOD testing controls testing Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. Preferred Certifications: CISA What We Look For We believe that you should own and shape your career. But we’ll provide the support and opportunities to develop the skills, knowledge and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you’ll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. FS TR- ITC – Tech Risk As Risk consultant, you’ll contribute technically to Risk Consulting client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Seniors Consultants to join the leadership group of our EY-Consulting Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Understanding on Control frameworks such as COSO, internal control principal and related regulations including SOX and J-SOX. Common IT governance and Assurance standards including NIST, COBIT, Risk IT, ITIL and third-party reporting standards as SSAE16. Understanding on independent and risk based operational audits such as Software Development Life Cycle (SDLC), Business Resilience, Cybersecurity audits, Data privacy and data protection audits, Network security audit. Understanding and hands-on experience on data analysis tool such as Tableau, Power Bi, python etc. Conduct performance reviews and contribute to performance feedback for staff. Adhere to the Code of Conduct. The Code of Conduct sets the standards of behaviour, actions, sand decisions we expect from our people. Participate in IT Risk and Assurance engagements. Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Responsible for managing reporting on assurance findings and ensure control owners take remediation action as required. Identify, lead, and manage the continuous improvement of Internal Controls through implementation of continuous control monitoring and automation. Obtain and review evidence of compliance for adherence to standards. Key domains of compliance controls, including change management, access to system, network and Data, computer operations and system development. Stay current with and promote awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise. Skills And Attributes For Success Experience in application controls and Information security experience. Understanding of risk management systems and processes Ability to build relationships with key stakeholders across different levels of seniority. Strong written and verbal communication skills To qualify for the role, you must have. Preferably bachelor’s degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA Minimum of 3-4 years of experience in internal controls and Internal Audit Enterprise risk services with specific focus on IT and related industry standards IT Risk Assurance framework Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX Preferred security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems. Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT Experience of security testing methods and techniques including network, operating and application system configuration review Application controls and security experience: sensitive access and SOD testing controls testing Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. Preferred Certifications: CISA What We Look For We believe that you should own and shape your career. But we’ll provide the support and opportunities to develop the skills, knowledge and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you’ll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. FS TR- ITC – Tech Risk As Risk consultant, you’ll contribute technically to Risk Consulting client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Seniors Consultants to join the leadership group of our EY-Consulting Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Understanding on Control frameworks such as COSO, internal control principal and related regulations including SOX and J-SOX. Common IT governance and Assurance standards including NIST, COBIT, Risk IT, ITIL and third-party reporting standards as SSAE16. Understanding on independent and risk based operational audits such as Software Development Life Cycle (SDLC), Business Resilience, Cybersecurity audits, Data privacy and data protection audits, Network security audit. Understanding and hands-on experience on data analysis tool such as Tableau, Power Bi, python etc. Conduct performance reviews and contribute to performance feedback for staff. Adhere to the Code of Conduct. The Code of Conduct sets the standards of behaviour, actions, sand decisions we expect from our people. Participate in IT Risk and Assurance engagements. Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Responsible for managing reporting on assurance findings and ensure control owners take remediation action as required. Identify, lead, and manage the continuous improvement of Internal Controls through implementation of continuous control monitoring and automation. Obtain and review evidence of compliance for adherence to standards. Key domains of compliance controls, including change management, access to system, network and Data, computer operations and system development. Stay current with and promote awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise. Skills And Attributes For Success Experience in application controls and Information security experience. Understanding of risk management systems and processes Ability to build relationships with key stakeholders across different levels of seniority. Strong written and verbal communication skills To qualify for the role, you must have. Preferably bachelor’s degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA Minimum of 3-4 years of experience in internal controls and Internal Audit Enterprise risk services with specific focus on IT and related industry standards IT Risk Assurance framework Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX Preferred security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems. Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT Experience of security testing methods and techniques including network, operating and application system configuration review Application controls and security experience: sensitive access and SOD testing controls testing Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. Preferred Certifications: CISA What We Look For We believe that you should own and shape your career. But we’ll provide the support and opportunities to develop the skills, knowledge and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you’ll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. FS TR- ITC – Tech Risk As Risk consultant, you’ll contribute technically to Risk Consulting client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Seniors Consultants to join the leadership group of our EY-Consulting Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Understanding on Control frameworks such as COSO, internal control principal and related regulations including SOX and J-SOX. Common IT governance and Assurance standards including NIST, COBIT, Risk IT, ITIL and third-party reporting standards as SSAE16. Understanding on independent and risk based operational audits such as Software Development Life Cycle (SDLC), Business Resilience, Cybersecurity audits, Data privacy and data protection audits, Network security audit. Understanding and hands-on experience on data analysis tool such as Tableau, Power Bi, python etc. Conduct performance reviews and contribute to performance feedback for staff. Adhere to the Code of Conduct. The Code of Conduct sets the standards of behaviour, actions, sand decisions we expect from our people. Participate in IT Risk and Assurance engagements. Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Responsible for managing reporting on assurance findings and ensure control owners take remediation action as required. Identify, lead, and manage the continuous improvement of Internal Controls through implementation of continuous control monitoring and automation. Obtain and review evidence of compliance for adherence to standards. Key domains of compliance controls, including change management, access to system, network and Data, computer operations and system development. Stay current with and promote awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise. Skills And Attributes For Success Experience in application controls and Information security experience. Understanding of risk management systems and processes Ability to build relationships with key stakeholders across different levels of seniority. Strong written and verbal communication skills To qualify for the role, you must have. Preferably bachelor’s degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA Minimum of 3-4 years of experience in internal controls and Internal Audit Enterprise risk services with specific focus on IT and related industry standards IT Risk Assurance framework Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX Preferred security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems. Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT Experience of security testing methods and techniques including network, operating and application system configuration review Application controls and security experience: sensitive access and SOD testing controls testing Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. Preferred Certifications: CISA What We Look For We believe that you should own and shape your career. But we’ll provide the support and opportunities to develop the skills, knowledge and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you’ll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

Job Title: Associate Director / Director – VAPT Location: Mumbai Experience: 10+ years Work Mode: Onsite (Mumbai) Certification: OSCP preferred; other relevant certifications (e.g., OSCE, CISSP, CISM, GPEN) are an added advantage Role Overview: We are seeking an experienced cybersecurity leader to join our team as an Associate Director / Director – VAPT in Mumbai . The role demands a seasoned professional with deep expertise in Vulnerability Assessment and Penetration Testing across web, mobile, network, infrastructure, cloud, and source code environments. The ideal candidate will bring strong technical capabilities along with proven leadership in managing high-performing teams and driving large-scale security engagements for enterprise clients. Key Responsibilities: Leadership & Strategic Oversight: Lead the VAPT practice for the region, ensuring alignment with organizational goals and client expectations. Define and evolve methodologies, standards, and best practices for VAPT engagements. Collaborate with senior leadership and clients (CIOs, CISOs, Risk Heads) on cybersecurity strategy, roadmap, and execution. Lead business development , proposal creation, RFP responses, and pre-sales activities. Delivery & Engagement Management: Oversee multiple VAPT projects spanning web, mobile, infrastructure, cloud, IoT, and source code . Ensure high-quality delivery of technical assessments, risk reporting, and mitigation recommendations . Monitor project performance, client satisfaction, and profitability. Act as a technical escalation point for complex and critical vulnerabilities. Team Development & Mentorship: Build, mentor, and retain a team of high-caliber security professionals. Conduct knowledge-sharing sessions, lead training initiatives, and promote internal capability building. Encourage a culture of continuous learning, innovation, and ethical hacking . Desired Skills & Experience: 12+ years of overall cybersecurity experience with a strong focus on VAPT and Red Team assessments . Proven expertise in conducting and managing manual and advanced penetration testing of applications, networks, and cloud environments. Familiarity with tools like Burp Suite, Metasploit, Nmap, Nessus, Qualys, AppScan, Fortify, Wireshark , etc. Solid understanding of security frameworks and standards : OWASP, NIST, MITRE ATT&CK, ISO 27001, PCI-DSS, RBI guidelines. Strong knowledge of secure coding practices and experience in reviewing source code in multiple languages. Exposure to cloud platforms (AWS, Azure, GCP) and DevSecOps is preferred. Excellent communication, stakeholder management, and team leadership skills. OSCP certification is preferred ; additional credentials such as OSCE, CISSP, CISM, GPEN are a plus. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. FS TR- ITC – Tech Risk As Risk consultant, you’ll contribute technically to Risk Consulting client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Seniors Consultants to join the leadership group of our EY-Consulting Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Understanding on Control frameworks such as COSO, internal control principal and related regulations including SOX and J-SOX. Common IT governance and Assurance standards including NIST, COBIT, Risk IT, ITIL and third-party reporting standards as SSAE16. Understanding on independent and risk based operational audits such as Software Development Life Cycle (SDLC), Business Resilience, Cybersecurity audits, Data privacy and data protection audits, Network security audit. Understanding and hands-on experience on data analysis tool such as Tableau, Power Bi, python etc. Conduct performance reviews and contribute to performance feedback for staff. Adhere to the Code of Conduct. The Code of Conduct sets the standards of behaviour, actions, sand decisions we expect from our people. Participate in IT Risk and Assurance engagements. Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Responsible for managing reporting on assurance findings and ensure control owners take remediation action as required. Identify, lead, and manage the continuous improvement of Internal Controls through implementation of continuous control monitoring and automation. Obtain and review evidence of compliance for adherence to standards. Key domains of compliance controls, including change management, access to system, network and Data, computer operations and system development. Stay current with and promote awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise. Skills And Attributes For Success Experience in application controls and Information security experience. Understanding of risk management systems and processes Ability to build relationships with key stakeholders across different levels of seniority. Strong written and verbal communication skills To qualify for the role, you must have. Preferably bachelor’s degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA Minimum of 3-4 years of experience in internal controls and Internal Audit Enterprise risk services with specific focus on IT and related industry standards IT Risk Assurance framework Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX Preferred security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems. Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT Experience of security testing methods and techniques including network, operating and application system configuration review Application controls and security experience: sensitive access and SOD testing controls testing Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. Preferred Certifications: CISA What We Look For We believe that you should own and shape your career. But we’ll provide the support and opportunities to develop the skills, knowledge and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you’ll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. FS TR- ITC – Tech Risk As Risk consultant, you’ll contribute technically to Risk Consulting client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Seniors Consultants to join the leadership group of our EY-Consulting Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Understanding on Control frameworks such as COSO, internal control principal and related regulations including SOX and J-SOX. Common IT governance and Assurance standards including NIST, COBIT, Risk IT, ITIL and third-party reporting standards as SSAE16. Understanding on independent and risk based operational audits such as Software Development Life Cycle (SDLC), Business Resilience, Cybersecurity audits, Data privacy and data protection audits, Network security audit. Understanding and hands-on experience on data analysis tool such as Tableau, Power Bi, python etc. Conduct performance reviews and contribute to performance feedback for staff. Adhere to the Code of Conduct. The Code of Conduct sets the standards of behaviour, actions, sand decisions we expect from our people. Participate in IT Risk and Assurance engagements. Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Responsible for managing reporting on assurance findings and ensure control owners take remediation action as required. Identify, lead, and manage the continuous improvement of Internal Controls through implementation of continuous control monitoring and automation. Obtain and review evidence of compliance for adherence to standards. Key domains of compliance controls, including change management, access to system, network and Data, computer operations and system development. Stay current with and promote awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise. Skills And Attributes For Success Experience in application controls and Information security experience. Understanding of risk management systems and processes Ability to build relationships with key stakeholders across different levels of seniority. Strong written and verbal communication skills To qualify for the role, you must have. Preferably bachelor’s degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA Minimum of 3-4 years of experience in internal controls and Internal Audit Enterprise risk services with specific focus on IT and related industry standards IT Risk Assurance framework Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX Preferred security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems. Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT Experience of security testing methods and techniques including network, operating and application system configuration review Application controls and security experience: sensitive access and SOD testing controls testing Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. Preferred Certifications: CISA What We Look For We believe that you should own and shape your career. But we’ll provide the support and opportunities to develop the skills, knowledge and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you’ll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. What Working At EY Offers At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less