3659 Nist Jobs - Page 7

Job Title: Cybersecurity GRC Consultant Experience: 6 + Years Location: Hyderabad Notice Period: [Immediate Joiners Preferred] Job Overview: We are seeking a skilled and experienced Cybersecurity GRC Consultant to join our team. The ideal candidate will have a strong background in information and cybersecurity governance, risk, and compliance (GRC), with proven experience in conducting internal audits, risk assessments, and ensuring compliance with global data protection laws. You will play a critical role in supporting cybersecurity initiatives, executing risk management strategies, and advising on regulatory compliance. Key Responsibilities: Act as a subject matter expert on information and cybersecurity GRC services and solutions. Conduct security assessments of on-premise and cloud-based IT environments aligned with business goals and compliance standards. Test and validate IT security controls; document findings and prepare detailed reports for stakeholders. Execute internal audits under CISO directives, contribute to risk mitigation strategies, and present risk metrics to the CISO regularly. Apply working knowledge of the Digital Personal Data Protection Act, 2023 and global data protection regulations such as GDPR. Manage and utilize GRC tools and platforms for assessments and reporting. Perform security control evaluations on enterprise systems, mobile, and web applications. Support third-party risk management processes and client-facing compliance activities. Lead and deliver complex GRC projects in fast-paced environments. Share knowledge and best practices to elevate team competencies. Continuously improve cybersecurity frameworks and strategies in response to emerging threats and technologies. Qualifications: Bachelor’s degree in Engineering, Computer Science, or a related technology discipline. Mandatory Certification: CISA or ISO 27001 Lead Auditor certification Preferred Certifications: ISO 27001 Lead Implementer CISSP, CIPP, CCSK, or CCSP Public Cloud Certifications (AWS, Azure, GCP) Experience: 6–10 years of professional experience with significant exposure to IT and cybersecurity GRC domains. Hands-on experience in internal audits, IT risk consulting, and cybersecurity advisory roles. Desired Skills: Strong understanding of information security principles, frameworks, and regulatory landscapes. Familiarity with IT infrastructure, application development, and cloud environments. Experience with security tools like vulnerability scanners and secure code review platforms. Proficient in frameworks and standards such as ISO 27001/27005, NIST CSF, PCI DSS, SOC 1/2, GDPR, and COBIT. Excellent communication, documentation, and stakeholder management skills. Demonstrated ability in project and program management related to cybersecurity.

SOC 2 Staff Auditor About The Company A leading security and compliance firm, trusted by over 1200 organizations worldwide, specializes in audit and compliance solutions for standards such as SOC 1, SOC 2, ISO 27001, PCI DSS, and HIPAA. As a licensed CPA firm, PCI Qualified Security Assessor (QSA), and ISO 27001 Certification Body, the firm is dedicated to simplifying IT compliance through innovative technologies and an agile approach. Location Remote - Philippines Start date ASAP Type Full-time Long Term Contract Description In this role, you will: Execute day-to-day activities of IT audit engagements, including SOC 1, SOC 2, and HIPAA assessments, under management direction. Evaluate the design and effectiveness of technology controls. Identify and communicate IT audit findings to management. Assist in identifying performance improvement opportunities for assigned clients. Communicate effectively with clients and team members. Lead client meetings and foster relationships through proactive communication. Provide weekly status reports to management. Proactively communicate any potential issues to management. Requirements Excellent oral and written communication skills. Ability to work independently and collaboratively. High degree of motivation. Fluent in English, able to communicate confidently in english. Bachelor’s degree in accounting, business, cyber security, or management information systems. At least 1 year of experience performing IT audit engagements at a Big 4 or other audit/consulting firm. Candidates with an active or working towards CISA, CPA, CISSP, ISO 27001 Lead Auditor, or PCI QSA certification. Top 5 Technical Skills Required IT Audit Execution – Proficiency in performing SOC 1, SOC 2, and HIPAA audits, including assessing control design and effectiveness. Risk Assessment – Ability to identify and evaluate IT risks and control weaknesses in complex environments. Compliance Frameworks – Knowledge of standards such as SOC 1/2, ISO 27001, PCI DSS, and HIPAA. GRC Tools – Experience with governance, risk, and compliance platforms to streamline audit processes. Technical Communication – Skill in documenting and presenting audit findings clearly to technical and non-technical stakeholders. Nice-to-Have Technical Skills Compliance Automation Tools – Familiarity with tools like Vanta, Drata, or Secureframe for automating compliance workflows. Cloud Security – Understanding of cloud environments (e.g., AWS, Azure) and related security controls. Cybersecurity Frameworks – Knowledge of additional frameworks like NIST CSF or GDPR. Why Join? This role provides an opportunity to work with a global leader in security and compliance, utilizing cutting-edge technologies in a fully remote, collaborative environment. You will grow professionally and make a significant impact on clients’ compliance postures.

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Specialist Job Description & Summary A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats. *Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary: We are seeking a professional to join our Cybersecurity and Privacy services team, where you will have the opportunity to help clients implement effective cybersecurity programs that protect against threats, drive transformation, and foster growth. As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As an L3 Analyst/SOC Manager, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalated from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit. Responsibilities: · Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. · Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. · Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. · Follow up on cybersecurity incident tickets until closure. · Guide L1 and L2 analysts in analyzing events and response activities. · Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. · Review and provide suggestions for information security policies and best practices in client environments. · Ensure compliance with SLAs and contractual requirements, maintaining effective communication with stakeholders. · Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. · Update and review documents, playbooks, and standard operational procedures. · Validate and update client systems and IT infrastructure documentation. · Share knowledge on current security threats, attack patterns, and tools with team members. · Create and review new use cases based on evolving attack trends. · Analyze and interpret Windows, Linux OS, firewall, web proxy, DNS, IDS, and HIPS log events. · Develop and maintain threat detection rules, parsers, and use cases. · Understand security analytics and flows across SaaS applications and cloud computing tools. · Validate use cases through selective testing and logic examination. · Maintain continuous improvement processes and build/groom teams over time. · Develop thought leadership within the SOC. Mandatory skill sets: · Bachelor’s degree (minimum requirement). · 2-8 years of experience in SOC operations. · Experience analyzing malicious traffic and building detections. · Experience in application security, network security, and systems security. · Knowledge of security testing tools (e.g., BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect). · Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). · Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NY-DFS). · Experience with traditional security operations, event monitoring, and SIEM tools. · Knowledge of MITRE or similar frameworks and procedures used by adversaries. · Ability to develop and maintain threat detection rules and use cases. Preferred skill sets: · Strong communication skills, both written and oral. · Experience with SMB and large enterprise clients. · Good understanding of ITIL processes (Change Management, Incident Management, Problem Management). · Strong expertise in multiple SIEM tools and other SOC environment devices. · Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. · Understanding of raw log formats of various security devices. · Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). · Relevant certifications (CEH, CISA, CISM, etc.). · Strong work ethic and time management skills. · Coachability and dedication to consistent improvement. · Ability to mentor and encourage junior teammates. · Knowledge of regex and parser creation. · Ability to deploy SIEM solutions in customer environments. Years of experience required: 2-12 + years Education qualification: B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Technology Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills SoCs Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Azure Data Factory, Communication, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture, Security Compliance Management, Security Control, Security Incident Management, Security Monitoring {+ 3 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date

Role Description We are seeking an experienced and proactive SOC Lead to drive the operations of our Security Operations Center. The ideal candidate will have strong expertise in cybersecurity monitoring, incident response, threat hunting, and stakeholder communication. This role involves leading a global 24x7 SOC team, coordinating with cross-functional teams, and enhancing our threat detection and response capabilities. You will act as the escalation point for complex incidents and play a key role in process improvement, automation, and mentoring the SOC team. Key Responsibilities Lead and coordinate the 24x7 SOC operations, managing a distributed team of L1 and L2 analysts. Provide advanced triage and investigation of escalated security s and incidents from L1 analysts. Act as the primary escalation contact for high-priority incidents and security breaches. Ensure timely incident response and resolution within SLA while maintaining high-quality ticket documentation. Conduct Root Cause Analysis (RCA) and create detailed incident reports for high-severity cases. Continuously review and fine-tune security s, rules, and thresholds across SIEM and other monitoring tools. Design and propose new security use cases and playbooks to improve detection and response automation. Conduct training sessions for the team on new tools, updated processes, and emerging threats. Organize and lead governance meetings (weekly/biweekly/monthly) with internal stakeholders and clients. Stay informed on the latest threat intelligence, vulnerabilities, and security technologies to proactively enhance SOC capabilities. Maintain and enhance SOC documentation, including SOPs, incident runbooks, and knowledge bases. Collaborate with engineering, infrastructure, and compliance teams to align incident response with organizational risk management practices. Required Skills & Experience Minimum 4 years of hands-on experience in a Security Operations Center, focusing on incident response, security analysis, and threat hunting. Deep Technical Expertise In Email Security (Mimecast) EDR Tools (e.g., Threat Down / Malwarebytes) Secure Web Gateway (Netskope SWG) Cloud Security (Microsoft Azure, Microsoft Defender) SIEM Platforms (Azure Sentinel preferred) Threat analysis and phishing investigation Sound understanding of cybersecurity frameworks (MITRE ATT&CK, NIST, etc.) and incident response lifecycle. Working knowledge of enterprise infrastructure: networking, firewalls, operating systems (Windows/Linux), databases, and web applications. Excellent written and verbal communication skills; able to convey technical details to non-technical stakeholders. Strong organizational and prioritization skills; experience handling multiple concurrent incidents and tasks in high-pressure environments Preferred Certifications Relevant security certifications such as: CEH (Certified Ethical Hacker) Microsoft SC-200 (Security Operations Analyst) AZ-500 (Azure Security Engineer Associate) CISSP, GCIH, or similar. Proficiency with Security Tools: Mimecast Email Security Threat Down (Malwarebytes) Microsoft Azure, Microsoft Defender for O365 Netskope SWG Azure Sentinel (SIEM) Open-source tools for phishing analysis Skills Email Security, EDR, Threat hunting, SIEM

Your potential, unleashed. Indias impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Technology & Transformation is about much more than just the numbers. It’s about attesting to accomplishments and challenges and helping to assure strong foundations for future aspirations. Deloitte exemplifies what, how, and why of change so you’re always ready to act ahead. Learn more about Technology & Transformation Practice Your work profile As a Consultant in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Responsible for ISO 27001 based Information Security Management System implementation and sustenance Assess client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk Responsible for conducting clients vendors risk assessment and providing a holistic view of clients risk exposure due to outsourcing Responsible for conducting Information Systems audits covering IT infrastructure assets Works on projects with clearly defined guidelines as team member with responsibility for project delivery Works under general supervision with few direct instructions Performs development and customization work on larger security and privacy implementation projects Understands basic business and information technology management processes. Demonstrates knowledge of firm's methodologies, frameworks and tools. Desired qualifications 2-3yrs of relevant work exp in Cyber security, Information Security, related domains. B.E / B.Tech (Tier 1/2) in Computer Science, Information Technology or related fields ISO 27001 LA/LI, ISO 31000 LA/LI, ISO 22301 LA/LI, CISA, ITIL, or equivalent certification preferred Strong communication skills (written & verbal) Understanding of basic business and information technology management processes Basic knowledge in one or more security and privacy domains such as: security governance policies and procedures, risk management, compliance, identity management, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection Location and way of working Base location: Kochi This profile involves frequent travelling to client locations. Your role as a Consultant We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose, Consultant across our organization must strive to be: Inspiring - Leading with integrity to build inclusion and motivation Committed to creating purpose - Creating a sense of vision and purpose Agile - Achieving high-quality results through collaboration and Team unity Skilled at building diverse capability - Developing diverse capabilities for the future Persuasive / Influencing - Persuading and influencing stakeholders Collaborating - Partnering to build new solutions Delivering value - Showing commercial acumen Committed to expanding business - Leveraging new business opportunities Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization Effective communication – Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s) Managing change - Responding to changing environment with resilience Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte. Empathetic leadership and inclusivity - creating a safe and thriving environment where everyone's valued for who they are, use empathy to understand others to adapt our behaviours and attitudes to become more inclusive. How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Security Consultant is a seasoned level role, responsible for translating clients’ cybersecurity requirements and customizing and implementing security solutions into specific systems, applications and product designs. This role identifies and develops the security solutions for clients using company products, outsourced technology solutions and technical tools. This role consults with clients regarding secure product configuration, deployment, and security patches to minimize security vulnerabilities and provides comprehensive scanning, penetration testing, vulnerability assessments, monitoring services and source code analysis and delivers detailed results to clients. This role guides and supports clients in the development and implementation of product security controls. Key responsibilities: Works on strategic projects that ensure the efficient and effective reaction to security breaches to mitigate immediate and potential threats. Uses mitigation, preparedness, response and recovery approaches to minimize business disruptions and commercial consequences. Offers detailed technical support investigation and analysis response activities and evaluate the effectiveness of and improvements to existing practices. Conducts regular threat and vulnerability assessments and determine deviations from acceptable configurations or policies. Participates in the assessment of the level of risk and support the development of appropriate mitigation countermeasures in operational and non-operational situations. Analyzes evidence to support network vulnerability mitigation. Supports peers in the management and implementation of the information security management system. Participates in the implementation of policies, processes and guidelines to ensure the standardization of security management throughout the organization. Applies tactics, techniques, and procedures to a full range of tools and processes related to administrative, criminal, and counterintelligence gathering (e.g., in-depth case analyses, continuous monitoring, malware analysis, clear documentation). Proactively searches through our critical infrastructure, systems and networks to detect and isolate advanced threats that may cause harm to our organization. Use both manual approaches and automated tools to identify, analyze, and report events and support the development of countermeasures to proactively protect against these threats in the future. To thrive in this role, you need to have: Strong understanding of information technology and information security Solid understanding of security risks and preventative controls Excellent understanding of security operational processes and controls Service consulting aptitude, focusing on the business, service and sales aspects Excellent verbal and written communication skills Demonstrate impeccable attention to detail are able to translate internal customer requirements into solutions Maintain up-to-date knowledge of security threats, countermeasures, security tools, and network technologies High level of drive and ability to work under pressure Ability to build and maintain cross-functional relationships with a variety of stakeholders Understanding of relevant laws, regulations, and compliance frameworks affecting the technology sector. Good ability to assess and manage cybersecurity risks at both organizational and project levels. Good knowledge of security frameworks and standards like NIST, ISO/IEC 27001, CIS, etc. Academic qualifications and certifications: Bachelor's degree or equivalent in Information Technology or Computer Science or Engineering or related field. Industry relevant certifications such as CISSP, CISM, CEH, GSEC or CompTIA Security+ essential. Required experience: Seasoned demonstrable experience in the Information Technology Security Industry or relevant experience in similar role within a related environment. Seasoned experience with security architecture design principles. Seasoned experience with industry compliance and standards such as ISO 27000, PCI DSS, NIST, HIPAA or others. Seasoned experience with security tools and techniques to cover SANS Top 25, OWASP or others. Seasoned experience working in a multi-team environment across multiple geographies. Workplace type: Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

We are looking for a proactive and experienced L2 Security Operations Analyst to strengthen our Security Operations Centre (SOC) team. This role will be responsible for detecting, analysing, and responding to cybersecurity incidents in a hybrid infrastructure comprising AWS Cloud, on-prem infrastructure, and diverse endpoint systems including Linux, Windows, and macOS. The candidate should have hands-on experience with SIEM, EDR, firewalls, and cloud-native security tools, along with a solid understanding of threat landscapes and incident response processes. Responsibilities Act as the first level of the escalation point to the L1 team and investigate, validate, and escalate security alerts received from SIEM and other monitoring tools. Monitor and analyse security events from various sources, including CNAPP, SIEM, EDR, firewalls, AWS CloudTrail, Guard Duty, and endpoint logs. Triage security alerts and escalate incidents based on severity and impact. Correlate data across sources to identify patterns of malicious activity and potential breaches. Review and refine detection use cases and rule tuning to reduce false positives. Update and maintain incident response runbooks and knowledge base. Assist in the development of automation using SOAR platforms for repetitive tasks. Document incidents, root cause analysis, and lessons learned in a structured and timely manner. Provide regular status reports and metrics to SOC leads and management. Collaborate with infrastructure, application, and IT teams for investigation and remediation. Requirements Bachelor's degree in information security, Computer Science, or related field. 3-6 years of experience in a SOC or cybersecurity operations role. Proficiency with SIEM tools (e. g., Sentinel, Splunk). Hands-on experience with EDR/XDR platforms (e. g., CrowdStrike, Sentinel One). Strong understanding of network protocols, operating systems, malware analysis, and threat actor behaviour. Familiarity with frameworks such as MITRE ATT& CK, NIST CSF, Incident response and investigation skills, including log analysis and packet inspection. Experience with ticketing systems and incident tracking tools. This job was posted by Debapti Roy from mPokket.

We are seeking an experienced and proactive SOC Lead to drive the operations of our Security Operations Center. The ideal candidate will have strong expertise in cybersecurity monitoring, incident response, threat hunting, and stakeholder communication. This role involves leading a global 24x7 SOC team, coordinating with cross-functional teams, and enhancing our threat detection and response capabilities. You will act as the escalation point for complex incidents and play a key role in process improvement, automation, and mentoring the SOC team. Key Responsibilities: Lead and coordinate the 24x7 SOC operations, managing a distributed team of L1 and L2 analysts. Provide advanced triage and investigation of escalated security s and incidents from L1 analysts. Act as the primary escalation contact for high-priority incidents and security breaches. Ensure timely incident response and resolution within SLA while maintaining high-quality ticket documentation. Conduct Root Cause Analysis (RCA) and create detailed incident reports for high-severity cases. Continuously review and fine-tune security s, rules, and thresholds across SIEM and other monitoring tools. Design and propose new security use cases and playbooks to improve detection and response automation. Conduct training sessions for the team on new tools, updated processes, and emerging threats. Organize and lead governance meetings (weekly/biweekly/monthly) with internal stakeholders and clients. Stay informed on the latest threat intelligence, vulnerabilities, and security technologies to proactively enhance SOC capabilities. Maintain and enhance SOC documentation, including SOPs, incident runbooks, and knowledge bases. Collaborate with engineering, infrastructure, and compliance teams to align incident response with organizational risk management practices. Required Skills & Experience: Minimum 4 years of hands-on experience in a Security Operations Center, focusing on incident response, security analysis, and threat hunting. Deep technical expertise in: Email Security (Mimecast) EDR Tools (e.g., Threat Down / Malwarebytes) Secure Web Gateway (Netskope SWG) Cloud Security (Microsoft Azure, Microsoft Defender) SIEM Platforms (Azure Sentinel preferred) Threat analysis and phishing investigation Sound understanding of cybersecurity frameworks (MITRE ATT&CK, NIST, etc.) and incident response lifecycle. Working knowledge of enterprise infrastructure: networking, firewalls, operating systems (Windows/Linux), databases, and web applications. Excellent written and verbal communication skills; able to convey technical details to non-technical stakeholders. Strong organizational and prioritization skills; experience handling multiple concurrent incidents and tasks in high-pressure environments Preferred Certifications: Relevant security certifications such as: CEH (Certified Ethical Hacker) Microsoft SC-200 (Security Operations Analyst) AZ-500 (Azure Security Engineer Associate) CISSP, GCIH, or similar. Proficiency with Security Tools: Mimecast Email Security Threat Down (Malwarebytes) Microsoft Azure, Microsoft Defender for O365 Netskope SWG Azure Sentinel (SIEM) Open-source tools for phishing analysis Required Skills Email Security, EDR, Threat hunting, SIEM

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Compliance Management Good to have skills : NA Minimum 3 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: Seeking an experienced Security Architect/ Security Compliance Professional to lead and support the design, implementation, and maintenance of security governance, risk, and compliance (GRC) frameworks. This role ensures that the organization complies with industry standards and regulations such as ISO/IEC 27001, PCIDSS, NIST CSF, SOC 2, TISAX, and others. The candidate will work cross-functionally to manage audits, assess risks, and drive continuous improvement in the security posture of the organization. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security managed operations, ensuring that all security measures align with organizational standards and compliance requirements. You will also engage in continuous improvement initiatives to enhance the security posture of the organization. Roles & Responsibilities: Expected to perform independently and become an SME GRC professional. Required active participation/contribution in client discussions. Contribute in providing solutions to compliance related complex situations Conduct regular assessments of security framework based or cloud security controls to ensure compliance with established standards. Collaborate with cross-functional teams to identify and mitigate potential security risks. Professional & Technical Skills: Proficient in Information Security, Cyber Security and Governance, Risk, and Compliance (GRC). Has significant exposure to evolving landscape of security compliance requirements Lead and manage security compliance initiatives across the organization. Manage/ Conduct gap assessments and implement controls in alignment with compliance standards (e.g., ISO 27001, PCIDSS, NIST, SOC 2, GDPR and other relevant frameworks). Coordinate and support internal and external security audits, including evidence collection and remediation planning. Partner with business, IT, and legal teams to ensure compliance requirements are understood and implemented. Develop and maintain security policies, procedures, and documentation in line with regulatory needs. Monitor compliance status and prepare reports and metrics for leadership. Educate teams on compliance requirements and drive a culture of security awareness. Relevant certifications : Any one -ISO27001LA/LI, ISO3100 or CISA, CISM, CRISC, or equivalent. Additional Information: - The candidate should have 3-5 years of relevant experience in Information Security Governance, Risk and Compliance (GRC). - This position is based at our Pune office. - A 15 years full time education is required., 15 years full time education

Responsibilities Participating in red teaming exercises to assess the effectiveness of the organization's overall security posture. Should have a complete understanding and hands-on experience on IT security and monitoring, on-premises networking, Firewalls, VPN, IT and compliance policies, etc. Should be able to manage and develop end-to-end IT security policies, rules, and regulations, related training, and awareness programmes in the organization. Knowledge and hands-on on Office 365 features, policies, and Data loss prevention, Mobile device management service Microsoft INTUNE. Checking and maintaining end-to-end security parameters in the organization and creating and maintaining policies for different processes to secure the network and systems. Monitoring Security audits and different log messages from the network and the organization's IT resources. Perform detailed vulnerability analysis and exploit known vulnerabilities to assess the resilience of our systems against real-world threats. Develop and execute comprehensive test plans and methodologies to simulate potential cyberattacks and identify vulnerable areas. Continuously monitor, analyze, and respond to emerging security threats and trends to ensure proactive protection of our systems. Provide recommendations for improving security controls and implementing effective remediation strategies to address identified vulnerabilities. Contributing to the development and enhancement of cybersecurity frameworks and methodologies. Stay updated with the latest security technologies, tools, and industry trends to enhance the effectiveness of our security posture. Investigate and escalate security breaches or unauthorized access. Biometric and Access control management. Should be able to perform Vulnerability assessment, Malware analysis, Work with other penetration testers and information security analysts, Web application security, social engineering, Database security, and Reverse engineering. FortiGate and another industry firewall, good knowledge, and hands-on experience are required, along with monitoring and security policies implementation. Office 365 admin panel hands-on (managing users/devices/licenses and tracing methods for security implementation), Azure AD, email security, and policy knowledge and implementation. Requirements Should be able to research and develop an understanding of emerging and required IT security tools that need to be implemented in the organization. Must have led and handled complete IT Security audits in the organization and their remediation steps to ensure high-end security at all the levels, Network and User-endpoints. Should be aware of ISO 27001 NIST, or COSO framework practices and GRC infrastructure. More than 5 years of industry experience supporting mid to large enterprise customers on their Network Security and IT infrastructure is a requirement. Should have experience in implementing and managing cybersecurity and technical standards. Must have effective communication, technical skills, with email etiquette. Certified Ethical Hacker (CEH) certification or equivalent. Must have managed stakeholder handling skills. One or more IT Technical/Cyber Security Certifications required (any combination) as below: CISSP: Certified Information Systems Security Professional. CISM: Certified Information Security Manager. CISA: Certified Information Systems Auditor. This job was posted by Subhanjana Pandey from Indxx.

Company Overview: Leading with our core values of Quality, Integrity, and Opportunity, MedInsight is one of the healthcare industry’s most trusted solutions for healthcare intelligence. Our company purpose is to empower easy, data-driven decision-making on important healthcare questions. Through our products, education, and services, MedInsight is making an impact on healthcare by helping to drive better outcomes for patients while reducing waste. Over 300 leading healthcare organizations have come to rely on MedInsight analytic solutions for healthcare cost and care management. MedInsight has been ranked #1 for Payer Quality Analytics by clients for the last three years in the Best in KLAS report. MedInsight is a subsidiary of Milliman; a global, employee-owned consultancy providing actuarial consulting, retirement funding and healthcare financing, enterprise risk management and regulatory compliance, data analytics and business transformation as well as a range of other consulting and technology solutions. Position Summary: As a Penetration Tester, you will play a vital role in safeguarding our information systems by proactively identifying and mitigating security vulnerabilities. Working under the guidance of senior security professionals, you will assess the effectiveness of our cybersecurity infrastructure through simulated attacks and vulnerability assessments. This role offers the opportunity to build hands-on experience while contributing to the design and implementation of secure systems and processes. Key Responsibilities: Conduct penetration tests on networks, web and mobile applications, APIs, and cloud environments to identify security vulnerabilities and risks. Support security architects in assessing potential weaknesses in system designs and contribute to defining secure architecture and infrastructure requirements. Identify and exploit vulnerabilities in applications and infrastructure to simulate real-world cyber threats. Facilitate and coordinate vulnerability assessments and scans, review assessment results, and oversee remediation activities for network and infrastructure devices. Document and communicate findings clearly, translating technical risk into business risk for non-technical stakeholders. Participate in educating users and new employees on security best practices, policies, and procedures. Research and stay current on emerging cybersecurity threats, attack methods, and industry best practices. Recommend improvements to enhance system security and align with internal standards and regulatory requirements. Ensure testing activities and remediation efforts align with compliance standards and privacy laws (e.g., OWASP, NIST, ISO 27001). Collaborate with senior team members to provide technical guidance and support for security initiatives. May assist in reviewing third-party security controls, especially for cloud services. Qualifications: Minimum 4 years of experience in Application Security and Penetration Testing across networks, web/mobile apps, APIs, and cloud environments to identify vulnerabilities and risks. Familiarity with penetration testing methodologies, tools (e.g., Burp Suite, Nmap, Metasploit), and scripting languages (e.g., Python, Bash, PowerShell). Basic understanding of networking protocols, web technologies, and operating systems. Exposure to cybersecurity frameworks such as OWASP Top 10, NIST, or CIS Controls. Strong problem-solving skills, attention to detail, and ability to work as part of a team. Willingness to learn and grow within a structured, closely supervised environment. Preferred Experience: Experience related to ethical hacking or vulnerability assessments. One (or more) relevant certifications, or ability to pass exam: GPEN, GWAPT, OSCP CTF experience (HackTheBox, VulnHub, OverTheWire, etc) Educational Requirements Bachelor’s degree in computer science, Information Security, or related field or equivalent work experience. What makes this a great opportunity? Join an innovative, high growth company with a solid industry track record Bring your expertise and ideas to directly impact and help build the next generation of MedInsight products and solutions Enjoy significant visibility in your work and be recognized for your wins Work for a company that values your wellbeing and professional growth, offering a flexible work environment, generous benefits package, and investment in the development of your career Milliman Benefits: We offer competitive benefits which include the following based on plan eligibility: Supportive work culture focused on continuous learning, growth, and team collaboration Exposure to international teams and projects for broader professional experience Flexible working hours with hybrid/remote options to support work-life balance Annual health check-ups and employee wellness programs for a healthier lifestyle Employee Assistance Program (EAP) offering confidential mental health support Paid time off including vacation, sick leave, and recognized public holidays

Vestas is a major player in wind technology and a motivation in the development of the wind power industry. Vestas' core business comprises the development, manufacture, sale, marketing, and maintenance of Wind Turbines. Come and join us at Vestas! Power Plant Solutions Department is part of the VTO Organisation and supports the regions in selling, installing, and servicing a large number of SCADA systems controlling medium and large sized wind power plants. Our customers can mainly be found among larger power supply companies and professional investors. Frontend Engineering & Technology > Regional Engineering & Technology APAC > Power Plant Solutions APAC Responsibilities Provide support for hardware and software. Implementing installations, configuration, and testing of new or upgraded hardware and software to ensure uniformity, performance, reliability, and security Identity Access Management: - Provisioning user access and privileges on servers and network devices- Migration of users from existing site configuration- Auditing of user access/privilege levels Managing antivirus software on-site systems Installs and configures approved applications on-site systems Configure and test log management systems/SIEM e.g. Syslog, and NetFlow Implement and Monitor Intrusions Detection Systems on site Testing and deployment of approved security updates (patches) and firmware on SCADA devices Testing and deployment of upgrades on networking devices, majorly Cisco devices Troubleshoot and test PCs, servers, applications, and networking devices by using remote tools or by traveling to the different Vestas sites in Asia-Pacific Liaise with the Security Operations Centre (SOC) and Remote Operations Centre (ROC) to investigate and resolve incidents and tickets Ensure transfer/handoff of issues to appropriate personnel in the global organization Provide support to SCADA Engineers, Site technicians, and customers Supporting Configuration of switch and router for the SCADA team Participate in SCADA/Security Projects across the region Prepares operational reports including project status, equipment, network, inventory, and area activity summaries; develops and maintains procedures manuals Performs other duties of similar nature and level as assigned Qualifications University degree in Cyber Security, Computer/Software/Electrical Engineering At least 2 - 4 years of experience within cybersecurity, preferably in operational technology or specifically in the energy sector Certifications such as MCSE, and CCNA are an advantage You possess excellent communication skills You speak and write English fluently Competencies Experience with Microsoft Windows(R) Operating System, Cisco networking devices (switches, routers, and firewalls), and Linux Operating System Insight into Cyber security frameworks Such as C2M2, NIST, AESCSF, IEC62443 or similar Engineering experience within PLC programming, Automation, or SCADA systems is an advantage Troubleshooting - Ability to identify and define the source of problems through a logical process and identify and evaluate possible solutions based on facts and sound judgment that mitigate the problem whilst ensuring delivery of required outcomes. Microsoft server and Cisco certifications are an advantage Industrial electricity and electronics knowledge Motivated by finding solutions to meet customer needs inside existing design constraints Strong communication skills in English, both in speech and writing What We Offer We offer a very exciting job in a flat, multi-cultural, and dynamic department that cuts across Asia-Pacific, focusing on reaching world-class results. Exposure to the renewable energy environment through training and cross-functional activities is on offer. To us, it is all about protecting our customers' assets by identifying cyber threats to them and mitigating them before they become an incident. Additional Information Your primary workplace will be Chennai. Please note: We do amend or withdraw our jobs and reserve the right to the right to do so at any time, including prior to the advertised closing date. Please be advised to apply on or before 29th Aug 2025. Our commitment to a fair hiring At Vestas, we evaluate all candidates solely on professional experience, education, and relevant skills. To support a fair recruitment process, please remove any photos, dates of birth or graduation dates, gender pronouns, marital status, or other personal details not relevant to the role, before submitting your CV. Please keep your CV focused on work and educational details, and the necessary information that we contact you (email and phone number). We train our hiring teams in inclusive evaluation and regularly review process outcomes to ensure fairness. DEIB Statement At Vestas, we recognise the value of diversity, equity, and inclusion in driving innovation and success. We strongly encourage individuals from all backgrounds to apply, particularly those who may hesitate due to their identity or feel they do not meet every criterion. As our CEO states, "Expertise and talent come in many forms, and a diverse workforce enhances our ability to think differently and solve the complex challenges of our industry". Your unique perspective is what will help us powering the solution for a sustainable, green energy future. BEWARE – RECRUITMENT FRAUD It has come to our attention that there are a number of fraudulent emails from people pretending to work for Vestas. Read more via this link, https://www.vestas.com/en/careers/our-recruitment-process About Vestas Vestas is the energy industry’s global partner on sustainable energy solutions. We are specialised in designing, manufacturing, installing, and servicing wind turbines, both onshore and offshore. Across the globe, we have installed more wind power than anyone else. We consider ourselves pioneers within the industry, as we continuously aim to design new solutions and technologies to create a more sustainable future for all of us. With more than 185 GW of wind power installed worldwide and 40+ years of experience in wind energy, we have an unmatched track record demonstrating our expertise within the field. With 30,000 employees globally, we are a diverse team united by a common goal: to power the solution – today, tomorrow, and far into the future. Vestas promotes a diverse workforce which embraces all social identities and is free of any discrimination. We commit to create and sustain an environment that acknowledges and harvests different experiences, skills, and perspectives. We also aim to give everyone equal access to opportunity. To learn more about our company and life at Vestas, we invite you to visit our website at www.vestas.com and follow us on our social media channels. We also encourage you to join our Talent Universe to receive notifications on new and relevant postings.

Mizuho Global Services India Pvt. Ltd. Mizuho Global Services Pvt Ltd (MGS) is a subsidiary company of Mizuho Bank, Ltd, which is one of the largest banks or so called ‘Mega Banks’ of Japan. MGS was established in the year 2020 as part of Mizuho’s long-term strategy of creating a captive global processing centre for remotely handling banking and IT related operations of Mizuho Bank’s domestic and overseas offices and Mizuho’s group companies across the globe. At Mizuho we are committed to a culture that is driven by ethical values and supports diversity in all its forms for its talent pool. Direction of MGS’s development is paved by its three key pillars, which are Mutual Respect, Discipline and Transparency, which are set as the baseline of every process and operation carried out at MGS. Know more about MGS: https://www.mizuhogroup.com/asia-pacific/mizuho-global-services What’s in it for you? o Immense exposure and learning o Excellent career growth o Company of highly passionate leaders and mentors o Ability to build things from scratch Position: Governance Risk & Compliance - GRC Consultant – Senior Officer We are seeking a skilled and vigilant L2 for handling Governance Risk and Compliance for MGS. The Ideal candidate will ensure that an organization’s operations and procedures meet government and industry compliance standards with a strong focus on ISO 27001 implementation and policy preparation. Roles & Responsibilities: Risk Management: Identify, assess, and manage risks related to information security, privacy, and regulatory compliance. ISO 27001 Implementation: Lead the implementation and maintenance of ISO 27001 standards, including conducting internal audits and managing certification processes. Policy Development: Develop, update, and enforce security policies, standards, and procedures to ensure compliance with regulatory requirements. Compliance Monitoring: Monitor and ensure adherence to industry regulations and standards, such as GDPR, NIST, and SOX. Audits and Assessments: Conduct regular audits and risk assessments to identify gaps and recommend improvements. Vendor Risk Management: Evaluate and manage third-party vendors to ensure they meet organizational security requirements. Security Controls: Test and monitor the effectiveness of security controls and recommend enhancements. Regulatory Research: Stay updated on regulatory changes and ensure the organization complies with new requirements. Mandate Skills: Good Verbal and Written communication skills. Good Team player. Possess Positive and learning attitude. Excellent problem-solving skills and attention to detail. Strong documentation skills (creation of dashboards for regular reporting) Relevant certifications (e.g., CISA, CISM, ISO 27001) are a plus. Sense of Ownership, Priorities and Autonomous. Good to have at least one certification (ISO 27001 LI, ISO27001 LA) Knowledge of banking business and information technology practices and trends in banking sector Ability to communicate effectively, both orally and in writing. Qualifications: Graduation/Post graduation in, Computers, Information Systems, Computer Science, or Information technology systems Experience: 6+ years of work experience as GRC Consultant and relevant experience hands on of 6 years including Risk management, risk assessment, 2nd line defence in risk, control assessment, control review, control testing, ITGC Control, Gap Analysis, Creating and making policies And procedures, Information Security Officer ISO 27001 certified, Corporate IT Governance, Risk & Compliance, auditing. Office Address: Mizuho Global Services India Pvt. Ltd 16th Floor, Tower B Unit No : 1601 to 1604 World Trade Center Perungudi, Chennai - 600096

Summary : As a Senior Product Security Engineer, you will join our team of talented professionals dedicated to embedding continuous and seamless security into our engineering processes. You will contribute to the development and implementation of our Secure Software Development Lifecycle (S-SDLC), working across multiple technical teams to enhance our security posture. About the role : Promote secure-by-design architectures and implementations across all phases of our S-SDLC. Define product security standards, best practices, and processes with built-in governance and metrics. Develop new security capabilities, patterns and automation to integrate security throughout our development practices. Lead threat modeling sessions and secure code reviews (including of AI-based systems and products). Collaborate with cross-functional teams, including software engineering, platform engineering, QA, and operations. Accelerate security remediation through data analysis and support for product engineering teams. This central role will allow you to have maximum impact ensuring our products and applications meet the highest security standards to protect our customers. About you : Bachelor's degree in computer science or equivalent education experience. 7+ years of hands-on experience in software engineering or application security. Experience conducting security-focused threat modeling and code reviews across multiple technology stacks and programming languages. Experience with security tools (SAST, SCA, DAST, fuzzers a plus) and analyzing their findings. Proven analytical skills with ability to develop innovative solutions to complex security challenges. Both defensive and offensive mindset. Strong understanding of security principles (cryptography, authentication, authorization, etc.) and common vulnerabilities applicable to applications (web, desktop or mobile), APIs and cloud environments. Ability to identify, analyze, and mitigate common security vulnerabilities at both design and implementation levels. Knowledge of software engineering principles with experience designing and implementing secure systems, aligned with secure by design and secure by default principles Proficiency in writing code, tests, deployment logic, and API integrations. Any language welcomed. Python, GoLang, Java preferred. Excellent written and verbal communication skills with ability to articulate complex security concepts to diverse and cross-functional audiences. Preferred Qualifications Experience with a major cloud provider (AWS, Azure, Oracle Cloud or GCP). Experience with Infrastructure as Code (e.g., CDK, Terraform, ). Experience securing or developing systems using Large Language Models, RAG, and AI Agents. Experience with common authentication and authorization standards (SAML and OAuth). Experience with containerized application and container orchestration (Kubernetes, ECS, ). Knowledge of industry security frameworks and maturity models such as OWASP Application Security Verification Standard, CIS Benchmarks, NIST Cybersecurity Framework, OWASP SAMM or BSIMM. Relevant security certifications (e.g., OSCP, OSWE). Experience contributing to open-source security projects. Experience in security research, presenting at conferences, or publishing articles. #LI-SP1 Whats in it For You Hybrid Work Model Weve adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected. Flexibility & Work-Life Balance: Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset. This builds upon our flexible work arrangements, including work from anywhere for up to 8 weeks per year, empowering employees to achieve a better work-life balance. Career Development and Growth: By fostering a culture of continuous learning and skill development, we prepare our talent to tackle tomorrows challenges and deliver real-world solutions. Our Grow My Way programming and skills-first approach ensures you have the tools and knowledge to grow, lead, and thrive in an AI-enabled future. Industry Competitive Benefits We offer comprehensive benefit plans to include flexible vacation, two company-wide Mental Health Days off, access to the Headspace app, retirement savings, tuition reimbursement, employee incentive programs, and resources for mental, physical, and financial wellbeing. Culture: Globally recognized, award-winning reputation for inclusion and belonging, flexibility, work-life balance, and more. We live by our valuesObsess over our Customers, Compete to Win, Challenge (Y)our Thinking, Act Fast / Learn Fast, and Stronger Together. Social Impact Make an impact in your community with our Social Impact Institute. We offer employees two paid volunteer days off annually and opportunities to get involved with pro-bono consulting projects and Environmental, Social, and Governance (ESG) initiatives. Making a Real-World Impact: We are one of the few companies globally that helps its customers pursue justice, truth, and transparency. Together, with the professionals and institutions we serve, we help uphold the rule of law, turn the wheels of commerce, catch bad actors, report the facts, and provide trusted, unbiased information to people all over the world. Thomson Reuters informs the way forward by bringing together the trusted content and technology that people and organizations need to make the right decisions. We serve professionals across legal, tax, accounting, compliance, government, and media. Our products combine highly specialized software and insights to empower professionals with the data, intelligence, and solutions needed to make informed decisions, and to help institutions in their pursuit of justice, truth, and transparency. Reuters, part of Thomson Reuters, is a world leading provider of trusted journalism and news. We are powered by the talents of 26,000 employees across more than 70 countries, where everyone has a chance to contribute and grow professionally in flexible work environments. At a time when objectivity, accuracy, fairness, and transparency are under attack, we consider it our duty to pursue them. Sound excitingJoin us and help shape the industries that move society forward. As a global business, we rely on the unique backgrounds, perspectives, and experiences of all employees to deliver on our business goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. Thomson Reuters is proud to be an Equal Employment Opportunity Employer providing a drug-free workplace. We also make reasonable accommodations for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law. More information on requesting an accommodation here. Learn more on how to protect yourself from fraudulent job postings here. More information about Thomson Reuters can be found on thomsonreuters.com.

Summary Position Summary Job title: Security Architecture Review – Senior Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte's Cyber Risk services team helps organizations manage cyber risks proactively and helps in integration of security into every phase of the system, product, or process lifecycle. Our professionals provide security services that align with the client’s business objectives, regulatory requirements, and risk appetite. Work you’ll do Roles & Responsibilities: As a Senior Consultant in the Security architecture review domain, you are responsible for performing the following activities: Conduct comprehensive security architecture reviews for new and existing systems, applications, and infrastructure and assist by providing security overlays for any solution diagrams Evaluate solution designs and technical architectures to identify potential security risks and recommend mitigation strategies. Collaborate with IT, development, and business teams to integrate security requirements into project designs. Develop and maintain security architecture documentation, standards, and guidelines. Review and assess third-party/vendor solutions for security risks and compliance. Provide expert guidance on secure design patterns and critical security controls such as encryption, authentication, and access control. Be an active member of the projects and assist with any security related questions or issues Required Skills Knowledge of infrastructure and network security Exposure to microservices architecture concepts Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) Experience with cloud security (AWS, Azure, GCP) and on-premises environments. Familiarity with secure software development lifecycle (SDLC) practices. Proficiency in risk assessment methodologies. Excellent communication and documentation skills. Exposure to threat modeling exercise and zero trust architecture principles Knowledge of cloud security best practices. Exposure to secure by design methodology. Qualification Bachelor's degree or higher in Computer Science, or equivalent experience. 6 to 9 years of experience reviewing application security architectures and threat modeling. Experience with TOGAF or SABSA frameworks, preferably holding certifications and understanding of how security can be integrated. Certified Cloud Security Architect (Azure, AWS, or GCP) Good to have: Experience with integrating and operating SAST tools to identify code-level vulnerabilities in the development lifecycle. Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs. Proficiency in using SCA tools to detect and manage risks from third-party and open-source components, Hands-on experience in embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines Experience with integrating threat modeling tool into CICD pipeline Hands on experience on Microsoft Visio, Lucidchart, Microsoft Threat modeling tool etc or any other DFD, architecture drafting tool How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2025. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 303241

Summary Position Summary Job title: Security Architecture Review – Senior Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte's Cyber Risk services team helps organizations manage cyber risks proactively and helps in integration of security into every phase of the system, product, or process lifecycle. Our professionals provide security services that align with the client’s business objectives, regulatory requirements, and risk appetite. Work you’ll do Roles & Responsibilities: As a Senior Consultant in the Security architecture review domain, you are responsible for performing the following activities: Conduct comprehensive security architecture reviews for new and existing systems, applications, and infrastructure and assist by providing security overlays for any solution diagrams Evaluate solution designs and technical architectures to identify potential security risks and recommend mitigation strategies. Collaborate with IT, development, and business teams to integrate security requirements into project designs. Develop and maintain security architecture documentation, standards, and guidelines. Review and assess third-party/vendor solutions for security risks and compliance. Provide expert guidance on secure design patterns and critical security controls such as encryption, authentication, and access control. Be an active member of the projects and assist with any security related questions or issues Required Skills Knowledge of infrastructure and network security Exposure to microservices architecture concepts Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) Experience with cloud security (AWS, Azure, GCP) and on-premises environments. Familiarity with secure software development lifecycle (SDLC) practices. Proficiency in risk assessment methodologies. Excellent communication and documentation skills. Exposure to threat modeling exercise and zero trust architecture principles Knowledge of cloud security best practices. Exposure to secure by design methodology. Qualification Bachelor's degree or higher in Computer Science, or equivalent experience. 6 to 9 years of experience reviewing application security architectures and threat modeling. Experience with TOGAF or SABSA frameworks, preferably holding certifications and understanding of how security can be integrated. Certified Cloud Security Architect (Azure, AWS, or GCP) Good to have: Experience with integrating and operating SAST tools to identify code-level vulnerabilities in the development lifecycle. Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs. Proficiency in using SCA tools to detect and manage risks from third-party and open-source components, Hands-on experience in embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines Experience with integrating threat modeling tool into CICD pipeline Hands on experience on Microsoft Visio, Lucidchart, Microsoft Threat modeling tool etc or any other DFD, architecture drafting tool How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2025. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 303240

Summary Position Summary Job title: Security Architecture Review – Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte's Cyber Risk services team helps organizations manage cyber risks proactively and helps in integration of security into every phase of the system, product, or process lifecycle. Our professionals provide security services that align with the client’s business objectives, regulatory requirements, and risk appetite. Work you’ll do Roles & Responsibilities: As a Senior Consultant in the Security architecture review domain, you are responsible for performing the following activities: Conduct comprehensive security architecture reviews for new and existing systems, applications, and infrastructure and assist by providing security overlays for any solution diagrams Evaluate solution designs and technical architectures to identify potential security risks and recommend mitigation strategies. Collaborate with IT, development, and business teams to integrate security requirements into project designs. Develop and maintain security architecture documentation, standards, and guidelines. Review and assess third-party/vendor solutions for security risks and compliance. Provide expert guidance on secure design patterns and critical security controls such as encryption, authentication, and access control. Be an active member of the projects and assist with any security related questions or issues Required Skills Knowledge of infrastructure and network security Exposure to microservices architecture concepts Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) Experience with cloud security (AWS, Azure, GCP) and on-premises environments. Familiarity with secure software development lifecycle (SDLC) practices. Proficiency in risk assessment methodologies. Excellent communication and documentation skills. Exposure to threat modeling exercise and zero trust architecture principles Knowledge of cloud security best practices. Exposure to secure by design methodology. Qualification Bachelor's degree or higher in Computer Science, or equivalent experience. 6 to 9 years of experience reviewing application security architectures and threat modeling. Experience with TOGAF or SABSA frameworks, preferably holding certifications and understanding of how security can be integrated. Certified Cloud Security Architect (Azure, AWS, or GCP) Good to have: Experience with integrating and operating SAST tools to identify code-level vulnerabilities in the development lifecycle. Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs. Proficiency in using SCA tools to detect and manage risks from third-party and open-source components, Hands-on experience in embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines Experience with integrating threat modeling tool into CICD pipeline Hands on experience on Microsoft Visio, Lucidchart, Microsoft Threat modeling tool etc or any other DFD, architecture drafting tool How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2025. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 303239

About the Team At Navi, the InfoSec team safeguards our digital ecosystem - ensuring the confidentiality, integrity, and availability of critical systems and data. We lead the charge on information security risk management, regulatory compliance, and data protection, while championing a security-first culture across all teams. Our mission: Protect what powers Navi - securely, compliantly, and confidently. About the Role As Manager – Information Security (Assurance), you will lead Navi’s Information security governance, risk, and compliance efforts across the group. You’ll ensure alignment with RBI, IRDAI, SEBI, and global security standards by shaping policy, driving audit readiness, face of all the regulatory audits, Internal Audits, Vendor risk management and embedding secure practices across tech, product, and infrastructure. This role combines regulatory depth, technical oversight, and cross-functional collaboration to minimize risk and strengthen Navi’s security posture in a fast-paced, regulated environment. What We Expect From You As Navi operates in the regulatory space, this role requires interpreting and helping implement regulations related to cyber security by Reserve Bank of India (RBI), IRDAI and SEBI, as well as any other applicable regulatory guidance related to the service offerings issued by relevant institutions. Further to the point above, ensure on-going monitoring and tech-compliance with existing regulatory expectations across these dimensions Lead the Information security - GRC-Assurance practice for Navi group level. Review that information security principles, policies, frameworks, standards and controls are defined, implemented and managed effectively. Partner and collaborate extensively with cross-functional teams, such as Engineering, Infrastructure, IT, Legal, and help minimize information security risks Review of Architecture and deliberate on the solutions that are compliant with relevant regulatory cybersecurity requirements Conduct and review results of Technology Risk Assessment, recommending mitigation strategies to bring the Risk to appropriate levels Nav is looking for a Manager Information Security (GRC) to be part of the information security Ensure readiness of the organization for internal and external audits by keeping all documents, evidences, ready If required, represent Navi in Board and Board Committee meetings, as well as in discussions with regulators Review / conduct Third Party Risk Assessments & Vendor assessments before onboarding Review security solutions / controls implemented by Tech / Engineering teams, controls at data center, cyber / information security incidents, IT BCP and DR drills, cloud security controls Identify and define Security KPIs including weekly, monthly reports and update Security Dashboards Must Haves Minimum 7+ years of experience working in information security GRC Prior experience in the Fintech/Startup industry and knowledge of one of the regulatory compliances like PCI DSS, RBI Master Directives, IRDA, SEBI cyber security guideline is preferred. Hands-on approach in solving complex security problems Experience with Information Security & Risk Management frameworks like ISO27001, NIST SP 800-37, etc Cyber Kill Chain, MITRE ATT&CK, or other relevant frameworks Working knowledge of Cloud environments like AWS, GCP, Oracle cloud is beneficial. Exposure to Agile methodologies, DevOps, Cloud technologies is beneficial Soft Skills Ability to multitask and meet deadlines, and to prioritize in a highly dynamic work environment Ability to balance risk, potential impact, resourcing, business drivers, and timelines Excellent verbal and written communication skills Strong Product Thinking Strong problem solving Business acumen Technology grounding Strategic thinking Strong written and verbal communication skills with a talent for articulating. Inside Navi We are shaping the future of financial services for a billion Indians through products that are simple, accessible, and affordable. From Personal & Home Loans to UPI, Insurance, Mutual Funds, and Gold — we’re building tech-first solutions that work at scale, with a strong customer-first approach. Founded by Sachin Bansal & Ankit Agarwal in 2018, we are one of India’s fastest-growing financial services organisations. But we’re just getting started! Our Culture The Navi DNA Ambition. Perseverance. Self-awareness. Ownership. Integrity. We’re looking for people who dream big when it comes to innovation. At Navi, you’ll be empowered with the right mechanisms to work in a dynamic team that builds and improves innovative solutions. If you’re driven to deliver real value to customers, no matter the challenge, this is the place for you. We chase excellence by uplifting each other—and that starts with every one of us. Why You'll Thrive at Navi At Navi, it’s about how you think, build, and grow. You’ll thrive here if: You’re impact-driven : You take ownership, build boldly, and care about making a real difference. You strive for excellence : Good isn’t good enough. You bring focus, precision, and a passion for quality. You embrace change : You adapt quickly, move fast, and always put the customer first.

Summary Position Summary Job title: DevSecOps - Manager About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte’s DevSecOps CI/CD Security Transformation and Secure Software Development Lifecycle engagement archetypes provide frameworks, templates, and leading practices for integrating security into software delivery pipelines. These resources include step-by-step workflows, staffing guidance, and project management tools to support DevSecOps roles and responsibilities The cyber risk services—Identity & access management (IAM) practice helps organizations in designing, developing, and implementing industry-leading IAM solutions to protect their information and confidential data, as well as help them build their businesses and supporting technologies to be more secure, vigilant, and resilient. The IAM team delivers service to clients through following key areas: User provisioning Access certification Access management and federation Entitlements management Work you’ll do Roles & Responsibilities: As a DevSecOps Manager, your core responsibility will be leading the implementation and ongoing management of DevSecOps practices across client's cloud and on-premises environments, which includes the following: Conduct interviews and assessments to understand client requirements, current state and DevSecOps practice maturity. Define strategy and take responsibility in driving adoption of security automation, continuous integration/continuous delivery (CI/CD), and compliance within the software development lifecycle of client's environment. Understand and be compliant with the Service Level Agreements defined for the DevSecOps services Oversee the development and integration of security tools and automation for services such as threat modeling, security architecture reviews, secure development practices, code analysis, vulnerability scanning, API security, configuration management etc. Manage and mentor DevSecOps team and client's cross-functional teams, setting goals and tracking performance. Report on DevSecOps metrics, security posture, and process improvements to leadership and client stakeholders. Stay current with emerging DevSecOps tools, security threats, and regulatory requirements. Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the services provided to client. Required Skills 9+ years of experience in application security development, security testing, integrating security tools, deployment and security management phases, with atleast 2+ years of leading the Devsecops projects. Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) Investigative and analytical problem-solving skills along with excellent communication, project management, and stakeholder engagement skills. Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources (tools, monitoring techniques etc.) Understanding of solution designs and technical architectures to identify potential security risks and recommend mitigation strategies. Exposure to threat modeling exercise, zero trust architecture principles and secure by design practice. Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles; Hands-on experience in performing secure code reviews and penetration testing Hands-on experience in running, installing and managing SAST, DAST , SCA and IAST solutions, such as Checkmarx, Fortify and Contrast in large enterprise Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk; Strong knowledge of CI/CD tools and hands on experience on at least one CI/CD tool set and building pipelines (including in cloud) using Team city, Bamboo, Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; Hands on experience on container technology such as Kubernetes, Dockers, AKS, EKS. Knowledge of cloud environments and deployment solutions such as server less computing; Must have cloud security specialization in Security; and Certification such as EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc. are preferred. Qualification Bachelor's degree or higher in Computer Science, IT or equivalent experience. Experience in cloud service providers such as AWS, GCP, Azure, Oracle and multi-cloud DevSecOps implementations. Background in Agile or Scrum methodologies. Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case). Understanding of security essentials including; networking concepts, defense strategies, and current security technologies Experience with securing IaC templates (e.g., Terraform, CloudFormation) and integrating IaC scanning tools into pipelines to detect misconfigurations and vulnerabilities early in the provisioning process Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. Familiarity with container security best practices, including image scanning, runtime protection, and orchestration security (e.g., Docker, Kubernetes). Experience with secrets management tools (e.g., HashiCorp Vault, AWS Secrets Manager). Ability to research and characterize security threats to include identification and classification of application related threat indicators. Good to have: Skills in scripting languages (e.g., Groovy for Jenkins, Bash, Python) to customize pipeline steps and automate repetitive tasks. How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2023. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 306776

Summary Position Summary Job title: Security Architecture Review – Senior Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte's Cyber Risk services team helps organizations manage cyber risks proactively and helps in integration of security into every phase of the system, product, or process lifecycle. Our professionals provide security services that align with the client’s business objectives, regulatory requirements, and risk appetite. Work you’ll do Roles & Responsibilities: As a Senior Consultant in the Security architecture review domain, you are responsible for performing the following activities: Conduct comprehensive security architecture reviews for new and existing systems, applications, and infrastructure and assist by providing security overlays for any solution diagrams Evaluate solution designs and technical architectures to identify potential security risks and recommend mitigation strategies. Collaborate with IT, development, and business teams to integrate security requirements into project designs. Develop and maintain security architecture documentation, standards, and guidelines. Review and assess third-party/vendor solutions for security risks and compliance. Provide expert guidance on secure design patterns and critical security controls such as encryption, authentication, and access control. Be an active member of the projects and assist with any security related questions or issues Required Skills Knowledge of infrastructure and network security Exposure to microservices architecture concepts Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) Experience with cloud security (AWS, Azure, GCP) and on-premises environments. Familiarity with secure software development lifecycle (SDLC) practices. Proficiency in risk assessment methodologies. Excellent communication and documentation skills. Exposure to threat modeling exercise and zero trust architecture principles Knowledge of cloud security best practices. Exposure to secure by design methodology. Qualification Bachelor's degree or higher in Computer Science, or equivalent experience. 6 to 9 years of experience reviewing application security architectures and threat modeling. Experience with TOGAF or SABSA frameworks, preferably holding certifications and understanding of how security can be integrated. Certified Cloud Security Architect (Azure, AWS, or GCP) Good to have: Experience with integrating and operating SAST tools to identify code-level vulnerabilities in the development lifecycle. Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs. Proficiency in using SCA tools to detect and manage risks from third-party and open-source components, Hands-on experience in embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines Experience with integrating threat modeling tool into CICD pipeline Hands on experience on Microsoft Visio, Lucidchart, Microsoft Threat modeling tool etc or any other DFD, architecture drafting tool How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2025. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 303241

Summary Position Summary Job title: Security Architecture Review – Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte's Cyber Risk services team helps organizations manage cyber risks proactively and helps in integration of security into every phase of the system, product, or process lifecycle. Our professionals provide security services that align with the client’s business objectives, regulatory requirements, and risk appetite. Work you’ll do Roles & Responsibilities: As a Senior Consultant in the Security architecture review domain, you are responsible for performing the following activities: Conduct comprehensive security architecture reviews for new and existing systems, applications, and infrastructure and assist by providing security overlays for any solution diagrams Evaluate solution designs and technical architectures to identify potential security risks and recommend mitigation strategies. Collaborate with IT, development, and business teams to integrate security requirements into project designs. Develop and maintain security architecture documentation, standards, and guidelines. Review and assess third-party/vendor solutions for security risks and compliance. Provide expert guidance on secure design patterns and critical security controls such as encryption, authentication, and access control. Be an active member of the projects and assist with any security related questions or issues Required Skills Knowledge of infrastructure and network security Exposure to microservices architecture concepts Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) Experience with cloud security (AWS, Azure, GCP) and on-premises environments. Familiarity with secure software development lifecycle (SDLC) practices. Proficiency in risk assessment methodologies. Excellent communication and documentation skills. Exposure to threat modeling exercise and zero trust architecture principles Knowledge of cloud security best practices. Exposure to secure by design methodology. Qualification Bachelor's degree or higher in Computer Science, or equivalent experience. 6 to 9 years of experience reviewing application security architectures and threat modeling. Experience with TOGAF or SABSA frameworks, preferably holding certifications and understanding of how security can be integrated. Certified Cloud Security Architect (Azure, AWS, or GCP) Good to have: Experience with integrating and operating SAST tools to identify code-level vulnerabilities in the development lifecycle. Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs. Proficiency in using SCA tools to detect and manage risks from third-party and open-source components, Hands-on experience in embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines Experience with integrating threat modeling tool into CICD pipeline Hands on experience on Microsoft Visio, Lucidchart, Microsoft Threat modeling tool etc or any other DFD, architecture drafting tool How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2025. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 303239

Summary Position Summary Job title: Security Architecture Review – Senior Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte's Cyber Risk services team helps organizations manage cyber risks proactively and helps in integration of security into every phase of the system, product, or process lifecycle. Our professionals provide security services that align with the client’s business objectives, regulatory requirements, and risk appetite. Work you’ll do Roles & Responsibilities: As a Senior Consultant in the Security architecture review domain, you are responsible for performing the following activities: Conduct comprehensive security architecture reviews for new and existing systems, applications, and infrastructure and assist by providing security overlays for any solution diagrams Evaluate solution designs and technical architectures to identify potential security risks and recommend mitigation strategies. Collaborate with IT, development, and business teams to integrate security requirements into project designs. Develop and maintain security architecture documentation, standards, and guidelines. Review and assess third-party/vendor solutions for security risks and compliance. Provide expert guidance on secure design patterns and critical security controls such as encryption, authentication, and access control. Be an active member of the projects and assist with any security related questions or issues Required Skills Knowledge of infrastructure and network security Exposure to microservices architecture concepts Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) Experience with cloud security (AWS, Azure, GCP) and on-premises environments. Familiarity with secure software development lifecycle (SDLC) practices. Proficiency in risk assessment methodologies. Excellent communication and documentation skills. Exposure to threat modeling exercise and zero trust architecture principles Knowledge of cloud security best practices. Exposure to secure by design methodology. Qualification Bachelor's degree or higher in Computer Science, or equivalent experience. 6 to 9 years of experience reviewing application security architectures and threat modeling. Experience with TOGAF or SABSA frameworks, preferably holding certifications and understanding of how security can be integrated. Certified Cloud Security Architect (Azure, AWS, or GCP) Good to have: Experience with integrating and operating SAST tools to identify code-level vulnerabilities in the development lifecycle. Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs. Proficiency in using SCA tools to detect and manage risks from third-party and open-source components, Hands-on experience in embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines Experience with integrating threat modeling tool into CICD pipeline Hands on experience on Microsoft Visio, Lucidchart, Microsoft Threat modeling tool etc or any other DFD, architecture drafting tool How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2025. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 303240

Job Description: The Analyst-Compliance officer's role is to ensure the secure operation of the Sakon information assets in accordance with our internal processes, procedures, and compliance requirements as per the relevant ISO standards, regulatory frameworks applicable to Sakon and industry best practices. Responsibilities: Establish and implement practices for Information Security aligned to Cyber Security Frameworks such as International Organization for Standardization (ISO) 2700X, National Institute of Standards and Technology (NIST) 800-53, Payment Card Industry Data Security Standard (PCI DSS), AICPA Trust Services Principles and Criteria (SOC). • Develop, implement, and maintain the organization’s security architecture to provide an effective platform to protect the organization’s assets. • Perform security reviews and compliance testing to ensure adherence to adopted security and governance frameworks. • Conduct gap assessments against security and privacy frameworks, regulations, and best practices. • Implementation of security and governance controls to address requirements of privacy like GDPR, CCPA and HIPPA. • Third party risk assessment for onboarding new vendors and annual review for existing vendors. • Perform IT Risk Management as per the ISO 31000 Risk Management Framework (RMF) and provide recommendations for applying the RMF to the organizations information systems. • Information Security Policy and Procedure Management: Creating, communicating, and maintaining IT Security policies/procedures. • Lead the development of security and privacy awareness training in conjunction with other members of the Information Security group. • Ensuring Security Awareness Trainings and refreshers are updated to current IT Security Standards. • Perform and maintain IT Risk Management for processes and technological controls as per ISO 27002 guidelines. • Managing internal audits, creating Corrective and Preventive Actions (CAPA) and tracking until closure. • Monitor change management process to ensure compliance. Skills: Complete understanding of Cyber Security compliances like SOC1 (SSAE-18), SOC2, SOC3, ISO27001, PCI- DSS, Cloud Security Alliance (CSA). • Complete understanding of Privacy Compliances and Frameworks like GDPR, CCPA and HIPPA. • Working knowledge and understanding of COBIT and ITIL Framework. • Understanding of Software Development Life Cycle (SDLC). • Integrating security practices within SDLC. • Knowledge of Information Technology trends and impact on related security procedures and processes. • Strong analytical and critical-thinking skills. • Identification and mitigation of gaps within Information Security policies and procedures. • Knowledge of identity management include authentication and authorization across internal and external IT assets of services. • High quality documentation based on relative standards. • At least one industry certification (ISO 27001 LA, CISA, CISM, CRISC, ISAAP) highly desired. • Minimum two to three years’ experience conducting security control assessments or audits. • Minimum two years' experience developing or managing a security awareness program. • High-level of attention to detail and be a self-starter with ability to work independently, multi-task and adjust to shifting priorities. Perks & Benefits: Flexible Holiday Policy (choose your own holidays) • Life & Medical Insurance • Focus on Skill Development, Re-imbursement for Certifications • Wifi-Mobile bill reimbursement • Employee wellbeing activities How to Apply and Interview Process: To apply, kindly share the resume with namrata1.navadgi@sakon.com.

Key Responsibilities • Lead and deliver cybersecurity risk assessments, security architecture reviews, and threat modeling for client engagements across multiple industries. • Develop and implement cybersecurity governance frameworks, including policies, controls, and compliance programs (ISO 27001, NIST, CIS, etc.). • Advise clients on cloud and application security strategies with a focus on secure design and regulatory compliance. • Oversee and mentor junior consultants in cyber risk assessment methodologies and best practices. • Interface with senior client stakeholders, providing consulting-level insights and recommendations to manage risks effectively. • Support business growth through solution development, proposal support, and client relationship management. • Stay abreast of emerging threats, security technologies, and regulatory requirements to provide forward-looking advisory services. Required Skills & Experience • 810 years of experience in cybersecurity consulting, risk management, and security architecture. • Strong track record in security architecture reviews, threat modeling, and risk assessments. • Solid knowledge of cloud security (AWS, Azure, GCP) and enterprise environments. • Hands-on experience in building or assessing governance, risk, and compliance (GRC) programs. • Strong understanding of industry frameworks and standards (NIST CSF, ISO 27001, PCI DSS, etc.). • Ability to engage with senior leadership and C-level executives with strong communication and presentation skills. Certifications • Mandatory: CISSP and/or CCSP (both preferred). • Additional preferred certifications: CISM, SABSA, AWS/Azure Security Specialty, or equivalent. Preferred Attributes • Prior experience with a Big 4 or top-tier consulting firm or equivalent consulting background. • Strong problem-solving, stakeholder management, and project delivery skills. • Ability to work across diverse clients, geographies, and industri

about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. IDENTITY AND ACCESS MANAGEMENT SPECIALIST ZS IT Support teams are aligned with the companys business strategy and operating model and aims to provide its 10,000 plus employees and their clients the right tools and information for high performance. The IT organization focuses on providing products and services to ZS to ensure successful business outcomes. This involves providing a scalable, sustainable and reliable IT infrastructure, customized applications, messaging and collaboration products, Business Intelligence and Database administration support along with a reliable 24*7 uninterrupted high-quality technology support services. What You'll Do: Develop and execute the IAM strategy and roadmap for ZS, aligning with the business objectives and security requirements. You will define the IAM vision, goals, policies and standards, and oversee the implementation and governance of the IAM framework. Serve as subject matter expert across the lifecycle of identity and access management, including identity governance, access management, privileged access management, identity federation and single sign-on. You will ensure the effective and efficient provisioning, deprovisioning, authentication, authorization and auditing of identities and access rights for all users, roles and applications. Ensure the IAM solutions are scalable, secure and compliant with industry standards and best practices, such as ISO 27001, NIST, SSO, OAuth, SAML, OIDC, etc. You will evaluate and select the appropriate IAM technologies, platforms and tools, and ensure they meet the security, performance and usability requirements. Oversee and design the integration of IAM solutions with internal and client facing applications, covering a fully hybrid model with cutting edge technology, such as cloud, mobile, biometric, etc. You will collaborate with the application owners, developers and architects to ensure the seamless and secure integration of IAM capabilities and features, and support the adoption and migration of applications to the IAM solutions. Train IAM team, providing guidance, coaching and performance evaluation. You will motivate and develop the IAM team Manage IAM vendor contracts, SLAs and deliverables. You will also foster a culture of collaboration, innovation and excellence within the IAM team and across the organization. Establish and maintain effective relationships with key stakeholders, such as business leaders, IT teams, auditors and clients. You will communicate and advocate the IAM strategy, roadmap and value proposition, and solicit feedback and input from the stakeholders. You will also ensure the alignment and coordination of the IAM activities and initiatives with the business and IT priorities and plans. Monitor and report on the IAM metrics, KPIs and SLAs, ensuring the quality and efficiency of the IAM services. You will establish and track the IAM performance indicators, such as availability, reliability, security, compliance, user satisfaction, etc. You will also identify and report on the IAM achievements, challenges and opportunities. Identify and manage the IAM risks, issues and incidents, ensuring timely resolution and mitigation. You will conduct and oversee the IAM risk assessments, audits and reviews, and implement the appropriate controls and remediation actions. You will also manage and escalate the IAM issues and incidents, and coordinate the response and recovery efforts. Stay abreast of the latest trends and developments in the IAM domain, and provide recommendations for continuous improvement and innovation. You will research and benchmark the best practices and emerging solutions in the IAM field, and evaluate their applicability and feasibility for ZS. You will also propose and implement the IAM enhancements and innovations, and drive the continuous learning and improvement of the IAM team and processes. What You'll Bring: Bachelor's degree or higher in Computer Science, Information Systems, Cybersecurity or related field. Minimum 6-8 years of experience in IAM domain, with at least 3 years of experience as a subject matter expert. Proven track record of successfully delivering complex IAM projects in a large and dynamic environment. Strong knowledge and hands-on experience with various IAM technologies, platforms and tools, such as Microsoft EntraID, Okta, SailPoint, beyondTrust, CyberArk, Ping Identity, etc. Excellent communication, presentation and interpersonal skills, with the ability to communicate effectively with both technical and non-technical audiences. Strong analytical, problem-solving and decision-making skills, with the ability to balance business needs and security risks. Certifications in IAM, such as CISSP, CISM, CISA, CRISC, etc., are preferred.