3680 Nist Jobs - Page 9

About Us SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone. SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, colour, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work. Join us to shape the future of digital payment in India and unlock your full potential. What’s in it for YOU SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees Admirable work deserves to be rewarded. We have a well curated bouquet of rewards and recognition program for the employees Dynamic, Inclusive and Diverse team culture Gender Neutral Policy Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits Commitment to the overall development of an employee through comprehensive learning & development framework Role Purpose Responsible for implementing and managing Infrastructure vulnerability tools and processes to reduce technical risks due to vulnerabilities, including identifying and evaluating vulnerabilities and supporting remediation activities. This role is also responsible for leveraging expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT landscape across SBIC Card environment. Role Accountability Lead the Vulnerability Assessment, Penetration Testing & Patch Management Program in support of the functional & company strategy, goals, and performance objectives Manage development, implementation, and effectiveness of vulnerability management and security testing programs, initiatives, and capabilities Assist with planning, providing input on capabilities and methods used for vulnerability management and security testing, and driving improvements Develop Vulnerability management framework, support compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks Provide technical expertise for information security policies and standards Conduct vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience Perform vulnerability risk profiling and prioritization of vulnerabilities Identify, research, validate, and exploite various different known and unknown security vulnerabilities on server and client side Perform regular status reviews with IT asset owners & senior leadership to ensure compliance with InfoSec policies Coordinate patch management/Remediation activities for all IT assets (workstations, network, server, application, database etc.) Develop and Monitor patch deployment schedules for all Vulnerability assessments and penetration testing on an ongoing basis as well as auditing for completeness Provide communications across the organization, interfacing with senior leadership on vulnerability remediation, driving security hardening best practices, and representing the Vulnerability and Patch Management team Maintain relationship with managed security services vendor leadership to ensure effective implementation and operation of security programs, ongoing support and deployment of competent resources Oversee the development, implementation and maintenance of vendor standard operating procedures/ run book in line with SBI Card policies & standards Provide technical & program management expertise and oversight over vendor teams Monitor vendor SLAs, perform regular review with vendor management and report to SBI Card leadership Ensure process documentation and compliance adherence Measures of Success Reduction in security vulnerabilities in SBI Card IT platforms Number of enhancement opportunities identified for the security posture to reduce overall risk to SBI Card Reduction in information leakage and exploitation from vulnerabilities Security metrics / SLA / KPIs are within acceptable threshold Timely updation of Application Security & Vulnerability Management related standards and SOPs and other documents No adverse observations in Internal / External Audits Process Adherence as per MOU Technical Skills / Experience / Certifications Understanding of Vulnerability Management Program including Assessment and Remediation Experience analyzing risk and prioritization of vulnerabilities, validating vulnerability reports and driving remediation. Understanding of the overall threat and vulnerability management process, including metrics to measure performance Working knowledge of compliance frameworks and security management standards (e.g., ISO 27001, NIST CSF. PCI-DSS etc.) Thorough understanding of enterprise security controls, network protocols and operating system (Windows/Linux environments) Strong knowledge in industry standard VAPT tools like Nessus, Rapid7, AWS Inspector and open-source tools Competencies critical to the role Stakeholder Management Analytical ability Innovation & Problem Solving Market Awareness Qualification Bachelor of Engineering in Computer Science / Engineering, Masters in Computer Science Preferred Industry BFSI / NBFC /E-commerce/IT & ITES / Telecom

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Compliance Management Good to have skills : Security Architecture Design Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary: Seeking an experienced Security Architect/ Security Compliance Professional to lead and support the design, implementation, and maintenance of security governance, risk, and compliance (GRC) frameworks. This role ensures that the organization complies with industry standards and regulations such as ISO/IEC 27001, PCIDSS, NIST CSF, SOC 2, TISAX, and others. The candidate will work cross-functionally to manage audits, assess risks, and drive continuous improvement in the security posture of the organization. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security managed operations, ensuring that all security measures align with organizational standards and compliance requirements. You will also engage in continuous improvement initiatives to enhance the security posture of the organization. Roles & Responsibilities: Expected to perform independently and become an SME or manage a team of GRC professional. Required active participation/contribution in client discussions. Contribute in providing solutions to compliance related complex situations Conduct regular assessments of security framework based or cloud security controls to ensure compliance with established standards. Collaborate with cross-functional teams to identify and mitigate potential security risks. Professional & Technical Skills: Proficient in Information Security, Cyber Security and Governance, Risk, and Compliance (GRC). Has significant exposure to evolving landscape of security compliance requirements Lead and manage security compliance initiatives across the organization. Manage/ Conduct gap assessments and implement controls in alignment with compliance standards (e.g., ISO 27001, PCIDSS, NIST, SOC 2, GDPR and other relevant frameworks). Coordinate and support internal and external security audits, including evidence collection and remediation planning. Partner with business, IT, and legal teams to ensure compliance requirements are understood and implemented. Develop and maintain security policies, procedures, and documentation in line with regulatory needs. Monitor compliance status and prepare reports and metrics for leadership. Educate teams on compliance requirements and drive a culture of security awareness. Relevant certifications : ISO27001LA/LI, ISO3100 or CISA, CISM, CRISC, or equivalent. Additional Information: - The candidate should have 8-10 years of relevant experience in Information Security Governance, Risk and Compliance (GRC). - This position is based at our Gurugram office. - A 15 years full time education is required. 15 years full time education

🔐 We're Hiring: Cyber Security Expert (4–5 Years Experience) 📍 Location : CS Soft Solutions Pvt. Ltd., I-18, Sector 101, IT City Rd, JLPL Industrial Area, Sahibzada Ajit Singh Nagar, Punjab – 160062 📧 Email: shivani-kanwar@cssoftsolutions.com At CS Soft Solutions, we're not just about building digital products—we’re about building trust in every digital interaction. We're expanding our cybersecurity division and are on the lookout for a Cyber Security Expert who’s ready to take ownership, drive strategic initiatives, and protect our clients across industries. 🚀 Key Responsibilities : Act as a trusted advisor to clients, assessing posture & identifying risks Conduct vulnerability assessments, penetration tests & risk analyses Design and implement tailored cybersecurity policies & frameworks Respond to incidents & coordinate response with internal and client teams Ensure compliance (GDPR, HIPAA, ISO 27001, NIST, SOC 2) Lead client workshops, trainings, and briefings Collaborate with DevOps, IT, and Engineering for secure solution design Engage directly with CXOs to understand needs & propose solutions Drive proposal creation, pre-sales, and client success Mentor and lead junior cybersecurity professionals ✅ Required Qualifications : Bachelor’s/Master’s in Cybersecurity, InfoSec, or related field 5+ years hands-on cybersecurity experience Expertise in threat detection, incident response, and network security Hands-on with SIEMs (Splunk, QRadar), Nessus, Qualys, Metasploit, etc. Cloud security exposure (AWS, Azure, GCP) Knowledge of compliance & frameworks (ISO 27001, NIST, SOC 2) Industry exposure: IT, BFSI, Healthcare, Manufacturing Certifications Preferred: CEH, CISSP, OSCP, CISM, ISO 27001 LA/LI 💡 Nice to Have : MSSP or cybersecurity consulting experience DevSecOps and secure SDLC familiarity Forensics or threat hunting background 🧠 Key Traits : Strategic mindset with strong business acumen Excellent communication & client-handling skills Ownership-driven, independent, and team-oriented 📩 If you're passionate about securing digital transformation journeys and thrive in a dynamic, high-growth environment—CS Soft wants you on board! #CyberSecurityJobs #HiringNow #CSSoftSolutions #InformationSecurity #CybersecurityExpert #MSSP #ISO27001 #SIEM #DevSecOps #CloudSecurity #CISSP #OSCP #JoinOurTeam

Required minimum 7 years of experience in system administration. Manage and maintain on-premise and cloud-based servers (Linux/Windows) Administer user accounts, access control, and Active Directory policies Manage virtual infrastructure (VMware, Hyper-V, AWS/GCP/Azure) Monitor system performance and resolve hardware/software issues Ensure availability and reliability of critical business systems Configure and maintain firewalls, routers, VPNs, switches (Fortinet, Cisco, Ubiquiti, etc.) Monitor and respond to intrusion detection/prevention systems (IDS/IPS) Implement and manage endpoint protection and antivirus solutions Conduct vulnerability assessments and remediation Manage secure email gateways, spam filtering, and DLP policies Strong knowledge of HIPAA security rules Responsible for enforcing HIPAA administrative, physical, and technical safeguards Maintain documentation of compliance controls and risk assessments Oversee data encryption, audit logs, access controls, and PHI handling Train staff on HIPAA security awareness and handle incident reporting Lead annual HIPAA security risk assessments and audits Develop and enforce IT and security policies, including data retention, access control, and BYOD Maintain audit trails for compliance purposes Coordinate third-party vendor risk assessments and compliance reviews Familiar with NIST, ISO 27001, and general IT compliance frameworks Ability to communicate clearly with technical and non-technical teams Good to have : Certified HIPAA Professional (CHP) Job Type: Full-time Pay: ₹500,000.00 - ₹800,000.00 per year Benefits: Health insurance Schedule: Day shift Ability to commute/relocate: Ahmedabad, Gujarat: Reliably commute or planning to relocate before starting work (Required)

About the Team At Navi, the InfoSec team safeguards our digital ecosystem - ensuring the confidentiality, integrity, and availability of critical systems and data. We lead the charge on cyber risk management, regulatory compliance, and data protection, while championing a security-first culture across all teams. Our mission: Protect what powers Navi - securely, compliantly, and confidently. About the Role Navi is looking for an Associate Manager II – Information Security to pilot key aspects of its group-wide information security and regulatory compliance program. This role involves interpreting and implementing information security and technology risks mandates from regulators such as RBI, IRDAI, SEBI, and NPCI, ensuring continuous tech compliance across all business units. You will collaborate closely with engineering, infrastructure, legal, and IT teams to establish and maintain robust security policies, frameworks, and controls. Additionally, the role includes conducting risk assessments, enabling audit readiness, managing third-party/vendor security audits, and driving awareness initiatives across the organization, while also representing Navi in internal and external forums when needed. What We Expect From You As Navi operates in the regulatory space, this role requires interpreting and helping implement regulations related to cyber security by Reserve Bank of India (RBI), IRDAI and SEBI, as well as any other applicable regulatory guidance related to the service offerings issued by relevant institutions. Further to the point above, ensure on-going monitoring and tech-compliance with existing regulatory expectations across these dimensions Lead the Information security - GRC practice for Navi group level. Ensuring that information security principles, policies, frameworks, standards and controls are defined, implemented and managed effectively. Partner and collaborate extensively with cross-functional teams, such as Engineering, Infrastructure, IT, Legal, and help minimize information security risks Architect and deliberate on the solutions that are compliant with relevant regulatory cybersecurity requirements Conduct and review results of Technology Risk Assessment, recommending mitigation strategies to bring the Risk to appropriate levels Nav is looking for a Senior Manager Information Security (GRC) to be part of the information security Ensure readiness of the organization for internal and external audits by keeping all documents, evidences, ready If required, represent Navi in Board and Board Committee meetings, as well as in discussions with regulators Conduct Security awareness programs, train personnel on data security & privacy related processes and responsibilities Review / conduct Third Party Risk Assessments & Vendor assessments before onboarding Review security solutions / controls implemented by Tech / Engineering teams, controls at data center, cyber / information security incidents, IT BCP and DR drills, cloud security controls Identify and define Security KPIs including weekly, monthly reports and update Security Dashboards Must Haves Minimum 7 + years of experience working in information security GRC Prior experience in the Fintech/Startup industry and knowledge of one of the regulatory compliances like PCI DSS, RBI Master Directives, IRDA, SEBI cyber security guideline is preferred. Hands-on approach in solving complex security problems Experience with Information Security & Risk Management frameworks like ISO27001, NIST SP 800-37, etc Cyber Kill Chain, MITRE ATT&CK, or other relevant frameworks Working knowledge of Cloud environments like AWS, GCP, Oracle cloud is beneficial Exposure to Agile methodologies, DevOps, Cloud technologies is beneficial Soft Skills Ability to multitask and meet deadlines, and to prioritize in a highly dynamic work environment Ability to balance risk, potential impact, resourcing, business drivers, and timelines Excellent verbal and written communication skills Strong Product Thinking Strong problem solving Business acumen Technology grounding Strategic thinking Strong written and verbal communication skills with a talent for articulating. Inside Navi We are shaping the future of financial services for a billion Indians through products that are simple, accessible, and affordable. From Personal & Home Loans to UPI, Insurance, Mutual Funds, and Gold - we’re building tech-first solutions that work at scale, with a strong customer-first approach. Founded by Sachin Bansal & Ankit Agarwal in 2018, we are one of India’s fastest-growing financial services organisations. But we’re just getting started! Our Culture The Navi DNA Ambition. Perseverance. Self-awareness. Ownership. Integrity. We’re looking for people who dream big when it comes to innovation. At Navi, you’ll be empowered with the right mechanisms to work in a dynamic team that builds and improves innovative solutions. If you’re driven to deliver real value to customers, no matter the challenge, this is the place for you. We chase excellence by uplifting each other and that starts with every one of us. Why You'll Thrive at Navi At Navi, it’s about how you think, build, and grow. You’ll thrive here if: You’re impact-driven : You take ownership, build boldly, and care about making a real difference. You strive for excellence : Good isn’t good enough. You bring focus, precision, and a passion for quality. You embrace change : You adapt quickly, move fast, and always put the customer first.

Overview Exp. - 3-6 Years Location - Hyderabad Shift - 11 AM - 8 PM Skills - Exp. in Vulnerability mgt., vulnerability scanning tools such as Qualys, Tenable, or Rapid7, Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). About Omnicom Global Solutions Omnicom Global Solutions is an integral part of Omnicom Group, a leading global marketing and corporate communications company. Omnicom’s branded networks and numerous specialty firms provide advertising, strategic media planning and buying, digital and interactive marketing, direct and promotional marketing, public relations, and other specialty communications services to over 5,000 clients in more than 70 countries. OGS India plays a critical role for our group companies and global agencies by providing stellar products, solutions, and services across Creative Services, Technology, Marketing Science (Data & Analytics), Advanced Analytics, Market Research, Business Support Services, Media Services, and Project Management. With over 4000 talented colleagues in India, we are growing rapidly and are looking for professionals like you to help build the next chapter of our journey. Responsibilities Role Overview We have an exciting opportunity for an Analyst, Vulnerability Management at our Hyderabad office. This role is central to maintaining and enhancing Omnicom’s cybersecurity framework by overseeing vulnerability assessments, remediation guidance, and program governance. As a Vulnerability Management Specialist, you will drive day-to-day scanning operations, review security exposures, and ensure that the organization’s attack surface is minimized through proactive analysis and mitigation. You’ll also collaborate on vendor assessments and support strategic improvements to our enterprise vulnerability management program. Key Responsibilities Maintain and operate vulnerability scanning tools and associated processes. Conduct regular scans and assessments of enterprise environments to detect security vulnerabilities. Review findings, prioritize risks, and recommend remediations or security patches in coordination with IT and security teams. Develop and present exception and management reports; track remediation status and escalate unresolved risks. Assist in creating and maintaining quality metrics and dashboards for vulnerability program performance. Monitor vendor and third-party security postures; support governance and compliance protocols. Collaborate with cross-functional teams to support risk mitigation strategies and secure configuration management. Contribute to the evolution of Omnicom’s next-generation vulnerability management and threat detection frameworks. Qualifications Required Qualifications 3-5 years of experience in vulnerability management, information security, or a related discipline. Proficiency with vulnerability scanning tools such as Qualys, Tenable, or Rapid7. Familiarity with patch management workflows and remediation lifecycle practices. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Ability to analyse technical findings, assess business impact, and provide actionable remediation guidance. Effective communication skills with experience in stakeholder engagement and reporting. Detail-oriented with strong problem-solving skills and the ability to work independently or in a team setting. Preferred Qualifications Security certifications such as CompTIA Security+, CEH, or equivalent. Exposure to vendor risk management and third-party security assessment. Experience with ITSM tools and ticketing systems for remediation tracking

What is the Security Operations responsible for? Security Operations is responsible for continuous monitoring and improving organizations security posture while preventing, detecting, analyzing, and responding to Cyber Security incidents with the aid of both technology and well-defined processes and procedures. Security Operations is expected to possess extensive knowledge of incident response methodologies, a deep understanding of cybersecurity threats, and hands-on experience in managing and mitigating security incidents. What are the ongoing responsibilities of Analyst Security Operations? Lead and coordinate incident response activities, ensuring timely and effective resolution. Develop and maintain incident response playbooks and procedures. Perform threat hunting using SIEM, EDR, and threat intelligence. Conduct digital forensics and malware analysis to determine the scope and impact of incidents. Collaborate with IT, legal, and business teams to contain and remediate threats. Stay current with emerging threats, vulnerabilities, and security trends. Mentor and guide junior SOC analysts. Required Qualifications: Experience:6-8 years in cybersecurity, with a focus on SOC operations and incident response. Environment:Experience in a 24x7 operational environment, preferably across multiple geographies. Technical Skills: Good understanding of networking protocols, operating systems (Windows/Linux), and security technologies. Exposure to malware analysis and digital forensics. Familiarity with cybersecurity frameworks (e.g., NIST, MITRE ATT&CK, ISO 27001). Hands-on experience with tools such as: SIEM:Splunk, CrowdStrike, QRadar EDR:CrowdStrike, Carbon Black, SentinelOne SOAR:Palo Alto XSOAR, Splunk SOAR Forensics:FTK Imager, Autopsy, Wireshark, Procmon Preferred Certifications: GIAC Certified Incident Handler (GCIH) GIAC Certified Forensic Analyst (GCFA) Certified Ethical Hacker (CEH) Soft Skills & Attributes: Strong analytical and problem-solving mindset. Excellent communication and collaboration skills. Ability to work under pressure and manage multiple priorities. High integrity and a proactive, team-oriented attitude. Strategic and tactical thinking with attention to detail. Work Shift Timings - 6:00 AM 3:00 PM 2:00 PM - 11:00 PM IST

Job Title: GRC Consultant (Governance, Risk, Compliance, ISO 27001) Location: Mumbai Job Type: Full-time Experience : 2-3 years Introduction: We are looking for a detail-oriented and proactive GRC Consultant to join our team. The ideal candidate will have strong expertise in ISO 27001 , information security policy creation , and implementation of Governance, Risk, and Compliance frameworks . This role will be instrumental in developing and maintaining an organization-wide ISMS, ensuring regulatory compliance, managing audits, and strengthening risk and policy governance. ISO 27001 Audits & ISMS Implementation: Lead internal audits and gap assessments for ISO 27001 compliance. Assist in planning, implementing, maintaining, and improving the Information Security Management System (ISMS) as per ISO 27001 standards. Maintain and update the Statement of Applicability (SoA) and Risk Treatment Plans. Identify non-conformities and drive corrective/preventive actions. Coordinate external ISO 27001 surveillance and certification audits. 📝 Policy Development & Documentation: Create, review, and update policies and procedures to meet GRC and ISO 27001 standards. Ensure documentation reflects current compliance requirements and emerging risks. Map controls to policies and ensure alignment with audit and regulatory expectations. ⚖️ GRC Framework Implementation & Management: Design and implement GRC frameworks aligned with international standards and regulatory requirements. Collaborate with senior leadership to define key risk indicators (KRIs), controls, and governance procedures. Maintain GRC registers, including asset inventory, risk register, and control mapping. ⚠️ Risk Management: Conduct information security risk assessments using structured methodologies. Evaluate and prioritize risks based on likelihood and impact. Develop risk mitigation strategies and assist with control implementation and monitoring. 📊 Audit & Compliance Reporting: Prepare comprehensive audit reports highlighting compliance status, gaps, and risk exposure. Track implementation of corrective actions post-audit and maintain audit trails. Assist in the preparation of audit plans, checklists, and evidence collection processes. 👥 Stakeholder Engagement & Training: Collaborate with business functions, IT, external auditors, and vendors to ensure audit readiness and policy compliance. Conduct awareness programs and training sessions on ISO 27001, information security best practices, and GRC responsibilities. Promote a culture of compliance and continuous improvement across departments. 🔄 Continuous Monitoring & Improvement: Stay updated with changes in ISO standards, cybersecurity threats, and regulatory requirements. Recommend and implement improvements in policies, controls, and audit processes to maintain an effective GRC posture. Key Skills & Qualifications: 🎓 Experience: 2–3 years in GRC, ISO 27001 implementation/audits, policy management, and ISMS operations. 🧠 Knowledge: In-depth understanding of ISO 27001, NIST, GDPR, and other information security and privacy standards. Strong grasp of risk management frameworks and internal control systems. Familiarity with GRC tools (e.g., RSA Archer, MetricStream) is an advantage. 🛠 Skills: Expert in writing and implementing security policies and procedures. Strong auditing, documentation, and risk assessment capabilities. Excellent analytical, communication, and project coordination skills. 📜 Certifications: ISO 27001 Lead Auditor or Lead Implementer certification (preferred). Additional certifications such as CISA, CISM, CISSP, or GRCP are a plus. 💼 Soft Skills: Self-motivated and accountable. Strong attention to detail and organizational skills. Ability to work cross-functionally and manage multiple priorities. Why Join Us? ✔️ Competitive compensation package. ✔️ Opportunity to lead ISO 27001 projects and policy frameworks ✔️ Growth in the high-demand area of Governance and Information Security ✔️ Collaborative work culture focused on compliance, innovation, and security excellence. How to Apply: Interested candidates are encouraged to submit their resume and cover letter outlining their relevant experience and qualifications to: hr@synradar.com.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Data Loss Prevention (DLP) Good to have skills : NA Minimum 3 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and overseeing the transition to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. Roles & Responsibilities: - Expected to perform independently and become an SME. - Required active participation/contribution in team discussions. - Contribute in providing solutions to work related problems. - Engage in continuous learning to stay updated with the latest security trends and technologies. - Assist in the development of security policies and procedures to enhance the overall security posture. Professional & Technical Skills: - Must To Have Skills: Proficiency in Data Loss Prevention (DLP). - Strong understanding of cloud security principles and practices. - Experience with security frameworks such as NIST, ISO 27001, or CIS. - Familiarity with risk assessment methodologies and tools. - Knowledge of incident response and management processes. Additional Information: - The candidate should have minimum 3 years of experience in Data Loss Prevention (DLP). - This position is based at our Chennai office. - A 15 years full time education is required.

Project Role : Security Advisor Project Role Description : Provide enterprise-level advice to make organizations cyber resilient. Assist in navigating the complex landscape of cyber threats, ensuring robust digital asset protection while maintaining trust with stakeholders. Must have skills : Network Security Operations Good to have skills : NA Minimum 12 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: We are seeking an experienced and proactive Infrastructure Security Manager to lead and manage the security of our IT infrastructure. This role is responsible for monitoring and managing security services delivery and maintaining security controls to protect the organization’s networks, systems, and data from internal and external threats. Roles & Responsibilities: - Develop and implement infrastructure security strategies, policies, and procedures. - Lead the design and enforcement of security controls across on-premises and cloud environments. - Manage firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and endpoint protection. - Conduct regular vulnerability assessments, penetration tests, and risk assessments. - Monitor security alerts and respond to incidents, coordinating with SOC and IT teams. - Ensure compliance with relevant regulations and standards (e.g., ISO 27001, NIST, GDPR). - Collaborate with IT, DevOps, and application teams to embed security into infrastructure projects. - Oversee third-party security assessments and vendor risk management. - Prepare and present security reports and metrics to senior leadership. - Lead and mentor a team of security engineers and analysts. - Experience in IT security, with managerial role. Professional & Technical Skills: - Must To Have Skills: Proficiency in Network Security Operations. - Strong understanding of risk assessment methodologies and frameworks. - Strong knowledge of network security, cloud security (AWS, Azure, GCP), and endpoint protection. - Experience with SIEM, firewalls, IDS/IPS, DLP, Application Security, OT/IoT Security and vulnerability management tools. - Familiarity with compliance frameworks (ISO 27001, NIST, CIS, PCI-DSS). - Excellent leadership, communication, and project management skills. - Relevant certifications such as CISSP, CISM, CCSP, or equivalent. Additional Information: - The candidate should have minimum 12 years of experience in Network Security Operations. - This position is based at our Chennai office. - A 15 years full time education is required.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Architecture Design Good to have skills : NA Minimum 7.5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. You will engage in discussions to refine security strategies and provide guidance on implementing effective security measures across the organization. Roles & Responsibilities: - Expected to be an SME. - Collaborate and manage the team to perform. - Responsible for team decisions. - Engage with multiple teams and contribute on key decisions. - Provide solutions to problems for their immediate team and across multiple teams. - Facilitate training sessions to enhance team knowledge on security practices. - Evaluate emerging security technologies and recommend improvements to existing frameworks. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Architecture Design. - Strong understanding of cloud security principles and frameworks. - Experience with risk assessment and management methodologies. - Knowledge of compliance standards such as ISO 27001, NIST, and GDPR. - Familiarity with security tools and technologies for threat detection and response. Additional Information: - The candidate should have minimum 7.5 years of experience in Security Architecture Design. - This position is based in Chennai. - A 15 years full time education is required.

Key Responsibilities Incident Response and Management: Lead the incident response process, including identification, containment, eradication, and recovery. Analyze and respond to complex security incidents and breaches. Conduct post-incident analysis and develop reports with recommendations to prevent future incidents. Security Monitoring and Analysis: Oversee the continuous monitoring of security alerts and events. Analyze logs and data from various sources (e.g., SIEM, firewalls, EDR, IDS/IPS) to identify suspicious activity. Perform advanced threat hunting and forensic analysis. Vulnerability Management: Conduct regular vulnerability assessments. Identify, prioritize, and remediate security vulnerabilities in systems and applications. Collaborate with IT and development teams to implement security patches and updates. Security Architecture and Engineering: Design and implement security solutions to protect the organization's networks, systems, and data. Develop and maintain security policies, standards, and procedures. Evaluate and recommend new security technologies and tools. Compliance and Risk Management: Ensure compliance with relevant regulatory requirements and industry standards (e.g., ISO 27001, NIST). Perform risk assessments and develop mitigation strategies. Document and maintain security controls and frameworks.Required Skills and Qualifications Technical Expertise: Advanced knowledge of cybersecurity principles, techniques, and technologies. Proficiency in using security tools such as SIEM, IDS/IPS, firewalls, and endpoint protection solutions. Experience with vulnerability management, penetration testing, and forensic analysis. Experience: Minimum of 7-10 years of experience in cybersecurity, with at least 2-3 years in an L3 or senior role. Proven track record of handling complex security incidents and leading incident response efforts. Experience in designing and implementing security architectures and solutions. Certifications: Relevant certifications such as CISSP, CISM, CEH, GIAC, or equivalent are highly desirable. Analytical and Problem-Solving Skills: Strong analytical skills with the ability to identify and mitigate security threats. Excellent problem-solving skills and the ability to think critically under pressure. Communication and Collaboration: Strong communication skills, both written and verbal. Ability to collaborate effectively with cross-functional teams and stakeholders.Preferred Skills and Qualifications Experience with cloud security (e.g., AWS, Azure, Google Cloud). Knowledge of scripting and automation tools (e.g., Python, PowerShell). Familiarity with regulatory requirements and standards (e.g., GDPR, HIPAA).

Inside Sales Representative (ISR) – Compliance & Cybersecurity Location: Mumbai Job Summary As an Inside Sales Representative (ISR) at CyberSigma, your role will be to drive revenue growth by proactively engaging with leads and prospects in regulated industries such as fintech, healthcare, SaaS, and e-commerce. You'll focus on identifying customer needs, promoting our cybersecurity and compliance services, and closing deals through strategic outreach. You will work closely with Regional Sales Managers, Solution Architects, and the Marketing team to convert inbound interest into long-term clients and expand the reach of CyberSigma's compliance and security offerings. Key Responsibilities Conduct high-volume outbound calling, email campaigns, and virtual meetings to generate qualified leads. Drive the sales process for cybersecurity compliance services including PCI DSS, ISO 27001, SOC 2, GDPR, HIPAA, DPDPA, and VAPT audits and consulting. Qualify prospects through discovery calls and needs assessments. Schedule demos and consultations for senior sales or technical consultants. Follow up on marketing-generated leads and events/webinars. Support proposal creation and respond to client RFPs or RFIs. Coordinate with Regional Sales Managers on territory strategy and account penetration plans. Achieve and exceed monthly and quarterly sales targets. Compliance standards : PCI DSS, ISO 27001/27701, SOC 1 & SOC 2, HIPAA, GDPR, DPDPA, NIST, etc. Security Testing : VAPT (Web, Mobile, Infra), Red Team exercises. Managed Services : GRC automation tools, MDR, SIEM/SOC offerings. Qualifications & Skills 2–5 years of B2B inside sales or lead generation experience (cybersecurity or compliance domain preferred). Strong understanding of cybersecurity frameworks, risk management, and regulatory compliance services is a major plus . Demonstrated ability to manage full sales cycle or handoff after qualification. Excellent written, verbal, and interpersonal communication skills. Strong organizational skills with attention to detail and follow-through. A self-starter with a results-driven approach and the ability to work independently. Bachelor’s degree preferred (in Business, Marketing, Information Security, or related fields).

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title And Summary Senior Cybersecurity Risk Analyst Overview Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships, and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all. Mission First, People Always Corporate Security is responsible for keeping Mastercard safe and secure from cyber and physical threats. We are a highly effective team protecting a major component of global payments infrastructure. Our Security Risk and Control Operations team is at the forefront of this effort in the “1st Line of Defense,” coordinating efforts across Corporate Security, enterprise risk management, and market-facing technology owners to assess risks, implement controls to mitigate them, and provide assurance to regulators and stakeholders that Mastercard is best-in-class in information security. We are seeking a Senior Cybersecurity Risk Analyst to play a central role in identifying, managing, and monitoring risks. As a member of the Security Risk and Control Operations team, you will apply your practical knowledge of technical controls and leverage different risk methodologies to deliver assessments that inform high-level information security risk management decisions within the Company. In This Position, You Will: Perform risk assessments using both qualitative and quantitative methodologies in support of Information Security Management System (ISMS) and other regulatory requirements Assess the impact of compensating controls and mitigation actions on risk likelihood and magnitude Engage with technology owners, control owners, risk owners, and senior management to assist in managing risks Prioritize risks and identify risks requiring escalation to senior management Develop and deliver executive-level updates on the status of security risks Compose responses to regulators and auditors on queries regarding security risks Maintain documentation of risk management and analysis procedures for Corporate Security The Ideal Candidate For This Position Should Be: Literate in standard cyber security and risk management frameworks such as National Institute of Standards and Technology Cyber Security Framework (NIST CSF) Familiar with risk management methodologies including Factor Analysis of Information Risk (FAIR) and tools utilized to perform FAIR risk assessments (e.g. Ostrich) Adept at recognizing control shortfalls with the most significant risk implications for the business Familiar with RSA Archer or similar governance, risk, and compliance (GRC) tools Effective at working with and communicating to a wide range of stakeholders across technology and business functions, including senior executives, product owners, and information security engineers Knowledgeable of technology systems and platform functions Willing to learn new technical skills Able to influence and drive results cross-functionally This Position Aligns With National Initiative For Cybersecurity Education (NICE) Competency Proficiency Levels Of Advanced To Expert In The Following Areas: Data Management Policy Management Legal, Government, and Jurisprudence Risk Management This Mastercard role shares Knowledge, Skills, and Abilities (KSAs) with the following related NICE work roles: Security Control Assessor Corporate Security Responsibility Every Person Working For, Or On Behalf Of, Mastercard Is Responsible For Information Security. All Activities Involving Access To Mastercard Assets, Information, And Networks Comes With An Inherent Risk To The Organization And Therefore, It Is Expected That The Successful Candidate For This Position Must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines. Corporate Security Responsibility All Activities Involving Access To Mastercard Assets, Information, And Networks Comes With An Inherent Risk To The Organization And, Therefore, It Is Expected That Every Person Working For, Or On Behalf Of, Mastercard Is Responsible For Information Security And Must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Job Title-Senior Manager – Cybersecurity (CISSP, GRC & Risk Assessment) Experience-8-10Years. Location-Pune. Key Responsibilities: Lead the development and execution of the organization’s Cybersecurity GRC framework. Conduct comprehensive cyber risk assessments, threat modeling, and impact analyses for critical systems and processes. Define and maintain security policies, standards, and procedures aligned with industry best practices and regulatory requirements (ISO 27001, NIST, GDPR, HIPAA, etc.). Manage internal and external cybersecurity audits and ensure closure of findings and action items. Work closely with business and IT stakeholders to drive cyber risk mitigation plans and ensure alignment with risk appetite. Develop executive-level reports, dashboards, and KPIs on cyber risk posture and GRC performance. Oversee vendor risk assessments and third-party cybersecurity due diligence. Provide guidance on compliance with data privacy, regulatory, and legal obligations. Ensure incident response readiness and participate in tabletop exercises and investigations. Support training and awareness programs across the enterprise to strengthen the cyber risk culture. Required Skills & Qualifications: 8+ years of experience in Cybersecurity, with at least 4 years in GRC or Risk Management leadership roles. CISSP certification is mandatory; additional certifications like CISA, CISM, CRISC, ISO 27001 LA are a plus. Strong understanding of cybersecurity principles, frameworks, and standards (NIST CSF, ISO 27001, COBIT, PCI-DSS, etc.). Deep expertise in risk assessment methodologies (OCTAVE, FAIR, etc.). Experience with GRC platforms like RSA Archer, ServiceNow GRC, MetricStream, etc. Familiarity with data protection regulations (GDPR, HIPAA, SOX, etc.). Strong analytical, leadership, and communication skills to engage with executive stakeholders.

Job Description: AML RightSource is a leading provider of anti-money laundering (AML) and financial crimes compliance solutions. Our team of experts provides our clients with the highest quality of service, while ensuring compliance with regulatory requirements. We are currently seeking a Senior SOC Analyst to join our team. Responsibilities: Monitor and analyze security events from multiple sources, including security information and event management (SIEM) systems, network and host-based intrusion detection/prevention systems, and other security technologies. Conduct investigations into security incidents, analyze evidence, and report findings to management. Provide technical guidance and support to junior SOC analysts. Develop and maintain standard operating procedures for the SOC. Participate in security assessments and penetration testing activities. Conduct threat hunting activities to identify and respond to advanced persistent threats (APTs). Participate in incident response activities and coordinate with other teams to contain and remediate security incidents. Maintain awareness of new and emerging security threats, vulnerabilities, and mitigation techniques. Collaborate with other teams, including the IT team, to ensure the security of the organization's infrastructure and systems. Provide regular reports to management on the SOC's performance and effectiveness. Requirements: Bachelor's degree in Computer Science, Information Systems, or related field. Minimum of 2.5 years of experience in a SOC or security operations role. Strong knowledge of security technologies, including SIEM systems, intrusion detection/prevention systems, and other security tools. Familiarity with security standards and frameworks, such as NIST, ISO, and SOC 2. Experience with security incident response, including investigation, containment, and remediation. Excellent analytical and problem-solving skills. Ability to work well in a team environment. Strong verbal and written communication skills. Relevant security certifications, such as CISSP, CISM, or GSEC, are highly desirable. AML RightSource is committed to fostering a diverse work environment and is proud to be an equal opportunity employer. We provide equal employment opportunities to all qualified applicants without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

As a part of Cisco's Security team, you will play a crucial role in helping businesses maintain cyber resiliency in the face of rapidly evolving digital threats. Your efforts will contribute to preparing for, responding to, and recovering from cyber incidents, ultimately ensuring business acceleration for organizations. By providing guidance, utilizing cutting-edge tools, and offering trusted services, you will assist businesses in achieving cyber resiliency and safeguarding their operations. At Cisco, we are dedicated to developing a comprehensive security portfolio that caters to organizations of all sizes amidst an expanding and sophisticated threat landscape. Through investments in artificial intelligence (AI) and a range of security offerings, we aim to ensure end-to-end security for everything connected to an organization, from applications and services to end users. By leveraging AI and machine learning advancements, we empower security teams with simplified operations and heightened effectiveness. Our innovative solutions such as Cisco XDR and the security service edge (SSE) aim to enhance security operations and provide frictionless access across diverse locations and devices, ultimately benefiting both users and IT professionals. In your role, you will have a significant impact by engaging with customer executives to build deep relationships and establish yourself as a trusted advisor. By identifying customer business issues and challenges, you will communicate solutions in a thought-provoking and insightful manner. Your responsibilities will include presenting comprehensive business cases aligned with customers" strategies, calculating return on investment, negotiating agreements, and capturing market and industry insights. To excel in this role, you are required to have 8-12 years of experience in techno-commercial roles within the cybersecurity domain, knowledge of new technologies, and at least 3 years of experience in selling SaaS and subscription delivery models. Your track record should demonstrate success in achieving sales quotas, strong hunting skills, and the ability to communicate technical propositions at an executive level. Additionally, industry certifications like CISSP, CSSP, CEH, or a Bachelor's Degree in Cybersecurity are preferred, along with a good understanding of NIST guidelines, MITRE ATT&CK framework, and Cisco Security products. Joining Cisco means becoming a part of a diverse and inclusive environment where individual skills and perspectives are celebrated. We prioritize learning and development at every stage of your career, offering opportunities for growth and advancement. Our commitment to inclusion is reflected in our employee resource organizations and volunteer programs, allowing Cisconians to make a positive impact in their communities. By working with us, you will contribute to shaping a more inclusive future for all while embracing your unique talents and potential. Cisco offers a comprehensive benefits package for employees in the U.S. and Canada, including medical, dental, and vision insurance, a 401(k) plan with a matching contribution, disability coverage, life insurance, and wellbeing offerings. Your performance and achievements will be rewarded with a competitive incentive structure that recognizes and values your contributions to the organization's success.,

Required minimum 7 years of experience in system administration. Manage and maintain on-premise and cloud-based servers (Linux/Windows) Administer user accounts, access control, and Active Directory policies Manage virtual infrastructure (VMware, Hyper-V, AWS/GCP/Azure) Monitor system performance and resolve hardware/software issues Ensure availability and reliability of critical business systems Configure and maintain firewalls, routers, VPNs, switches (Fortinet, Cisco, Ubiquiti, etc.) Monitor and respond to intrusion detection/prevention systems (IDS/IPS) Implement and manage endpoint protection and antivirus solutions Conduct vulnerability assessments and remediation Manage secure email gateways, spam filtering, and DLP policies Strong knowledge of HIPAA security rules Responsible for enforcing HIPAA administrative, physical, and technical safeguards Maintain documentation of compliance controls and risk assessments Oversee data encryption, audit logs, access controls, and PHI handling Train staff on HIPAA security awareness and handle incident reporting Lead annual HIPAA security risk assessments and audits Develop and enforce IT and security policies, including data retention, access control, and BYOD Maintain audit trails for compliance purposes Coordinate third-party vendor risk assessments and compliance reviews Familiar with NIST, ISO 27001, and general IT compliance frameworks Ability to communicate clearly with technical and non-technical teams Good to have : Certified HIPAA Professional (CHP) Job Type: Full-time Pay: ₹500,000.00 - ₹800,000.00 per year Benefits: Health insurance Schedule: Day shift Ability to commute/relocate: Ahmedabad, Gujarat: Reliably commute or planning to relocate before starting work (Required)

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. Primary Responsibilities Perform audits to identify control gaps and implement corrective action plans Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Monitor compliance with corrective action plans, and address non-compliance issues appropriately Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools) Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards Facilitate/lead security incident investigation Analyze business requirements and ensure that solutions meet established security policies and controls Maintain metrics and ensure reporting as appropriate Maintain current knowledge on information security topics and their applicability program requirements Communicate professionally with stakeholders/end users through multiple communication Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Bachelor's degree or higher level of education 6+ years of Information security experience Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Demonstrated auditing skills and the ability to manage risk assessments / projects independently Demonstrated excellent communication skills both verbal and written Demonstrated good presentation skills particularly ability to present technology elements in manner personnel can follow and act Preferred Qualification CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. #njp

Job Description About Us Tsaaro’s prime focus is on Data Privacy and Security. Our team of specialist data privacy consultants, information security consultants, and penetration testers help and advise our clients to make running a secure business easier, with high efficiency. Everything we do is tailored to the individual organizational requirements, aligned with their budget and resource challenges. We take a pragmatic, risk-based approach to provide our clients with real-world, workable advice, guidance, and support that helps them to deal with a wide range of security and privacy-related challenges. Responsibilities As a Senior Data Protection Consultant, you will be entrusted with the following key responsibilities: Design and implement data protection and privacy programs that cater to our clients' specific business needs, ensuring their sensitive information is well safeguarded. Evaluate and assess our clients' data protection and privacy practices, offering valuable insights and actionable recommendations for continual improvement. Demonstrate expertise in various standards, such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, ISO 27701, etc., to assist clients in compliance and governance. Provide guidance and support to clients in adhering to a complex web of national and international laws and regulations, including the EU General Data Protection Regulation (GDPR) and other privacy laws. Assist in preparing policies, reports, and schedules for clients and relevant stakeholders, ensuring clear communication and alignment with industry best practices. Conduct thorough audits of Privacy controls to monitor program effectiveness and compliance, ensuring data protection is at its optimal level. Utilize online tools to facilitate Incident Management and Data Subject Rights processes, ensuring efficient and timely responses to potential data incidents. Foster and maintain productive working relationships with client personnel, promoting effective collaboration and understanding of their specific needs. Demonstrate a strong commitment to adhering to workplace policies and procedures, maintaining the highest standards of professionalism and confidentiality. Contribute to cybersecurity engagements, developing cybersecurity strategies, governance, risk, and compliance activities, and cybersecurity policies in line with ISO 27001 and ISO 27701. Perform Gap Assessments, Risk Assessments, ISMS Documentation, Internal Audits, and support during Certification Audits to strengthen overall security frameworks. Requirements To be considered for this role, the candidate must meet the following requirements: Possess a sound knowledge of fundamentals of information security systems. Have 4+ years of relevant experience in the field. Demonstrate proficiency in standards such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, ISO 27701, etc. Exhibit a good understanding of GDPR, CCPA, or other privacy laws. Display competence in governance and reporting, as well as a strong grasp of cyber and privacy risks. Hold relevant qualifications such as CIPM, CIPT, CIPP/E. Showcase excellent communication skills, both written and verbal. Benefits Competitive salary and performance-based bonuses. Professional development opportunities, including training and certifications. Flexible working hours. Collaborative and inclusive work environment. Opportunity to work with a passionate team dedicated to making a difference in data privacy and security. Join and hustle with the India's fastest privacy and information security consulting company. check(event) ; career-website-detail-template-2 => apply(record.id,meta)" mousedown="lyte-button => check(event)" final-style="background-color:#6875E2;border-color:#6875E2;color:white;" final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered="">

At EY, you have the opportunity to shape a career that reflects your uniqueness, supported by a global network, inclusive culture, and cutting-edge technology to help you reach your full potential. Your distinct voice and perspective are valued in contributing towards making EY even better. Join us in creating an extraordinary experience for yourself while striving towards a better working world for all. As a Technology Risk Manager at EY, you will play a pivotal role in IT Risk and Assurance client projects and internal initiatives. Building and maintaining relationships, identifying business opportunities, and proactively addressing risks are key aspects of your responsibilities within the EY- Technology Risk team. You will have the chance to lead as a Manager within the EY- Technology Risk Team, contributing to the growth of a new service offering and shaping the direction of the firm. Your primary duties include evaluating control portfolios, ensuring compliance with policies and standards, supervising control assessments, and providing valuable insights to clients for enhancing processes and managing risks effectively. Key Responsibilities: - Conduct assessments of control design, operating effectiveness, and risk management outcomes - Ensure accuracy, effectiveness, and timely delivery of assigned control assessments - Manage relationships with control owners and stakeholders, resolving issues and escalating when necessary - Apply risk management concepts to identify and formulate findings, offering insights for process improvement - Stay updated on regulatory standards, industry best practices, and control frameworks Skills and Attributes: - Ability to guide team members and perform procedures related to complex issues - Experience in information security assessments and audits - Proficiency in conducting NIST assessments, ISO assessments, and privacy impact audits - Strong project management skills and understanding of complex information systems - Extensive knowledge of clients" business/industry to identify technological impacts Qualifications: - Graduate (CS/ IT, Electronics, Electronics & Telecommunications)/MBA/M.Sc. with a minimum of 6 years of experience - Significant experience in technical knowledge relevant to IT assessments and audits Preferred Qualifications: - Familiarity with program and project management practices - Understanding of IT systems development life cycle EY offers a dynamic work environment where you can collaborate with talented individuals globally and engage with leading businesses across diverse industries. Your growth and development are prioritized, supported by coaching, feedback, and opportunities to enhance your skills and advance your career in a way that suits you best. Join EY in building a better working world through creating long-term value, fostering trust, and providing innovative solutions to complex global challenges.,

Bengaluru, Karnataka Hyderabad, Telangana Job ID 30187464 Job Category Digital Technology Job Description Job Description Role: Audit & Complaince Location: Bangalore Full/ Part time: Full time Build a career with confidence Carrier Global Corporation, global leader in intelligent climate and energy solutions is committed to creating solutions that matter for people and our planet for generations to come. From the beginning, we've led in inventing new technologies and entirely new industries. Today, we continue to lead because we have a world-class, diverse workforce that puts the customer at the center of everything we do About the role: We are seeking a highly skilled and experienced DT Compliance Lead to join our team, within Cyber Security function in Carrier, the ideal candidate will have a strong background in IT audits, compliance, and risk management. This is an individual contributor role that requires a proactive and detail-oriented professional to manage and support various compliance and audit activities. The individual will be responsible for governance and oversight of enterprise-wide SOX IT control program to mitigate the risk of material omissions, errors or weaknesses in our technology and security controls. The position requires a combination of strong program management and leadership skills, along with broad technical knowledge and subject-matter expertise in IT audits and compliance. This individual will be responsible for managing SOX compliance expectations with our key stakeholders including control owners, senior/executive management, and internal/external auditors. Key Responsibilities: Oversee program management for all activities including planning, scoping, audit fieldwork, issue identification, reporting, and remediation of issues. Develop an intimate understanding of Carrier’s business processes and the role of technology in meeting business objectives including key IT processes, automations, reports, data flows, and interfaces. Maintain SOX IT documentation, liaise with internal and external auditors, and provide guidance and support to technology control owners on control design, audit requirements, and issue remediation. Conduct internal audits to assess the effectiveness of internal controls and compliance with policies and regulations. Coordinate and support external audits, including providing necessary documentation and information. Evaluate IT control deficiencies for impact and perform root cause analysis to determine appropriate management actions. Monitor management’s remediation efforts to closure, including review of supporting evidence. Serve as subject matter expert and advise on the SOX compliance implications of technology related changes to the business such as new product lines, new system implementations etc. Develop a continuous monitoring program with an emphasis IT controls automation. Develop metrics, reporting and dashboards to track SOX IT control effectiveness and ensure process efficiency, and that risks are being appropriately tracked, communicated and managed. Continually identify opportunities to benchmark controls, automate control testing and streamline manual efforts to increase efficiency and reduce cycle times. Stay current on new technical literature applicable to the internal control process (e. g., PCAOB guidance, SEC, COSO, COBIT, etc.) and maintain awareness of emerging trends and best practices around technology and security controls. Successfully partner with and manage executive level stakeholders, PMOs & Working Groups with Domestic & International cross-functional teams. Create and deliver DT SOX Compliance training materials to key stakeholders. Provide guidance and support to other teams on compliance-related matters. Prepare and present reports on compliance activities and findings to senior management. Requirment Minimum 8-10 years of experience in IT audits, compliance, and risk management. Full-time Bachelor’s degree in IT, Computer Science or equivalent. Certifications such as CISA, CISM, or CISSP or similar professional certifications are highly desirable. Demonstrated success and understanding of accepted frameworks such as, ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework. Advanced knowledge of SOX IT requirements, COSO/CoBIT framework and PCAOB standards, and in-depth experience with testing general IT and application controls, segregation of duties (SoD) rules, reports and interfaces. ServiceNow GRC preferred. Excellent analytical and problem-solving skills. Excellent written and verbal communication skills, strong interpersonal skills and the ability to communicate technical concepts effectively across functions and all levels of management. Highly motivated self-starter with a meticulous attention to detail and bias to action, who is eager to put his/her stamp on our rapidly increasing compliance footprint. Ability to work independently and manage multiple priorities. Detail-oriented with a high level of accuracy., or accounting. Key Attributes: Forward-thinking mindset with strong digital acumen. Ability to collaborate across business, legal, and engineering functions. Strong sense of ethics, accountability, and customer trust. Excellent communication and stakeholder influence capabilities. Benefits We are committed to offering competitive benefits programs for all of our employees, and enhancing our programs when necessary. Make yourself a priority with flexible schedules, parental leave Drive forward your career through professional development opportunities Achieve your personal goals with our Employee Assistance Programme Our commitment to you Our greatest assets are the expertise, creativity and passion of our employees. We strive to provide a great place to work that attracts, develops and retains the best talent, promotes employee engagement, fosters teamwork and ultimately drives innovation for the benefit of our customers. We strive to create an environment where you feel that you belong, with diversity and inclusion as the engine to growth and innovation. We develop and deploy best-in-class programs and practices, providing enriching career opportunities, listening to employee feedback and always challenging ourselves to do better. This is The Carrier Way. Join us and make a difference. Now! Carrier is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Description What We Are Looking For: Meltwater’s collaborative Security Team needs a passionate Security Engineer to continue to advance Meltwater’s security. Working with a group of fun loving people who are genuinely excited and passionate about security, there will be more laughs than facepalms! If you believe that improving security is about constantly moving technology forward to be more secure, and shifting security tools and checks earlier in the development lifecycle, then you’ll feel at home on Meltwater’s Security Team! At Meltwater we want to ensure that we can have autonomous, empowered and highly efficient teams. Our Security Team charges head on into the challenge of ensuring our teams can maintain their autonomy without compromising the security of our systems, services and data. Through enablement and collaboration with teams, Security Engineers ensure that our development and infrastructure practices have security defined, integrated and implemented in a common-sense manner that reduces risk for our business. Security Engineers define best practices, build tools, implement security checks and controls together with the broader Engineering and IT teams to ensure that our employees and our customers' data stays safe. As part of this, we leverage AWS as a key component of our cloud infrastructure. Security Engineers play a critical role in securing and optimizing AWS environments by implementing best practices, automating security controls, and collaborating with teams to ensure scalability, resilience, and compliance with industry standards. What You’ll do: In this role, you will be designing and implementing security functions ranging from checks on IaC (Infrastructure as Code) to SAST/DAST scanners in our CI/CD pipelines. You will be collaborating closely with almost every part of the Meltwater organization and help create security impact across all teams with strong support from the business. Collaborate closely with teams to help identify and implement frictionless security controls throughout the software development lifecycle Propose and implement solutions to enhance the overall cloud infrastructure and toolset. Perform ongoing security testing, including static (SAST), dynamic (DAST), and penetration testing, along with code reviews, vulnerability assessments, and regular security audits to identify risks, improve security, and develop mitigation strategies. Educate and share knowledge around secure coding practices Identify applicable industry best practices and consult with development teams on methods to continuously improve the risk posture. Build applications that improve our security posture and monitoring/alerting capabilities Implement and manage security technologies including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and security information and event management (SIEM) tools. Conduct vulnerability assessments, penetration testing, and regular security audits to identify risks and develop mitigation strategies. Monitor and respond to security incidents and alerts, performing root cause analysis and incident handling. Participate in incident response and disaster recovery planning, testing, and documentation. Manage identity and access management (IAM) solutions to enforce least privilege and role-based access controls (RBAC). Assist in the development of automated security workflows using scripting (Python, Bash, or similar). What You'll Bring: Strong collaboration skills with experience working cross functionally with a diverse group of stakeholders Strong communication skills with the ability to provide technical guidance to both technical and non-technical audiences Experience in implementing security controls early in the software development life cycle Knowledge of industry accepted security best practices/standards/policies such as NIST, OWASP, CIS, MITRE&ATT@CK Software developer experience in one or more of the following languages: JavaScript, Java, Kotlin or Python Experience in at least one public cloud provider, preferably AWS, with experience in security, infrastructure, and automation. Hands-on experience with SIEM platforms such as Splunk, QRadar, or similar. Proficiency in Linux operating system, network security, including firewalls, VPNs, IDS/IPS, and monitoring tools. Experience with vulnerability management tools (Snyk, Nessus, Dependabot) and penetration testing tools (Kali Linux, Metasploit). Experience in forensics and malware analysis. Self-motivated learner that continuously wants to share knowledge to improve others The ideal candidate is someone from a Software Development background with a passion for security. If you’re someone who understands the value of introducing security early in the software development lifecycle, and want to do so by enabling and empowering teams by building tools they WANT to use, we want to hear from you! What We Offer: Enjoy flexible paid time off options for enhanced work-life balance. Comprehensive health insurance tailored for you. Employee assistance programs cover mental health, legal, financial, wellness, and behaviour areas to ensure your overall well-being. Complimentary CalmApp subscription for you and your loved ones, because mental wellness matters. Energetic work environment with a hybrid work style, providing the balance you need. Benefit from our family leave program, which grows with your tenure at Meltwater. Thrive within our inclusive community and seize ongoing professional development opportunities to elevate your career. Where You'll Work: Hitec city, Hyderabad. When You'll Join: As per the offer letter Our Story At Meltwater, we believe that when you have the right people in the right environment, great things happen. Our best-in-class technology empowers our 27,000 customers around the world to make better business decisions through data. But we can’t do that without our global team of developers, innovators, problem-solvers, and high-performers who embrace challenges and find new solutions for our customers. Our award-winning global culture drives everything we do and creates an environment where our employees can make an impact, learn every day, feel a sense of belonging, and celebrate each other’s successes along the way. We are innovators at the core who see the potential in people, ideas and technologies. Together, we challenge ourselves to go big, be bold, and build best-in-class solutions for our customers. We’re proud of our diverse team of 2,200+ employees in 50 locations across 25 countries around the world. No matter where you are, you’ll work with people who care about your success and get the support you need to unlock new heights in your career. We are Meltwater. Inspired by innovation, powered by people. Equal Employment Opportunity Statement Meltwater is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: At Meltwater, we are dedicated to fostering an inclusive and diverse workplace where every employee feels valued, respected, and empowered. We are committed to the principle of equal employment opportunity and strive to provide a work environment that is free from discrimination and harassment. All employment decisions at Meltwater are made based on business needs, job requirements, and individual qualifications, without regard to race, color, religion or belief, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, marital status, veteran status, or any other status protected by the applicable laws and regulations. Meltwater does not tolerate discrimination or harassment of any kind, and we actively promote a culture of respect, fairness, and inclusivity. We encourage applicants of all backgrounds, experiences, and abilities to apply and join us in our mission to drive innovation and make a positive impact in the world.

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself and a better working world for all. As part of our EY-cyber security team, you shall engage in Identity & Access Management projects in the capacity of execution of deliverables. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships. You'll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you'll anticipate and identify risks within engagements and share any issues with senior members of the team. We're looking for Senior Security Analyst / Senior Consultant in the Technology Consulting team to work on various Identity and Access Management projects for our customers across the globe. Also, the professional shall need to report any identified risks within engagements and share any issues and updates with senior members of the team. In line with EY's commitment to quality, you'll confirm that work is of the highest quality as per EY's quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you'll help to create a positive learning culture, coach and counsel junior team members, and help them to develop. **Your key responsibilities:** - Engage and contribute to the Identity & Access Management projects. - Provide Level 3 and Level 4 support for the system within agreed service levels. - Ability to work independently, adapt quickly, and maintain a positive attitude. - At least 3-6 years of Active Directory / Azure Active Directory (Entra) experience. - Have experience in maintaining & administering Active Directory. - Knowledge of Bulk updates using scripts. - Managing backup/restore of AD database. - Must have good experience in handling escalated issues and providing RCA. - Experienced in AD server migration, deployment, and DC promotion. - Knowledge of AD migrations from one domain to another domain will be an added advantage. - Good verbal & written communication, technical document writing. - Awareness of security standards such as NIST and CIS. - Must have knowledge of AD Core Servers handling through command lines. - Must have hands-on experience in managing Azure AD connect server synchronization. - Experience in handling synchronization issues on Azure AD Connect and troubleshoot. - Preparing Operational Manual, Procedure Documents & Design Documents. - Understands concepts of Authentication, Authorization, Provisioning, Identity, and Access Management. - Good knowledge of basic security concepts and certificate management. - Understanding of Authentication, Authorization, MFA, SSO, Federation, and Directory Services concepts. - Supporting Single Sign-On (SSO) infrastructure, analyzing issues related to SSO and Multi-Factor Authentication (MFA). - Strong knowledge about OAuth, OpenID, and SAML concepts. Proficient in Azure Active Directory B2C & B2B connections. - Technical knowledge of Active Directory and experience with user and computer account administration. - Understanding of Active Directory Forest, domain, trust, permissions, access control lists, and related concepts. - Knowledge and experience of AD concepts like FSMO roles, DNS, DHCP, and Group Policies, AD SIEM and log events, AD Sites, GPO, Build it groups, Policies, Directory Sync. - Hands-on experience on end-to-end Identity and Access Management Tools such as Active Directory, Azure AD Operations. - Should be flexible to work on new technology on IAM domain. - Worked in the capacity of a techno-functional role of Identity and Access Management Implementation. - Worked in a client-facing role. - Good understanding of Identity Access Management solutions. - Hands-on experience or good knowledge of Active directory domain migrations will be an added advantage. - Need to be thorough in their respective tools with hands-on experience involving configuration, implementation & customization. - Prior experience working in remote teams on a global scale. - Implement and manage the effectiveness of Incident, Service Request, Change, and Problem management processes for the service area. - Ability to perform Root Cause Analysis and suggest solutions to avoid errors. - Resolve technical issues through debugging, research, and investigation. - Strong communication skills, both verbal and written. - Perform systems analysis and tuning to ensure optimal infrastructure response. **Skills and attributes for success:** - Hands-on experience on end-to-end implementation of Identity and Access Management tools. - Strong communication, presentation, and team-building skills and experience in producing high-quality reports, papers, and presentations. - Ability to communicate detailed technical information to a non-technical audience clearly. - Hands-on experience on tools like PKI, MFA, ADFS, Entra, QMM. **Work Requirements:** - Willingness to travel as required. - Willingness to be an on-call support engineer and work occasional overtime as required. - Willingness to work in shifts as required. **To qualify for the role, you must have:** - Bachelor or master's degree in a related field or equivalent work experience. - 3-6 years of experience implementing IAM projects (Active Directory and Azure AD) and migration. - Strong command of verbal and written English language. - Strong interpersonal and presentation skills. **What working at EY offers:** At EY, we're dedicated to helping our clients, from startups to Fortune 500 companies, and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: - Support, coaching, and feedback from some of the most engaging colleagues around. - Opportunities to develop new skills and progress your career. - The freedom and flexibility to handle your role in a way that's right for you. EY | Building a better working world: EY exists to build a better working world, helping to create long-term value for clients, people, and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.,

As an IT Auditor in our organization, you will be responsible for leading IT audits to ensure alignment with industry standards. You will oversee quality assurance and reviews for audit engagements, including conducting cybersecurity audits and risk assessments to ensure compliance with IT governance and regulatory requirements. Collaborating with cross-functional teams will be essential to address risks effectively. Your expertise will be crucial in providing expert recommendations for improving cybersecurity measures. Managing audit timelines and deliverables with consistent quality will be a key aspect of your role. Staying updated on emerging IT and cybersecurity trends will also be necessary to enhance our audit processes and practices. To excel in this role, you should hold certifications such as CISA, CISSP, CIA, CISL (or equivalent) and have expertise in IT audit, cybersecurity frameworks, and risk management. Previous experience in a Big 4 firm or relevant industry exposure will be advantageous. A strong knowledge of security standards like ISO, NIST, GDPR, and others is required. Your proven ability to lead teams, manage audit quality, and possess strong communication and stakeholder management skills will be essential for success in this position. Additionally, you should be willing to travel up to 20% to the Middle East to fulfill job requirements effectively.,