406 Pci Dss Jobs - Page 13

Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: Bachelors degree in computer science or related field Excellent communication and team collaboration skills

Information Security Manager: Job Title: Information Security Manager Work from Office Location: Bangalore/Chennai/Hyderabad Experience:9 + years No.of Positions: #womenhiring #womenintech #womendiversity this role is exclusive for female candidates. Required Skills: Hands-on experience with security technologies Experience in Information security and business continuity internal audits Strong Knowledge in risk management, ISO 27001, ISO 22301 PCI DSS, HIPAA, GDPR, SOC 2 Knowledgeable in security concepts, techniques, tools, methods, and practices Good technical in cyber security products Individually to perform the technical audits Roles and Responsibilities: Minimum 8 years of experience in managing security audits, such as, ISO 27001, HIPAA, SOC 1, SOC2, PCIDSS Including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, HIPAA, PCIDSS audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Assist in testing and verification of all controls and formulating reports documenting findings. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Work closely with internal business teams to assist in the identification and assessment of potential security risks, and establish risk owners, ratings, and management action plans. Ensure continuity of compliance with ISO27001 and ISO 22301, PCI DSS, HIPAA, GDPR Analyse the potential impact of new threats and communicate risks to relevant business units Manage security operations, analyze security exceptions, gather necessary background information, document exceptions and ensurethat the risk is recognized and managed with compensating controls Provide orientation to Business Units on Risk Assessment, Business Continuity Plan and Business Impact Analysis Facilitate in preparation of a Business continuity plan for each project and functions Conduct internal ISMS and BCMS audits and identify potential gaps in the system Prepare detailed and summary reports of assessments, and remediation plans as needed and advise internal stakeholders Report the audit findings on the potential weakness in the system and areas of improvement

Programme phase: Responsibilities that sit squarely on the AI Engineer Phase 1 Intelligent Document Processing: Stand up the ingestion path: wire OCR services (StreamSets Tesseract/Textract or Spark) inside the PCI enclave. Create the RAG substrate: chunk & embed pages, build a hybrid BM25 + vector index, add a bge reranker layer and measure 92 % recall. Author the Extraction Agent: map 98 % of statement fees to the canonical taxonomy and persist lineage in Snowflake/Databricks. Hit the SLA: keep upload quote under five minutes and prove it in pilot UAT. Phase 2 Automated Pricing Engine: Embed pricing intelligence: glue rule based margin tables and the ML margin model into one Pricing Agent, with error 1 bp. Serve quotes at scale: expose the engine via REST/GraphQL, hold p95 latency below 90 s, and build the audit trail SOX reviewers demand. Own inference infra: productionise model serving, versioning and rollback hooks. Phase 3 Future add ons: Take RAG mobile: integrate an iOS/Android capture SDK and make sure 95 % of photos become usable PDFs/JSON. Close the learning loop: implement active learning triggers, nightly retrains and canary releases to fight layout drift and new fee codes. Cross cutting: Deliverables ownership: OCR/RAG model artefacts, vector/ETL code, pricing rule sets, OpenAPI docs and the PCI/SOX evidence pack. Must have skillsets and experience: 1. Retrieval Augmented Generation & IDP Building hybrid search (BM25 + embeddings) and re ranking pipelines; tuning recall/precision for unstructured card statement text. Designing and orchestrating Expert Agents (Extraction, Pricing, Validation) with LangChain/Snowpark task graphs. 2. Applied MLOps inside a regulated enclave GitHub Actions / Terraform CI CD, model versioning in MLflow or Snowflake, drift & cost dashboards in Prometheus / Tableau. Writing unit + synthetic statement tests that gate promotions, and rolling models forward under strict rollback guarantees. 3. Payment domain compliance & performance PCI DSS data handling patterns, PII masking, SOX grade lineage that captures embeddings, prompts and responses for 18 months. Meeting hard SLAs ( 5 min end to end ingestion; 90 s quote recompute) and sizing infra to keep GPU/credit burn visible to FinOps. 4. Full stack data & model engineering Deep Python/SQL plus either Snowflake VECTOR_SEARCH or Databricks Lakehouse vector indexes, and comfort switching between them. Experience wiring OCR at scale (Tesseract/Textract on UDFs or Spark) and streaming outputs into secure warehouses. 5. Collaboration in a quad team RACI model Willingness to act as the Responsible engineer while an AI Architect is Accountable, partnering tightly with the Business SME (fee taxonomy) and MLQA Engineer (accuracy evidence). Ability to translate compliance or finance feedback directly into backlog tasks without waiting for long managerial chains. 6. Continuous learning mindset Designing active learning loops that detect uncertainty, call for human labels and retrain nightly, keeping extraction and pricing accuracy high as statement formats evolve. In short: a successful AI Engineer here is a hands on builder who can move from low level OCR accuracy hacks to high stakes pricing logic, wrap the whole thing in auditable MLOps, and thrive in a small, decisive team that ships every twelve weeks

Must have skillsets and experience 1. Retrieval Augmented Generation & IDP Building hybrid search (BM25 + embeddings) and re ranking pipelines; tuning recall/precision for unstructured card statement text. Designing and orchestrating Expert Agents (Extraction, Pricing, Validation) with LangChain/Snowpark task graphs. 2. Applied MLOps inside a regulated enclave GitHub Actions / Terraform CI CD, model versioning in MLflow or Snowflake, drift & cost dashboards in Prometheus / Tableau. Writing unit + synthetic statement tests that gate promotions, and rolling models forward under strict rollback guarantees. 3. Payment domain compliance & performance PCI DSS data handling patterns, PII masking, SOX grade lineage that captures embeddings, prompts and responses for 18 months. Meeting hard SLAs ( 5 min end to end ingestion; 90 s quote recompute) and sizing infra to keep GPU/credit burn visible to FinOps. 4. Full stack data & model engineering Deep Python/SQL plus either Snowflake VECTOR_SEARCH or Databricks Lakehouse vector indexes, and comfort switching between them. Experience wiring OCR at scale (Tesseract/Textract on UDFs or Spark) and streaming outputs into secure warehouses. 5. Collaboration in a quad team RACI model Willingness to act as the Responsible engineer while an AI Architect is Accountable, partnering tightly with the Business SME (fee taxonomy) and MLQA Engineer (accuracy evidence). Ability to translate compliance or finance feedback directly into backlog tasks without waiting for long managerial chains. 6. Continuous learning mindset Designing active learning loops that detect uncertainty, call for human labels and retrain nightly, keeping extraction and pricing accuracy high as statement formats evolve

? ?Job Description ?Cybersecurity Architect: MRF00741A Keywords 1. Threat Model OR Threat Modeling OR Threat Modeling Frameworks (STRIDE, DREAD, PASTA, VAST, LINDDUN) 2. Security Review OR Security Architecture Review OR Cyber Security Architecture Review 3. Cybersecurity Architecture Design OR Secure by Design 4. Secure Code Reviews OR Secure Coding Standards OR Secure CI/CD (DevSecOps) 5. Cybersecurity Standards and Frameworks - NIST, CIS, OWASP, GDPR, PCI-DSS 6. CIS Controls Implementation Benchmarking Key Role Characteristics: Prepare high quality threat models and apply knowledge of MITRE framework and kill chains. Hands-on practical experience high quality threat models and knowledge of MITRE framework and kill chains Regularly provides technical guidance and direction to support the business and its technical teams, contractors, and vendors. Proficient knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (e. g. , public cloud, artificial intelligence, machine learning, mobile, etc. ) Engage with Product, Infrastructure and Engineering teams to build threat models, design secure systems, and secure code reviews at a recurring cadence. Must Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data. Manage to evaluate current and emerging technologies to recommend the best solutions for the future state security architecture. Knowledge of cloud architectures and security controls such as network security, IAM, data protection, PKI and logging and monitoring etc. Understanding of hybrid cloud environments and the complexities of securely deploying applications to the cloud and developing Security baselinesBenchmarking. Develop and maintain re-usable security architecture and design patterns for consumption. Strong understanding of attack vectors and ability to design and articulate security controls. Familiarity demonstrated knowledge and experience in securing cloud technologies such as Azure, AWS, GCP, Kubernetes, Container, and infrastructure as code deployments.

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. We are currently seeking an experienced professional to join our team in the role of Lead consultant specialist In this role you will: Hunting for malicious or anomalous activity across the enterprise, using existing tools. Acting in co-ordination with GCO staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and insider threat activities within the organization. Researching new and existing threat actors and associated tactics, techniques and procedures (TTPs); developing a detailed understanding of their potential impact to the organization, providing recommended solutions for improving our defensive and detective capability. Collaboration with the wider Cybersecurity functions, e. g. , Red Team, to develop hypotheses for new attack techniques and evasion methods. Coordinating threat hunting activities, leveraging intelligence from multiple internal and external sources. Reviewing incident and penetration testing reports and corresponding logs, to identify gaps in our detection capability and provide recommendations to improve them. Providing expert analytic investigative support on large scale and complex security incidents. Contributing to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes Training, developing, mentoring, and inspiring colleagues across the function in area(s) of specialism, strengthening Cybersecurity Operations capabilities. Represent HSBC Global Cybersecurity Operations at internal awareness and external cybersecurity forums. Collaborate with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose. Identify processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources. Requirements To be successful in this role, you should meet the following requirements: Excellent investigative skills, insatiable curiosity, and an innate drive to win. Instinctive and creative, with an ability to think like the enemy. Strong problem-solving and trouble-shooting skills Deep knowledge of hacker culture Developed external peer network for sharing intelligence. Self-motivated and possessing of a high sense of urgency and personal integrity. Excellent understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and laws. Excellent understanding and knowledge of common industry cyber security frameworks, standards, and methodologies, including OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards. Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and / or deception environment development (tripwire systems, honeypots, honey-token/accounts, etc. ) using open source, vendor purchased and bespoke/in-house developed solutions. Experience in computer forensics, vulnerability analysis, cyber security analysis, penetration testing and/or network engineering. Highest level of technical expertise in information security, including deep familiarity with relevant penetration and intrusion techniques and attack vectors Expert level knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems. Expert Knowledge and technical experience of 3rd Party Cloud Computing platforms such as AWS, Azure and Google

Role & responsibilities General description of the role: Minimum 8 years of experience in managing security audits, such as, ISO 27001, HIPAA, SOC 1, SOC2, PCIDSS Including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, or HIPAA, PCIDSS audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Assist in testing and verification of all controls and formulating reports documenting findings. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Work closely with internal business teams to assist in the identification and assessment of potential security risks, and establish risk owners, ratings, and management action plans. Ensure continuity of compliance with ISO27001 and ISO 22301, PCI DSS, HIPAA, GDPR Analyse potential impact of new threats and communicates risks to relevant business units Manage security operations, analyse security exceptions, gather necessary background information, document exceptions and ensure that the risk is recognized and managed with compensating controls Provide orientation to Business Units on Risk Assessment, Business Continuity Plan and Business Impact Analysis Facilitate in preparation of Business continuity plan for each project and functions Conduct internal ISMS and BCMS audits and identify potential gaps in the system Prepare detailed and summary reports of assessments, remediation plans as needed and advise internal stakeholders Report the audit findings on the potential weakness in the system and areas of improvement Preferred candidate profile Top 5 Skill Set Hands-on experience with security technologies Experience in Information security and business continuity internal audits Strong Knowledge in risk management, ISO 27001, ISO 22301 PCI DSS, HIPAA, GDPR, SOC 2 Knowledgeable in security concepts, techniques, tools, methods, and practices Good technical in cyber security products Individually to perform the technical audits

Job Title Security Analyst Role and Responsibilities The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards, regulations, and policies.The Security analyst will be professional, independent, impartial, and fair in all interactions. The security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units\u2019 information, applications, and infrastructure. Resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities. This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units. Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to IPS/IDS alerts; change detection (FIM) alerts application firewall alerts; malware alerts rogue wireless network alerts security system health alerts; exploit attempt alerts Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to audits of system security to ensure compliance with Corporate security framework NIS 2, NIST 800-53, ISO 27001/2, PCI-DSS emerging country, state, and Federal privacy laws Primary POC in a vulnerability management program of the account that includes external and internal vulnerability scans of applications and systems external and internal penetration tests of applications and systems documentation and remediation of identified vulnerabilities and exploits routinely monitoring various communication avenues for security vulnerabilities and security patches taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement Acts as the initial point of contact to facilitate the handling of security audits and client requests Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units Qualifications and Education Requirements CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus. Minimum of Five (3 to 5) Years of experience in IT Security compliance, or Security Auditing is required. Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc. Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls. Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter. Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences. Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Experience in PowerPoint, Word, Excel; experience with Visio and MS Project. Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations. Familiarity with security, workflow, and collaboration tools such Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally Preferred Skills Creating and Maintaining NIST 800-53-rev5 based SSP and POAM Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Conduent is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, gender expression, sex/gender, marital status, sexual orientation, physical or mental disability, medical condition, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. People with disabilities who need a reasonable accommodation to apply for or compete for employment with Conduent may request such accommodation(s) by submitting their request through this form that must be downloaded:click here to access or download the form. Complete the form and then email it as an attachment toFTADAAA@conduent.com.You may alsoclick here to access Conduent's ADAAA Accommodation Policy. At Conduent we value the health and safety of our associates, their families and our community. For US applicants while we DO NOT require vaccination for most of our jobs, we DO require that you provide us with your vaccination status, where legally permissible. Providing this information is a requirement of your employment at Conduent.

Duties and Responsibilities+B5:E25C11B5:E21 The Security Project Manager oversees and manages security-related projects, ensuring timely completion within scope and budget, while coordinating with stakeholders, managing resources, and ensuring compliance with security standards and policies. Years of Experience 8 to 10 years Must Have Nice to Have Domain Expertise Project Management: Mastery of planning, risk management, and execution using tools like Jira or MS Project. X Security Principles: Knowledge of cybersecurity threats and information security standards (e.g., ISO 27001, NIST). X Technical Basics: Understanding IT infrastructure, networks, and security tools (e.g., SIEM, firewalls). X Compliance: Familiarity with regulations like GDPR, HIPAA, or PCI DSS relevant to the projects scope. X Leadership: Ability to coordinate teams, solve problems, and communicate security needs effectively. X Technical / Functional Skills Expertise in cybersecurity, including security design, architecture, controls, and policies. Experience with IAM (Identity and Access Management) is essential. X Proficiency in project management methodologies and tools, such as Agile, SAFe, Scrum, and ITIL processes. Ability to manage complex projects and coordinate between different teams. X Knowledge of Industry leading security technologies. Ability to perform assessments, plan, design, and deploy security solutions. X A minimum of 5-7 years of experience in project management, with at least 3-4 years specifically in security project management X Strong experience with project management tools such as Jira, Microsoft Project, ServiceNow, etc. X

The Operational, Technology and Cyber Risk (OTCR) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank s operations, data, and IT systems by managing operational, technology and cyber risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Group OTCR team serves as the second line of defence for assuring that controls are implemented effectively, in accordance with the OTCR Framework, and for instilling a risk culture within the Bank Key Responsibilities The Head of Policy & Regulatory Management is a key leadership role responsible for developing, implementing, and maintaining robust policies, and overseeing standards and controls to safeguard the companys information assets and ensure regulatory compliance within the dynamic industry. This role will lead a small team of policy and risk professionals, collaborate with key stakeholders across the organization, and act as a subject matter expert on evolving cyber security and technology policy matters. The Policy team are responsible for defining and maintaining Cyber and Technology Policy and overseeing first line standards and control implementation. Policy and standard set out the mandatory outcomes the Bank needs to manage the requisite risks effectively, requiring regular update and management to deliver operationally effective and future fit guidelines. The role will be responsible for providing thought leadership on best-in-class policy, standards and control delivery, helping drive the simplification, consolidation and continuous improvement. The role also includes executing Legal and Regulatory Management activities related to the respective policies and frameworks including mapping of regulatory requirements against new regulations and responding to regulatory RFI s. Skills and Experience The ICS & Technology Policy function is responsible for ensuring that the respective policies remain valid, relevant and effective together with the Standards that support the Policy. The responsibilities include. Develop, maintain, and enforce comprehensive Cyber Security and Technology policies that are aligned with industry best practices (e.g., NIST, ISO 27001, PCI DSS), regulatory requirements (e.g., GDPR, CCPA, FFIEC), and business objectives. Ensure policies are clearly documented, communicated, and readily accessible to all relevant stakeholders. The role will be heavily focused on driving enhancement and convergence across ICS and Technology. This will include providing thought leadership on risk and controls, guiding the organisation to develop a simplified control taxonomy, and improving measurement, reporting and compliance. Ensure forward looking approach to assess and update the Policy for fast evolving emerging technologies such as AI, Quantum Computing and Digital Assets. Ensure alignment across wider Risk Frameworks and ecosystem, connecting the dots across frameworks, policy, standards, controls, and process. Qualifications A rigorous and analytical approach to risk management Knowledge of the Business and its franchise and/or remit. Experience of business partnering, including the ability to synthesise and articulate complex and technical topics clearly to diverse audiences Ability to manage a diverse and challenging stakeholder community / team Proven experience with co-ordination of many dependencies in a complex, large-scale environment Specific strong competence in the use of Excel for analysis of complex data and PowerPoint for communication purposes Ideally the role holder will have specific experience of OTCR frameworks and have an in-depth knowledge of some of the key organisational and operational challenges faced by a Second-Line Risk function. Group, with specific knowledge in cyber and information security risk Ability to represent the Bank with external stakeholders via Industry Forums and at key Regulatory meetings. Ability to assess priorities and focus on detailed aspects of a SME function to drive effective delivery Excellent analytical skills: ability to think clearly and rigorously about how best to assess existing and emerging risks and readiness, being able to reach a pragmatic approach and direction. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations. Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum. Flexible working options based around home and office locations, with flexible working patterns. Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning. Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. 24833

Job Description Work with External Auditors as required, including facilitating interactions and documentation requests. Assist with compliance framework assessments including, but not limited to NYDFS, PCI DSS, SOC, SOX, GLBA, CIS, MTL and HIPAA. Coordinate external penetration test(s). Coordinate remediation of observations noted from Audit(s) or Gap Analyses. Conduct Internal Audits each quarter. Conduct New Product Audits. Review and edit policies as necessary, but no less than annually. Develop technical security training programs for application users, site security personnel, IT and HR staff globally. Coordinates audit activities with customers workload and schedule. Maintains the Internal Audit manual and leads updates to audit templates. Conducting investigations on irregularities and errors seen during the Audit. Conduct Table Top exercises including, but not limited to Business Continuity/Disaster Recovery and Incident Response. Update Risk Assessment(s) no less than annually. Complete internal vulnerability scans. Complete new hire training, including but not limited to KnowBe4 and BAI. Work with vendors, banks, partners as required to meet their compliance needs, including but not limited to, Questionnaires, RFPs, and Report Requests. Provide consultation and advisement to the business and project leads around compliance initiatives. Performance of other duties and responsibilities as assigned Comply with and enforce company policies and procedures Provide regular and predictable attendance considering any rights to leaves provided by law or company policy Perform all essential job functions without posing a direct threat of harm to yourself or others Effective written and verbal communication with subordinates, peers and supervisor Preferred candidate profile Demonstrate an ability to work under pressure to meet deliverables accurately and on time Excellent communication, interpersonal, organizational, time management and leadership skills Collaborate effectively with other teams within the Security and Compliance department, IT and the Organization Must be able to resolve problems on a daily basis, handle conflict and make effective decisions under pressure. Determination, Dependability, Integrity, Professionalism

We are looking for a highly skilled and experienced IT Due Diligence Manager to join our team in Bengaluru. The ideal candidate will have 4-7 years of experience in the field. Roles and Responsibility Analyze technology implications for active M&A transactions. Review client investment theses, company profiles, and information on business technology environments. Research niche technologies, regulatory obligations, and latest trends to guide analysis. Participate in discussions with company executives to understand business processes and leverage technology strategy. Evaluate commercial off-the-shelf and custom-developed applications for sufficiency, scalability, and maintainability. Assess a company's IT infrastructure for hosting model adequacy, hardware inventory, network architecture, and business continuity procedures. Analyze technology vendor contracts and compute IT spend through contract reviews and financial documents. Develop workbooks and reports to capture diligence observations/analysis. Manage and develop RSM USI team members. Job Requirements Academic Qualification: B.Tech. and MBA from leading technology/business schools. Relevant experience of 4-7 years at a Big 4 or equivalent Advisory Services practice. Knowledge of Microsoft-powered AI products such as Microsoft CoPilot or any other GenAI tools is preferred. Experience with onshore teams, including data room management, document request list preparation, management meeting preparation, workbook analysis, quality of earnings, due diligence reports, client calls, and engagement team calls. Experience with post-acquisition/carve-out integration and separation-related engagements. Preferred industry experience in manufacturing, distribution, consumer products, business services, healthcare, financial services, business services, or technology. Knowledge of US-based regulatory and compliance frameworks such as FFIEC, NERC CIP, PCI DSS, HIPAA, GLBA, and HITECH is a plus. ERP or supply chain application implementation experience; functional expertise in IT and supporting front/back-office operations preferred. IT and cyber-related certifications (CISSP, CISM, HITECH, PCI DSS QSA, CEH, Azure, AWS). Strong skills in critical thinking, problem-solving, and process improvement. Excellent interpersonal and communication skills to interact effectively with internal team members and external clients. Ability to be a self-starter and drive successful client delivery. Demonstrates willingness to invest time in cross-time zone communication with U.S.-based teams. Evaluated as an exceptional performer in current position.

Security Risk and Compliance Expert will be instrumental in shaping the global Information Security Management System (ISMS) within our Group Security team. This role involves engaging with various Business Groups and Corporate Functions to identify and manage information security risks, ensuring compliance and enhancing our security posture. Facilitate risk assessments, develop training, and contribute to the continuous improvement of security policies and tools. Enhance the overall security and compliance of services provided to our customers. You have: Master's or bachelor's degree in computer science, security engineering, or equivalent 5+ years of experience in information security in a multinational organization. Solid understanding of information security processes and technologies Practical knowledge of ISO/IEC 27001:2022 standard implementation Excellent documentation and communication skills It would be nice if you also had: Knowledge of security standards like CSA CCM, NIST CSF, NIS2, and SOC2 Experience delivering information security training Familiarity with RSA Archer and Microsoft Power BI or other GRC tools Certifications in information security (e.g., CRISC, CISSP and ISO 27001 LI/LA) Implement and operate the global Information Security Management System (ISMS) to enhance overall security and compliance Conduct risk assessments with global stakeholders to evaluate and report information security risks Develop and maintain the information security risk register, tracking mitigation progress and presenting reports to stakeholders Provide recommendations for security risk mitigation strategies tailored to different business groups Create, update, and maintain ISMS documentation and a repository of reports and audit records Facilitate training sessions to educate employees on ISMS practices and promote a strong security culture Collaborate with cross-functional teams to identify evolving security trends and compliance requirements Contribute to the continuous improvement of Nokia ISMS and related tools, utilizing KPIs to measure effectiveness

Audit Management: Coordinate and support internal and external audits, including evidence collection, control testing, and remediation tracking. Serve as the secondary point of contact for auditors and third-party assessors. Maintain audit logs, findings, and corrective action plans. Compliance Oversight: Monitor and ensure compliance with industry regulations and internal security policies. Map controls and processes to multiple compliance frameworks (e.g., NIST, ISO, SOC 2, HIPAA). Track evolving compliance obligations and help update policies accordingly. Access Management: Support access management processes Coordinate and drive periodic user access reviews. Business Continuity & Disaster Recovery (BCDR) Collaborate with IT, operations, and business units to develop and maintain BCDR plans. Coordinate and conduct periodic BCDR tests, document results, and track corrective actions. Evaluate critical business processes to identify single points of failure and propose continuity strategies. Ensure BCDR plans align with compliance requirements and organizational risk appetite. Maintain an inventory of critical assets and dependencies required for continuity and recovery. Policy Development & Enforcement: Assist in developing, updating, and enforcing information security policies, procedures, and standards. Ensure policies align with compliance frameworks and are effectively communicated across the organization. Documentation & Reporting: Maintain detailed and organized documentation of security controls, evidence, and compliance artifacts. Create reports and dashboards for leadership on compliance status and audit readiness. Other assignments as required to support the security, compliance, and resilience goals of the organization. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Bachelor’s degree in Cybersecurity, Information Systems, Risk Management, or related field. 3+ years of experience in information security, with a focus on compliance and audits. Hands-on experience supporting one or more compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, NIST). Strong understanding of security controls and risk management practices. Strong understanding of network, system, and application security principles. Strong knowledge of risk management principles and audit processes. Excellent analytical, problem-solving, and communication skills. Preferred technical and professional experience Strong attention to detail and organizational skills. Excellent written and verbal communication. Ability to manage multiple audits and compliance initiatives simultaneously. Comfortable working with technical and non-technical teams.

Domain Certifications CISSP, CISA, CRISC, ISO 27001 Responsibilities Own and lead the governance program at account level for a large Financial services account with 700 + head count and multi country locations having high security Offshore Delivery Centres & Work from home teams Develop, implement and monitor Account level Information security governance program; meeting client compliance requirements proactively Perform contract reviews, cyber security risk assessments and drive compliance programs to meet contractual and organizational cyber security requirements within the client offshore delivery centres. Experience in Application security and code reviews which can be leveraged to guide and work with delivery teams on covering the cyber security risks associated with Application security, development and maintenance projects. Work closely with different teams internally like IT, business, HR, facilities, cyber security which operate at Organization level to translate client requirements and assess residual risk if required Give directions and monitor the compliance and operations activities within the account through dedicated team and work closely with account team on ensuring the compliance within account team Develop account level procedures, metrics and review programs to maintain and enhance the governance model within the account Be a single point of contact for client interactions during third party audits and liaise within the organization Prepare the account for certification and internal audit requirements based on industry standards like PCI DSS and ISO 27001 requirements Focus and objective driven to demonstrate ongoing improvements; identify early indicators of non compliance and able to draw mitigation actions Hold technical skills to participate in technical discussions for delivery centre setup, connectivity models Excellent communication skills and have demonstrated effective CXO level reviews

So, what s the role all about Cloud Information Security Engineers maintain the security of operating systems, storage, public cloud environments and hardware. They maintain and monitor the security of NICE CXone s lab and production environments. Other responsibilities include identifying security requirements, owning projects related to audits and maintaining a secure systems environment. The Senior Cloud Information Security Engineer needs good communication skills and must be able to work collaboratively with other technical colleagues. They share their expertise and provide individual training and support. How will you make an impact Maintain, monitor, and support the security of a large, global infrastructure environment Performing Risk Assessment and Mitigation Following defined procedures to monitor systems security and resolving issues Security policy development and enforcement Participate in internal and external audits providing required evidence Identifying and Implementing remediation required by audits/assessments Maintain the security of lab and production storage Maintain the security and compliance of enterprise grade systems related hardware Cross-train and share knowledge with team Maintain documentation of security and remediation related processes Communicates events to stakeholders, teams, and leadership Works daily with EDR, NGAV and SIEM products Work with Change Management Have you got what it takes Must have good attention to detail, and the ability to make good, timely decisions Be a Team-player, have a positive attitude and able to work with a distributed team in multiple time zones Experience successfully working in fast paced, production environments Experience working within a team of IT professionals; taking and following direction and completing tasks and assignments in a timely manner with a positive attitude Be a self-starter who is proactive, motivated and can work independently Experience Leading Projects and Delivering Solutions Through Completion Knowledge of common security and compliance certifications and frameworks, such as ISO 27001, SOC 2 type 2, PCI DSS, FedRAMP, IRAP, GDPR etc. 2+ years working with EDR and/or SIEM products 2+ years working with Threat Detection and Incident Response 4+ years in Windows Server Administration 4+ years managing infrastructure security vulnerabilities 4+ years working in a PCI/FedRAMP/IRAP compliant environment 4+ years communicating in English in a technical field Experience working with change management processes Experience working in hybrid Cloud and On-Premise environments Experience working with and responding to security questionnaires Experience working with PowerShell and other scripting languages What s in it for you Enjoy NICE-FLEX! Requisition ID: 5962 Reporting into: Tech Manager Role Type: Individual Contributor About NICE

Understand and apply Technology Control Framework based on industry standards to establish, promote and manage governance, risk compliance. Implement security controls, risk assessment framework, and program that align to best practices and regulatory requirements. Ensure and monitor effective implementations of the policies and procedures. Inform and align decision making for information technology planning, policy and operations to meet business objectives. Communicate the governance activities, policies and decisions with the IT Management and Business Leadership and keep them informed of IT governance decisions that will affect IT services and projects. Work with different stakeholders to maintain up-to-date documentation for scoping, testing and remediation of technology controls Assess audit findings / gaps including control weaknesses in coordination with different stakeholders and assist with development of management action plans. Assess efficacy of security controls, document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities. Ability to communicate a deep understanding of the business and a broad knowledge of existing risk evaluation practices is expected in this role. Carefully maintain complaint and nonconformance processing through records and tracking systems, including root cause and corrective actions. Execute strategy for dealing with increasing number of audits, compliance checks and internal assessment processes for Ameriprise standard compliance framework/practices. Lead the identification, assessment, and mitigation of risks across all operational, strategic, and regulatory domains. Oversee the governance controls across technology business units, ensuring effective governance structures, executive performance evaluations, and compliance with corporate governance codes. Work closely with senior management to define risk tolerance levels, ensuring that appropriate mitigation measures are in place. Maintain strong relationships with key internal and external stakeholders, including the Board, senior management, regulators, auditors, and business leaders. Provide regular updates to the Board and senior management on governance, risk, and assurance matters, including risk exposures, compliance status, and audit outcomes. Lead the preparation of comprehensive risk and governance reports, including annual governance reports, risk assessments, and assurance reviews for the Board and senior management. Job Responsibilities Understand and apply Technology Control Framework based on industry standards to establish, promote and manage governance, risk compliance. Implement security controls, risk assessment framework, and program that align to best practices and regulatory requirements. Ensure and monitor effective implementations of the policies and procedures. Inform and align decision making for information technology planning, policy and operations to meet business objectives. Communicate the governance activities, policies and decisions with the IT Management and Business Leadership and keep them informed of IT governance decisions that will affect IT services and projects. Work with different stakeholders to maintain up-to-date documentation for scoping, testing and remediation of technology controls Assess audit findings / gaps including control weaknesses in coordination with different stakeholders and assist with development of management action plans. Assess efficacy of security controls, document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities. Ability to communicate a deep understanding of the business and a broad knowledge of existing risk evaluation practices is expected in this role. Carefully maintain complaint and nonconformance processing through records and tracking systems, including root cause and corrective actions. Execute strategy for dealing with increasing number of audits, compliance checks and internal assessment processes for Ameriprise standard compliance framework/practices. Lead the identification, assessment, and mitigation of risks across all operational, strategic, and regulatory domains. Oversee the governance controls across technology business units, ensuring effective governance structures, executive performance evaluations, and compliance with corporate governance codes. Work closely with senior management to define risk tolerance levels, ensuring that appropriate mitigation measures are in place. Maintain strong relationships with key internal and external stakeholders, including the Board, senior management, regulators, auditors, and business leaders. Provide regular updates to the Board and senior management on governance, risk, and assurance matters, including risk exposures, compliance status, and audit outcomes. Lead the preparation of comprehensive risk and governance reports, including annual governance reports, risk assessments, and assurance reviews for the Board and senior management. Preferred Key Skills Foundational knowledge of Cloud Computing Technologies (AWS, Microsoft Azure, GCP etc. ). Possess strong oral and written communication skills along with refined presentation skills and the ability to work with other departments and varying levels of management, including senior leadership. Be able to engage at all levels of the organization to organize, drive and communicate results. Good understanding of industry standards for compliance such as ISO 27001:2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards. Defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions Questions status quo and navigates through roadblocks. Ameriprise India LLP has been providing client based financial solutions to help clients plan and achieve their financial objectives for 125 years. We are a U. S. based financial planning company headquartered in Minneapolis with a global presence. The firm s focus areas include Asset Management and Advice, Retirement Planning and Insurance Protection. Be part of an inclusive, collaborative culture that rewards you for your contributions and work with other talented individuals who share your passion for doing great work. You ll also have plenty of opportunities to make your mark at the office and a difference in your community. So if youre talented, driven and want to work for a strong ethical company that cares, take the next step and create a career at Ameriprise India LLP. Full-Time/Part-Time Timings (2:00p-10:30p) India Business Unit AWMPO AWMPS Presidents Office Job Family Group Technology

Governance and Compliance,Risk Assessment and Management,Regulatory Compliance,Policy Development and Enforcement,Third-Party Risk,Data Security Metrics,Risk Reporting Framework Management,eDiscovery,Mitigation Strategies

ROLE & RESPONSIBILTY: Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments. REQUIREMENTS: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices. Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review. Conceptual knowledge of OT Security/ISA 62443 standard is preferable.

. BASIC INFORMATION ON THE POSITION Position Name Trainee - ESGC Mandatory/Required Skills Location Location Mandatory/Required Skills PURPOSE OF THE ROLE To ensure Enterprise Risk management framework and Information Security Management System are effectively implemented in line with the business objectives KEY RESPONSIBILITIES AND ACCOUNTABILITIES 1. Extend support to Implement customer specific information security / enterprise risk related requirements 2. Coordinate and communicate with internal customers to ensure compliance of security / risk guidelines 3. Conduct audit to ensure compliance with customer risk / security requirements 4. Contribute towards customer audits ensuring successful completion 5. Participate in Customer calls when needed and understand customer expectations 6. Provide periodic updates on the implementation status 1. Document procedures and policies based on inputs provided 2. Support implement ISMS (Information Security Management System) framework. 3. Implement new security initiatives and improvements 4. Collect applicable measures and perform periodic analysis as per the measurement program 5. Provide updates periodically 6. Prepare Plan and conduct periodic internal audits 7. Track all internal/external audit findings to closure 8. Implement ERM and conduct risk based audit 9. Conduct surprise/ random audits and track findings to closure 10. Complete the assigned activities like Risk exception, reconciliation, VAPT, etc within the defined SLA 11. Participate in external audits by ensuring readiness of functions providing necessary support for successful completion 1. Understand, align with the goals, roles and responsibilities and provide updates about performance against the set goals 2. Train and mentor team members as appropriate 3. Upgrade competency (skills) in line with the current industry practices and business objectives EDUCATION QUALIFICATION BE/MBA ISO27001 lead auditor s certification CISA/ CISSP Certification (Preferred) PCI DSS Implementer certification MINIMUM EXPERIENCE REQUIRED 2-4 years relevant experience DOMAIN/ FUNCTIONAL SKILLS Knowledge of ISO27001 Standards ISO27005 Guidelines Knowledge of PCIDSS standard Knowledge of risk management (ISO31000) Understanding of organization s business and support processes Knowledge of IT Security, physical and environmental security and HR security controls Knowledge of regulatory requirements

Manager, Software Engineering Overview Mastercards Builders Enablement Program has an exciting opportunity for a Manager of Software Engineering. We are part of Mastercard s Team ONE (Operations, Network and Employee Digital Experience) empowering 6000+ Engineers around the globe. We are responsible for creating a great developer experience enabling engineering teams to deliver innovative payment solutions for hundreds of millions of customers. Our services enable Mastercard engineering teams to focus on delivering business value from ideation to market. The ideal candidate will help Mastercard developers efficiently build, test, and deliver secure, quality code. Role: Lead a team of talented engineers delivering multiple microservices. Interact with technical leaders, product, and operations partners to define strategic platform and product direction. Drive positive change within systems/process to optimally deliver on commitments Drive your team s growth, capability and performance through coaching, mentoring, performance feedback and career development Track and communicate status/progress to customers and senior management Skills: 3+ years experience as a people manager 7+ years prior experience in agile software development knowing OOP/OOAD and prior work with Java, REST microservices architecture and microservice deployments Expertise with Scrum and Kanban best practices You have experience in managing the development of distributed/scalable systems and high-volume transaction applications. You can drive architectural change, balancing technical and business priorities Experience working on products utilizing one or more Cloud platforms and familiar with cloud concepts Experience driving automated testing within CI pipelines Experience with service availability and observability using alerting and monitoring solutions Knowledgeable of containerization technologies Experience working in a regulated environment with secure software development practices (e.g., PCI DSS, GDPR) Experience managing shared components within the organization is a plus All About You: You lead with transparency and have a strong desire to collaborate and provide mentorship to engineers You enjoy working with business and product leaders to inform and support options for delivering highly capable solutions that meet market demands You have excellent communication skills with both technical and non-technical people and have experience preparing delivering executive level presentations to business and technology audiences You are a champion of engineering and operational excellence: developing organizational metrics and driving culture of continuous improvement across teams You are a relentless self-starter who works quickly and efficiently to support product and technical objectives. You can navigate a complex global organization. Education Bachelors degree in Information Technology, Computer Science, Electronics or an equivalent Engineering stream

Our Purpose Title and Summary Manager, Software Engineering Overview Mastercards Builders Enablement Program has an exciting opportunity for a Manager of Software Engineering. We are part of Mastercard s Team ONE (Operations, Network and Employee Digital Experience) empowering 6000+ Engineers around the globe. We are responsible for creating a great developer experience enabling engineering teams to deliver innovative payment solutions for hundreds of millions of customers. Our services enable Mastercard engineering teams to focus on delivering business value from ideation to market. The ideal candidate will help Mastercard developers efficiently build, test, and deliver secure, quality code. Role: Lead a team of talented engineers delivering multiple microservices. Interact with technical leaders, product, and operations partners to define strategic platform and product direction. Drive positive change within systems/process to optimally deliver on commitments Drive your team s growth, capability and performance through coaching, mentoring, performance feedback and career development Track and communicate status/progress to customers and senior management Skills: 3+ years experience as a people manager 7+ years prior experience in agile software development knowing OOP/OOAD and prior work with Java, REST microservices architecture and microservice deployments Expertise with Scrum and Kanban best practices You have experience in managing the development of distributed/scalable systems and high-volume transaction applications. You can drive architectural change, balancing technical and business priorities Experience working on products utilizing one or more Cloud platforms and familiar with cloud concepts Experience driving automated testing within CI pipelines Experience with service availability and observability using alerting and monitoring solutions Knowledgeable of containerization technologies Experience working in a regulated environment with secure software development practices (e.g., PCI DSS, GDPR) Experience managing shared components within the organization is a plus All About You: You lead with transparency and have a strong desire to collaborate and provide mentorship to engineers You enjoy working with business and product leaders to inform and support options for delivering highly capable solutions that meet market demands You have excellent communication skills with both technical and non-technical people and have experience preparing delivering executive level presentations to business and technology audiences You are a champion of engineering and operational excellence: developing organizational metrics and driving culture of continuous improvement across teams You are a relentless self-starter who works quickly and efficiently to support product and technical objectives. You can navigate a complex global organization. Education Bachelors degree in Information Technology, Computer Science, Electronics or an equivalent Engineering stream

Serko is a cutting-edge tech platform in global business travel & expense technology. When you join Serko, you become part of a team of passionate travellers and technologists bringing people together, using the world s leading business travel marketplace. We are proud to be an equal opportunity employer. We embrace the richness of diversity, showing up authentically to create a positive impact. Theres an exciting road ahead of us, where travel needs real, impactful change. With offices in New Zealand, Australia, North America, and China, we are thrilled to be expanding our global footprint, landing our new hub in Bengaluru, India. With a rapid growth plan in place for India, we re hiring people from different backgrounds, experiences, abilities, and perspectives to help us build a world-class team and product. We are seeking an experienced and highly skilled Senior Security professional to join our fast moving and enthusiastic team at Serko. The ideal candidate will have a strong background in software engineering and DevSecOps, with a focus on integratin

The Senior Full Stack Developer in Security will be responsible for securing Navan products by identifying unaddressed areas of weakness and driving cleverly engineered, scalable solutions that improve our defense-in-depth. You will be responsible for design and development of core services related to authentication, authorization, encryption within the product to enable a vast majority of use cases securely. Skills you will leverage in this role include the ability to break down prior technical implementations of product use cases, and the ability to deliver incremental security value through small meaningful code refactors. Reporting to the Senior Director of Trust and Security, you will contribute significantly to building and scaling the security of Navan products. This position requires both advanced technical skills, strong communication skills, and the ability to influence people. You will be responsible for ensuring the continuous security of Navan customer-facing products and internal tools. You will focus on driving and advising risk remediation based on research, and developing strong partnerships with engineering and product teams to accelerate the release of the software with security by design. What You ll Do: Research, design and implement security-oriented frameworks and features with the common goal of protecting Navan customers. Upgrade the security of the current Navan platform to cutting edge security solutions like Passkeys while balancing the needs of multiple customer personas and use cases. Liaison between the engineering and security org to execute on the security roadmap. Lead security software development while building technical leverage and influencing the direction of architecture, design, and roadmap. Routinely participate in cross-vertical code reviews with an emphasis on Security. Break down complex problems into sub-tasks & iteratively contribute to the goal of the security initiatives using agile practices. Coach and mentor junior engineers in the team. What We re Looking For: 5+ years of experience as a software engineer with technical-leadership responsibilities Prior experience architecting, building, launching and maintaining complex systems Experience working in an Agile environment using technologies such as: Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/Typescipt, and React Containers (Docker, Kubernetes, or similar) Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar) Continuous integration (Github Actions or similar) Integration of Security testing tools into CI pipelines Defect tracking (Jira, ServiceNow, or similar) Source code management (GitLab, GitHub, or similar) Cloud environment (AWS, or similar) Knowledge of modern authentication mechanisms like SAML, JWT, OIDC connect, Passkey is plus Knowledge of authorization frameworks for complex multi-tenant SaaS applications is plus Knowledge of cryptographic primitives is plus Knowledge of application security issues and tools is plus Knowledge of compliance requirements for industry-standard certifications like PCI DSS, SOC2, HIPAA, and FedRAMP is plus Experience working in small teams and delivering outsized impact is plus

Role Purpose The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFP’s received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the client’s need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: ForgeRock Identity Manager. Experience8-10 Years.