406 Pci Dss Jobs - Page 9

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of Senior Consultant Specialist In this role, you will: Be responsible for maintaining, and uplifting IAM PAM control. Identify, investigate, and report potential Cybersecurity related exposures and recommend corrective action, maintaining SME support and/or ownership through to resolution. Work alongside the IDAM Control Owners to record, analyse, monitor, and publish MI / KCI reporting; dashboards; for the Cybersecurity management and other appropriate stakeholders. Stakeholder Engagement: Collaborate with business units and IT teams, to gather requirements and ensure smooth project execution. Provide regular updates to senior management and other stakeholders. Governance and Compliance: Experience of working in a regulated environment with exposure to global regulatory requirements, including GDPR, SOX, PCI DSS, and ISO 27001. Implement robust governance practices to manage risks and ensure compliance. Team Coordination and Leadership: Lead cross-functional teams, work alongside project managers, control owners, business analysts, and technical specialists. Foster collaboration and resolve conflicts to maintain project momentum. Proven track record of working with technical, cybersecurity and/or operations teams. Lead geographically disbursed team and pull them together to achieve common objectives. Excellent written and verbal communications Excellent data analytics skills. Process Improvement: Continuously evaluate processes and propose enhancements to improve efficiency, scalability, and security. Develop and implement best practices for project delivery. Risk and Issue Management Identify, assess, and mitigate risks throughout the project lifecycle. Proactively manage issues and dependencies to avoid project delays. Documentation Project initiation, planning, execution, monitoring, and closure documentation including but not limit project charter, project plan, various status report, performance report and project closeout report. Requirements To be successful in this role, you should meet the following requirements: Knowledge Experience of Identity Access Management (IAM) Controls Technical background within security spaces- Privileged Access Management Extensive knowledge on managing compliance IAM Security Standards Able to understand Operating Effectiveness of IAM Secrets Controls, Identify Gaps and Remediate Manage Govern KPIs / KCIs / KRIs Stakeholder Management Across all Lines of Defence Communication Skills for stakeholder collaboration on Standard Procedures and Best Practices Role relevant qualifications, i. e. CISSP/CISM is desirable but not essential Excellent written and verbal communications Excellent technical data analytics skills. Strong presentation and reporting skills.

Drafting, Reviewing, Updating, and Enforcing Information Security Policies: Responsible for the formulation, periodic review, update, and organization-wide enforcement of information security policies and procedures in line with regulatory and industry standards. Implementing IS Related Controls as per Regulatory Requirements and Industry Best Practices: Ensures timely implementation and tracking of security controls as mandated by regulators and aligned with globally accepted standards such as ISO 27001, NIST, and PCI DSS. Coordinating Security Audits as per Regulatory Requirements: Acts as the central coordinator for internal, external, and regulatory audits, ensuring availability of evidence, responses, and closure of observations. Conducting Training and Awareness (Phishing and Quiz): Plans and executes regular security awareness programs, phishing simulations, and quizzes to build a security-conscious culture among employees. Performing IS Risk Assessment / GAP Assessment: Conducts periodic risk and gap assessments to identify, evaluate, and mitigate security weaknesses across systems, processes, and third parties. M aintenance of ISO 27001:2022 and PCI-DSS Certification: Manages and coordinates activities necessary to maintain ISO 27001:2022 and PCI DSS certification status, including audits, documentation, and corrective actions. Monitoring Ongoing IS Compliances through Compliance Calendar : Acts as a checker by maintaining a compliance calendar and tracking entity-wise and function-wise adherence to security compliance requirements. Policy, Process, and Other IS-Related Audits : Conducts independent assessments of IS policies, procedures, and control effectiveness to ensure compliance and identify opportunities for improvement. Participating in Regulatory Inspections: Supports regulatory inspections related to information security by providing necessary documentation, system access, and clarifications. Incident Management: Reviews information security incidents to find trends, causes, impact, and check how well responses worked; ensures incidents are reported to regulators on time as per rules; and regularly updates senior management or the board on security status, key risks, incidents, and compliance

Overview Omnicom Global Solutions is an integral part of Omnicom Group, a leading global marketing and corporate communications company. Omnicom’s branded networks and numerous specialty firms provide advertising, strategic media planning and buying, digital and interactive marketing, direct and promotional marketing, public relations, and other specialty communications services to over 5,000 clients in more than 70 countries. OGS India plays a critical role for our group companies and global agencies by providing stellar products, solutions, and services across Creative Services, Technology, Marketing Science (Data & Analytics), Advanced Analytics, Market Research, Business Support Services, Media Services, and Project Management. With over 4000 talented colleagues in India, we are growing rapidly and are looking for professionals like you to help build the next chapter of our journey. Let’s build this together! Responsibilities Operate day-to-day Information Security Governance, Risk, and Compliance (GRC) activities across the organization. Support alignment and implementation of security standards including ISO 27001, PCI, NIST, and TISAX. Assist in the execution of Information Security Risk Management policies and procedures. Collaborate on internal and external audit activities, and track remediation efforts to closure. Support documentation, reporting, and evidence gathering for compliance and regulatory assessments. Contribute to the continuous improvement of governance processes, control effectiveness, and risk posture. Coordinate with business units and IT teams to ensure governance standards are understood and adhered to. Qualifications 3–5 years of experience in information security governance, risk, compliance, or audit. Working knowledge of ISO 27001, PCI-DSS, NIST, TISAX, or other major regulatory frameworks. Experience with policy implementation, risk assessment methodologies, and audit coordination. Ability to evaluate and articulate compliance requirements to technical and non-technical teams. Strong documentation, analytical, and reporting skills with attention to detail. Excellent interpersonal and communication skills to work cross-functionally. Preferred Qualifications Certifications such as ISO 27001 Lead Implementer/Auditor, CISA, or similar. Experience with GRC platforms and tools. Exposure to vendor risk management and compliance monitoring.

Job ID: 199874 Required Travel :Minimal Managerial - No LocationIndia- Pune (Amdocs Site) Who are we Amdocs helps those who build the future to make it amazing. With our market-leading portfolio of software products and services, we unlock our customers innovative potential, empowering them to provide next-generation communication and media experiences for both the individual end user and enterprise customers. Our employees around the globe are here to accelerate service providers migration to the cloud, enable them to differentiate in the 5G era, and digitalize and automate their operations. Listed on the NASDAQ Global Select Market, Amdocs had revenue of $5.00 billion in fiscal 2024. For more information, visit www.amdocs.com In one sentence We are seeking a highly skilled and experienced Senior Governance, Risk, and Compliance (GRC) Specialist to join our dynamic team. The ideal candidate will have a strong background in GRC, with a proven track record of managing and implementing comprehensive risk management and compliance programs, particularly within the EMEA (Europe, Middle East, and Africa) and IMEA (India, Middle East, and Africa) regions. What will your job look like Develop and maintain governance frameworks, policies, and procedures. Ensure compliance with industry standards, regulations, and contractual obligations. Identify, assess, and prioritize security risks, implementing mitigation strategies. Conduct regular risk assessments, audits, and maintain risk registers. Ensure adherence to GDPR, CRA, and other relevant security regulations. Monitor and enforce security compliance across EMEA and IMEA regions. Develop and deliver compliance training programs for employees. Prepare and present security reports to senior management and stakeholders. Collaborate with internal teams and liaise with external auditors and regulators. Communicate security risks and mitigation strategies effectively to stakeholders. All you need is... Bachelor's degree in Business Administration, or a related field. Professional certification (e.g., CISA, CRISC, CISSP) is preferred. Minimum of 6 years of experience in governance, risk management, and compliance. Strong knowledge of relevant laws, regulations, and industry standards, particularly in the EMEA and IMEA regions. Strong understanding of NIST CSF, CIS, ISO 27001, PCI DSS, and Data Protection frameworks. Excellent analytical, problem-solving, and decision-making skills. Strong communication and interpersonal skills, with experience in defending and explaining security risks and mitigations to customers and stakeholders. Ability to work independently and as part of a team. Proficiency in GRC software and tools. Why you will love this job: You will be able to demonstrates an understanding of key business drivers and ensures strategic directions are followed and the organization succeeds You will be able to gathers relevant data, identifies trends and root causes, and draws logical conclusions to develop solutions You will have ability to assess details, systems and other factors as part of a single and comprehensive picture We are a dynamic, multi-cultural organization that constantly innovates and empowers our employees to grow. Our people our passionate, daring, and phenomenal teammates that stand by each other with a dedication to creating a diverse, inclusive workplace! We offer a wide range of stellar benefits including health, dental, vision, and life insurance as well as paid time off, sick time, and parental leave Amdocs is an equal opportunity employer. We welcome applicants from all backgrounds and are committed to fostering a diverse and inclusive workforce

Job ID: 198625 Required Travel :Minimal Managerial - No LocationIndia- Pune (Amdocs Site) In one sentence The IS/IT Audit Expert will assess systems, processes, and controls to ensure compliance with internal policies/practices and identify technological or operational risks All you need is... BA/BS degree in Information Systems, Computer Science, Engineering, or related field. 2-5 years of experience in IT Audit, Cybersecurity, Risk Management, IT Compliance, IT Project Management, or related field. Able to execute comprehensive IT/IS audits utilizing data analytics (MS Excel, Tableau). Ability to evaluate the adequacy and effectiveness of IS/IT controls. Sound knowledge of industry standards, emerging technologies, and best practices. Ability to identify and assess IT/IS related risks and evaluate their impact on the organization. Ability to conduct independent fieldwork and align with process/system owners. Mindset to proactively seek relevant education and training opportunities. Excellent communication skills (both verbal and written) and ability to interact with people across the globe with different cultures. What will your job look like Plan the scope and objective of the audit topic Evaluate a system s efficiency based on knowledge of business process and systems, financial, procurement, HR and other operations. Plan the auditing techniques according to the audit type/maturity/region. Perform the audit in a professional manner and in accordance with the approved audit testing program. Involve the audit director during, and at the conclusion of, the examination, to discuss the test results and deficiency remediation recommendations. Prepare draft report containing all gaps identified and applicable risk analysis for the director review Raise red flag at the right time during the course of review when there is an exception that should be handled by the director Who are we Amdocs helps those who build the future to make it amazing. With our market-leading portfolio of software products and services, we unlock our customers innovative potential, empowering them to provide next-generation communication and media experiences for both the individual end user and enterprise customers. Our employees around the globe are here to accelerate service providers migration to the cloud, enable them to differentiate in the 5G era, and digitalize and automate their operations. Listed on the NASDAQ Global Select Market, Amdocs had revenue of $5.00 billion in fiscal 2024. For more information, visit www.amdocs.com Why you will love this job: Opportunity to work in a growing organization Involved in planning auditing techniques We are a dynamic, multi-cultural organization that constantly innovates and empowers our employees to grow. Our people our passionate, daring, and phenomenal teammates that stand by each other with a dedication to creating a diverse, inclusive workplace! We offer a wide range of stellar benefits including health, dental, vision, and life insurance as well as paid time off, sick time, and parental leave! Amdocs is an equal opportunity employer. We welcome applicants from all backgrounds and are committed to fostering a diverse and inclusive workforce

Location Bangalore : IT SOX, Risk Management, Audits, Business Continuity Planning Not Ready to Apply Join our talent pool and we'll reach out when a job fits your skills.

Key Responsibilities: AWS Infrastructure Management: Design, deploy, and manage scalable infrastructure solutions on AWS, ensuring high availability, security, and cost optimization. Implement infrastructure as code (IaC) using tools such as AWS CloudFormation, Terraform, or AWS CDK. Oversee the configuration and management of AWS services such as EC2, S3, Lambda, RDS, Elastic Beanstalk, VPC, ECS/EKS, CloudWatch, and others. Continuous Integration and Continuous Delivery (CI/CD): Design, implement, and optimize CI/CD pipelines to support frequent deployments, using tools like Jenkins, GitLab CI, CircleCI, AWS CodePipeline, AWS CodeBuild, etc. Automate software deployment, testing, and monitoring for faster delivery cycles. Collaborate with development teams to ensure seamless integration of code into the production environment. Automation and Scripting: Create automation scripts for cloud infrastructure provisioning, configuration, and monitoring using languages such as Bash, Python, Shell Scripting, or PowerShell. Automate operational tasks like patching, backup management, and scaling of infrastructure to ensure high availability and performance. Monitoring and Performance Optimization: Set up and manage AWS monitoring tools such as CloudWatch, CloudTrail, and X-Ray to ensure system health, availability, and performance. Troubleshoot, diagnose, and resolve infrastructure-related issues, ensuring uptime and smooth performance of cloud services and applications. Implement alerting systems to proactively identify and respond to system anomalies and performance issues. Security and Compliance: Implement robust security practices within AWS environments by applying encryption, managing IAM roles, enforcing least-privilege access, and integrating security tools into the CI/CD pipeline. Automate security configurations and compliance checks, such as vulnerability assessments and patch management, to maintain security baselines. Manage network security, VPC configurations, security groups, and AWS-specific security tools (e.g., AWS GuardDuty, AWS WAF). Collaboration and Documentation: Collaborate with cross-functional teams (development, operations, security) to understand requirements and ensure that the infrastructure supports business needs. Maintain detailed documentation for infrastructure architecture, processes, CI/CD workflows, and disaster recovery plans. Provide training and support to internal teams on best practices for deploying and managing applications on AWS. Disaster Recovery and Backup Strategies: Design and implement backup, disaster recovery (DR), and business continuity plans for mission-critical applications and data. Ensure data redundancy and automatic recovery for high availability and minimal service disruption. Cost Optimization: Monitor AWS usage and optimize infrastructure cost by implementing effective cost control measures, such as right-sizing EC2 instances, using AWS Spot Instances, Reserved Instances, and Auto Scaling. Work with finance and infrastructure teams to manage budgets and ensure cost-effective utilization of AWS services. Continuous Improvement: Stay up-to-date with the latest trends and technologies in AWS and DevOps practices. Continuously improve the efficiency, security, and scalability of infrastructure and deployment pipelines. Evaluate and recommend new DevOps tools and technologies to improve team productivity and system reliability. Bachelors degree preferably in Computer Science, Information Technology, or a related field. Experience: 3+ years of experience in AWS cloud services and DevOps engineering. Experience with CI/CD pipelines, Git, and version control systems. Hands-on experience with AWS services (e.g., EC2, Lambda, RDS, ECS/EKS, S3, CloudWatch, CloudTrail, VPC). Experience with containerization technologies like Docker, and container orchestration platforms like Kubernetes, ECS, or EKS. Familiarity with IaC tools (e.g., Terraform, AWS CloudFormation, AWS CDK). Knowledge of Linux/Unix systems and scripting languages like Python, Shell, or Bash. Experience with cloud-native monitoring, logging, and alerting tools (e.g., CloudWatch, Datadog, New Relic, Splunk). Technical Skills: Strong understanding of AWS security best practices and managing access using IAM and security policies. Proficiency in containerization and orchestration with Docker, Kubernetes, and EKS. Knowledge of DevOps tools and practices for continuous integration, delivery, and automation (e.g., Jenkins, GitLab CI, AWS CodePipeline). Familiarity with serverless architectures, particularly AWS Lambda, API Gateway, and DynamoDB. Experience with AWS CloudFormation, Terraform, or AWS CDK to manage infrastructure as code. Basic networking knowledge, including setting up VPCs, subnets, security groups, and NACLs in AWS. Certifications (Preferred): AWS Certified DevOps Engineer Professional or AWS Certified Solutions Architect. AWS Certified SysOps Administrator or AWS Certified Developer Associate. Soft Skills: Strong problem-solving skills, with the ability to quickly diagnose and resolve issues. Excellent communication skills, able to collaborate with both technical and non-technical teams. Detail-oriented and committed to high standards of quality. Ability to work in a fast-paced environment and manage multiple priorities. Benefits: Competitive salary and benefits we take care of our team! Mentorship from experienced – learn from the pros. Opportunities to learn and grow in a fast-paced startup – your potential is limitless. The chance to contribute to something meaningful – make a real difference in healthcare. Join our team and help us transform the future of healthcare

An Opportunity to Work with One of India's Leading Credit Card Tech Innovators BOBCARD (A Bank of Baroda Subsidiary) Education: BE/B.Tech, BCA/MCA, BSc/MSc in Computer Science, IT, or related field. Experience: 6 - 10 years Location: Goregaon, Mumbai (5 days' from Office) **Domain: Fintech/BFSI/NBFC (mandate) Applicants should possess the following attributes: 6-10 years of experience in IT/Banking/NBFC sector as MS SQL administrator/ Manager 2-3 years relevant experience in leading MS SQL DBA team Experience on MS SQL 2016 and 2019, implementation of always ON, MS SQL Cluster, log-shipping, backup and restore Core expertise in troubleshooting Database related issue Experience in implementation of best practices and comply with regulatory guidelines Experience in handling internal & external regulatory IT audits and closer of IT audit findings, knowledge on cyber security compliance Experience on migration, upgrade and patching of databases Adhere ITIL process and automate the task using scripting. Experience in Banking & NBFC will be preferred Excellent written, oral communication and presentation skills Key highlights of the role are listed below (purely indicative and not limiting): Manage MS SQL database platform for the organization. Setting up MS SQL database platform to support business operation Make sure Implement best practices for MS SQL database platform and meet regulatory compliances like PCI DSS & RBI Work with internal & external auditor to close audit finding related to MS SQL database platform Plan & execute Migration, upgrade and patching on demand/regular basis to make sure systems are always updated Examining the issues, inefficiencies in the exiting MS SQL database platform and provide solution to overcome Implement and manage proactive Monitoring for MS SQL database platform Update management for purchasing & give understanding of required license MIS reports to Senior management Troubleshoot escalated technical issues

Everything we do is powered by our customers! Featured on Deloittes Technology Fast 500 list and G2s leaderboard, Maropost offers a connected experience that our customers anticipate, transforming marketing, merchandising, and operations with commerce tools designed to scale with fast-growing businesses. With a relentless focus on our customers success, we are motivated by curiosity, creativity, and collaboration to power 5,000+ global brands. Driven by a customer-first mentality, we empower businesses to achieve their goals and grow alongside us. If youre ready to make a significant impact and be part of our transformative journey, Maropost is the place for you. Become a part of Maropost today and help shape the future of commerce! About the Position We are looking for an experienced Product Manager focused on Checkout & Integrations to help shape and scale our e-commerce platform s checkout experience and third-party integrations. In this role, you ll own mission-critical flows at the heart of the purchase journey ensuring fast, reliable, and conversion-optimized checkout experiences as well as the integration frameworks that power connections with payment gateways, ERP systems, tax providers, shipping tools, and more. You will collaborate closely with engineering, design, data, and go-to-market teams, as well as with external partners, to drive customer-centric improvements and scalable architecture. The ideal candidate is both technically adept and commercially minded, passionate about seamless user experiences and systems interoperability. You ll identify and prioritize meaningful problems, drive initiatives from concept to launch, and champion simplicity in complexity. What you ll be responsible for: Lead the strategy and roadmap for Checkout & Integrations, aligning cross-functional teams to deliver business value and customer outcomes Own and evolve the checkout experience to optimize speed, reliability, and conversion across web and mobile Collaborate with key stakeholders to define, build and scale integration capabilities with third-party systems (e.g., payments, shipping, accounting, tax, CRM) Translate complex customer needs and use cases into simple, scalable, and high-performing solutions Ensure compliance with regional and international regulations related to payments and data Build strong feedback loops with customers and partners to inform and validate product decisions Define and track clear success metrics for your domain Identify technical trade-offs and work closely with engineering to find the right balance between scope, speed, and quality Communicate roadmap, progress, and learnings clearly across the organization Collaborate with other product managers to ensure a unified and consistent platform experience What you ll need to bring to Maropost: 5+ years of product management experience with a strong track record in building and scaling SaaS ecommerce or payments-related products Experience owning and optimizing checkout flows in transactional or ecommerce platforms Hands-on experience with third-party integrations and APIs, including common ecommerce tools (e.g., Stripe, PayPal, ShipStation, Avalara, NetSuite) Solid understanding of the regulatory landscape related to checkout, payments, tax, and data privacy (e.g., PCI DSS, GDPR) Strong analytical and decision-making skills grounded in data and customer feedback Excellent communication and stakeholder management skills Familiarity with Agile methodologies and product development best practices A customer-first mindset and an ability to connect technical details to user value Experience working in high-growth, fast-paced environments Bonus: Experience with headless commerce or AI-powered checkout personalization What s in it for you? You will have the autonomy to take ownership of your role and contribute to the growth and success of our brand. If you are driven to make an immediate impact, achieve results, thrive in a high performing team and want to grow in a dynamic and rewarding environment - You belong to Maropost!

Public Key Infrastructure (PKI) Basic understanding of certificate-based authentication principles, including the use of digital certificates, private/public key pairs, and smart card technology. Familiarity with the process of validating user identity using certificates and the role of certificate authorities (CAs). Experience troubleshooting hardware (E.g., card readers) and software issues on Windows and/or Mac laptops. Familiar with Cryptographic concepts (E.g.,- symmetric/Asymmetric encryption, digital signatures). Good experience on technologies like (E.g., - MS ADCS, OpenSSL, Venafi),external vendors (GoDaddy, DigiCert etc..) Extensive knowledge on SSL/TLS ,OCSP ,AIA,CDP concepts. Good to have scripting or automation (PowerShell) experience. Types of signing the certificate (Secure email, document signing, code signing, excel signing). Manage the lifecycle of digital certificates, including issuance, revocation, renewal. Good understanding of HSM(Hardware Security Module). CRL Renewal process /CRL and delta CRL concepts. Configure and maintain NDES(Network Device Enrollment Services) to support certificate enrollment for mobile devices /Intune/mas360,Troubleshooting NDES related issues. Manage root and issuing CA key ceremonies. PKI architecture ,CP(Certificate policies ) ,CPS(certificate Practice Statement) documents. Good knowledge on wild card certificates. Additional skills in PCI DSS(payment card industry data security standard) Good understanding of HSM in PCI DSS Knowledge on Types of Tokenization (Token generation, Token storage, Token retrieval) Review and validate software requests and tickets. Strong problem-solving skills and attention to detail. Excellent interpersonal and communication skills, both written and verbal. Ability to explain technical concepts to non-technical users in a clear and patient manner. Experience with help desk or ticketing systems is a plus. Prior experience in IT support, desktop support, or a similar technical support role preferred Desired/ Secondary skills Documentation and Best Practices: Maintain documentation for configurations, processes, and best practices Troubleshooting: Good to Have remote troubleshooting techniques, Skills, Knowledge of PKI & Change Management process. Customer service-oriented Domain Manufacturing (COREMFG) Max Vendor Rate in Per Day (Currency in relevance to work location) INR 6500 Per Day Delivery Anchor for tracking the sourcing statistics, technical evaluation, interviews, and feedback etc. Swati Joshi swati.joshi06@infosys.com ; Santosh Karne karnesanthosh.kumar@infosys.com Client Interview / F2F Applicable No Work Location Pan India ( all Major Cities ) Pune, Mumbai, Delhi, Noida, Bangalore, Hyderabad, Chennai, and Kolkata. Start date 05 June 2025 WFO/WFH/Hybrid WFO As per Company Policy BG Check (Pre/ Hybrid/ Post onboarding) Post Onboarding Is there any working in shifts from standard Daylight (to avoid confusions post onboarding) YES/ NO YES. 3 Rotating Shifts.

Designation: Information Security Consultant Job Code: JD2208396 Location: Bangalore Number of Vacancies: 1 Total Experience: minimum 1 year Shift: General Reports to: CTO Qualification: BE/B.tech/Bsc/BCA/M.Tech/ME Certification: ISO 27001:2013 Lead Implementer (preferable) Job Description: IT Security Consultant , with overall 3+ years of professional experience with areas of expertise in Governance Risk & Compliance (GRC), Third Party Risk Management (TPRM), Information Systems Audits including ISO 27001, Data privacy, GDPR, ITGC Assessments, Control testing, Information Security, ISO 27001 Implementation, SOX and SOC 2, IT Risk assessments on application and infrastructure. Information Technology and Information Security Governance and Risk Compliance Implementation across various industries including Banking, Retail, Insurance, Energy, and e-commerce. Expertise in Vendor Management, Issue Management, Compliance Management, Policy Management, Business Continuity and Disaster Recovery& Risk management modules/solutions. Detailed knowledge of international regulations and best practices covering ITIL, COBIT, ISO 27000, SOX, COSO, PCI, HIPAA and NIST 800. Have experience in core ISMS, services focused on SOX, ITGC, COBIT, COSO, ISO 270001, specialized in Governance & Compliance and Internal Audits. Good experience in client interaction with global leaders during requirement specifications and project implementation phases. Performed risk assessments based on industry standards, provided recommendations to management on results of analysis and work closely with other team- members to refine and enhance security controls and reduce organizational risk. Managing GRC and Third-Party Risk Management related engagements. Conducting audit to check the security posture of critical vendors. Performing quality checks for third party risk assessment. Facilitating External and Internal audits for ISO 27001. Identify and assessing areas of significant business risk. Plan and evaluate IT-related technical and organizational measures. Managing and reporting compliance breaches and exposures. Conducting Compliance audits by reviewing SOC2 Type II, Hi-Trust, ISO27001, PCI-DSS reports. Supporting various departments by collecting and coordinating internal compliance data with auditors and various departments. Ensuring complete, accurate, and timely audit information is reported to Management and/or Risk Committees. Qualification Bachelor's degree in computer science (B. Tech, BE, BCA, or MCA), ISO 27001 :2013 LA Preferred, Experience in Audits and Assessments preferably covering ISO 27001, SOC 2 Type 2, GDPR, Client Audit and Privacy Regulations (GDPR) Experience in identifying and remediating threat & vulnerabilities. ***the candidate must have a very good communication skill

Project Role :Security Architect Project Role Description :Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills :ServiceNow Governance, Risk, and Compliance (GRC) Good to have skills :Security Architecture Design Minimum 7.5 year(s) of experience is required Educational Qualification :15 years full time education Summary:As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will document the implementation of the cloud security controls and transition to cloud security-managed operations. Your typical day will involve designing and implementing security solutions, collaborating with cross-functional teams, and ensuring compliance with governance and risk management standards. Roles & Responsibilities: Expected to be an SME, collaborate and manage the team to perform. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Provide solutions to problems for their immediate team and across multiple teams. Design and implement security solutions to protect the organization's cloud infrastructure. Collaborate with cross-functional teams to ensure the security architecture meets business requirements. Ensure compliance with governance and risk management standards. Conduct risk assessments and develop mitigation strategies. Stay up-to-date with the latest security trends and technologies. Provide guidance and support to junior security professionals. Professional & Technical Skills: Must To Have Skills:Proficiency in ServiceNow Governance, Risk, and Compliance (GRC). Good To Have Skills:Experience with Security Architecture Design. Strong understanding of cloud security principles and best practices. Experience in designing and implementing security controls for cloud environments. Knowledge of industry standards and regulations related to cloud security. Familiarity with security frameworks such as ISO 27001 and NIST. Ability to conduct security assessments and audits. Excellent problem-solving and analytical skills. Additional Information: The candidate should have a minimum of 7.5 years of experience in ServiceNow Governance, Risk, and Compliance (GRC). This position is based at our Bengaluru office. A 15 years full time education is required. Qualifications 15 years full time education

Project Role : Security Advisor Project Role Description : Lead the effort and teams to enable development and implementation of proprietary and innovative security solutions. Assess, manage and ensure compliance to risk reducing behaviors and processes. Must have skills : Palo Alto Networks Prisma Access Secure Access Service Edge (SASE) Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security professional, you will have the opportunity to work on multiple projects that help organizations manage and mitigate risk and maximize enterprise value. In this role, ensuring it meets the business requirements and performance goals. You have to closely work with Project Architect to implement the solution as well as Create and update all supporting documentation for security solutions, Configure and optimize policies to enforce security and compliance standards, follow all security best practices while implementing security solutions. Roles & Responsibility Create and update all supporting documentation for security solutions, Configure and optimize policies to enforce security and compliance standards. Follow all security best practices while implementing security solutions. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Provide solutions to problems for their immediate team and across multiple teams. Develop and implement security policies and procedures. Stay updated on the latest security trends and technologies. Professional & Technical Skills: Experience in Palo Alto/Cisco ASA/ Fortinet firewall / Prisma Access SASE / Zscaler SASE / Netskope / Cloudflare WAF / Email Security Firewall rule migration using tool and Data center migration Hand-on Experience in AWS, Azure, GCP and troubleshooting experience in NGFW such as Palo Alto, Prisma, FortiGate, Checkpoint, Cisco.-Must have Palo Alto Networks Prisma Access SASE Good understanding of Palo Alto Prisma, Panorama, firewalls, App-ID, user-ID, content-ID and Global Protect -In-depth understanding on IPsec VPNs, Global Protect VPNs, Security Profiles, Firewall implementation -Good understanding on cloud providers like AWS, Azure D Basic Knowledge on Operating Systems Windows, Unix, Linux Good design/implementation experience of infra security technologies (Panorama, PA NGFW, Prisma Cloud, Email security, Web Security, End point protection in Cloud (AWS/Azure/GCP/Zscaler) /On-Prem Build & configuration of various NGFW such as Palo Alto, FortiGate, Checkpoint, Cisco, Prisma Cloud. Design and hands on experience to skybox, firemon, Tufin Firewall rule review tool, Firewall on-boarding Checkpoint, Cisco, Palo alto Certification, Cloud certification Experience on Infra Security tools Assessment and security standards like (NIST, CIS, ISO HIPPA & PCI DSS)-Good to have NAC, Cisco ISE Web security technologies as Zscaler, Symantec Good conceptual and working knowledge around Workflow, Approval process. Additional Information:-B.E or MCA or M.Sc with Good Computer Science Background with good academic records-15 years full time education is required. The candidate should have a minimum of 9 years of experience in Palo Alto Networks Firewalls Qualifications 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Zscaler Architecture Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security professional, you will have the opportunity to work on multiple projects that help organizations manage and mitigate risk and maximize enterprise value. In this role, ensuring it meets the business requirements and performance goals. You have to closely work with Project Architect to implement the solution as well as Create and update all supporting documentation for security solutions, Configure and optimize policies to enforce security and compliance standards, follow all security best practices while implementing security solutions. Roles & Responsibility -Create and update all supporting documentation for security solutions, Configure and optimize policies to enforce security and compliance standards.-Follow all security best practices while implementing security solutions.-Responsible for team decisions.-Engage with multiple teams and contribute on key decisions.-Provide solutions to problems for their immediate team and across multiple teams.-Develop and implement security policies and procedures.-Stay updated on the latest security trends and technologies. Professional & Technical Skills:-Design and implementation in Zscaler SASE along with NGFW (PA/Prisma Zscaler, Web Security (, Symantec), in on-prem and Cloud, End point protection, Data center migration-Experience in Zscaler SASE / Prisma Access SASE / Zscaler SASE / Netskope / Palo Alto/Cisco ASA/ Fortinet firewall / Cloudflare WAF / Email Security -Zscaler SASE cloud, Experience in designing infra security technology products (Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), Zscaler Digital experience (ZDX), deployment of Branch connector & Cloud connector, PA NGFW and Remote browser isolation-In-depth understanding on IPsec VPNs, Global Protect VPNs, Security Profiles, Firewall implementation-Good understanding on cloud providers like AWS, Azure D Basic Knowledge on Operating Systems Windows, Unix, Linux-Good design/implementation experience of infra security technologies (Panorama, PA NGFW, Prisma Cloud, Email security, Web Security, End point protection in Cloud (AWS/Azure/GCP) /On-Prem-Build, Design & configuration of various NGFW such as Palo Alto, FortiGate, Checkpoint, Cisco, Prisma Cloud with troubleshooting experience.-Hand-on experience in Azure/AWS-Design and hands on experience to skybox, fireman, Tufin Firewall rule review tool, Firewall on-boarding-Checkpoint, Cisco, Palo alto Certification, Cloud certification-Experience on Infra Security tools Assessment and security standards like (NIST, CIS, ISO HIPPA & PCI DSS)-NAC, Cisco ISE, Web security technologies as Zscaler, Symantec-Good conceptual and working knowledge around Workflow, Approval process. Additional Information:-B.E or MCA or M.Sc with Good Computer Science Background with good academic records-15 years full time education is required. The candidate should have a minimum of 7+ years of experience in Zscaler SASE Technologies. Qualifications 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityIQ Good to have skills : NA Minimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities: Expected to be an SME Collaborate and manage the team to perform Responsible for team decisions Engage with multiple teams and contribute on key decisions Expected to provide solutions to problems that apply across multiple teams Develop and implement security solutions for cloud environments Conduct security assessments and audits to identify vulnerabilities Provide guidance on security best practices for cloud deployments Professional & Technical Skills: Must To Have Skills: Proficiency in SailPoint IdentityIQ Strong understanding of cloud security principles Experience with implementing security controls in cloud environments Knowledge of industry standards and regulations related to cloud security Hands-on experience with security tools and technologies Additional Information: The candidate should have a minimum of 12 years of experience in SailPoint IdentityIQ This position is based at our Bengaluru office A 15 years full time education is required Qualification 15 years full time education

Roles and Responsibilities Greetings from GRM Technologies!!! Providing support in IT and Cyber Risk Advisory services offered by GRM Technologies to its clients in the following domains- Information regulatory compliance (ISO 27001, PCIDSS, RBI, SEBI, SOC1, SOC2, PCI DSS, HITRUST, GDPR) Information risk management Information security and information assurance Information technology controls for financial and other systems Identifying processes and technologies to maintain and enhance the security architecture Disaster recovery and business continuity management Information privacy Have a fair understanding of Business Continuity Planning and DR Drills Should have conducted Information Life Cycle management reviews in the past Conducting Infrastructure Vulnerability Assessment and Penetration Testing Conducting Web and Mobile Application Security Assessment Conducting Secure Code Review Conducting Architecture Review Should have minimum 2-5 yrs. of experience into Cyber Security, including IT Risk, Cyber Risk & Compliance, IT Audit, Vendor Audit, VAPT, Application Security, Fraud Risk & Security. Knowledge of information security standards, principles and practices required Perform risk assessment, controls and documentation with expected standards (information technology/ business process) Conduct Infrastructure Vulnerability Assessment and Penetration Testing Conduct Web Application Security Assessment Conduct Mobile Application Security Assessment Conduct Source Code Review Perform SOX compliance audits, SOC 1 and SOC 2 audits, as well as testing and reporting Perform control testing pertaining to operating systems, data base (Windows, Unix, Oracle, MSSQL, DB2) Should be able to test basic and automated ERP ITGC controls (SAP, Oracle, etc.) Ability to draft BCP/ DR policy and carry out testing of plan and procedures would be preferable Ability to adapt to new scope areas and technologies Bring in vertical expertise in at least two verticals like BFSI, manufacturing, or more Ability to manage client communication and escalation Ability to make all attempts to guide the peers and self to improve client satisfaction scores Participate in proposal preparation Understanding of risk Appreciation for technological innovation Strong organization skills Curiosity and eagerness to learn Initiative to seek out opportunities and add value Tolerance for ambiguity and shifting priorities; appreciation of change. Should have certification on CCNA / CCNP / ITIL Exposure into ISO 27001 is mandate

About the role: The global Identity Access Management team is passionately serving our stakeholders while evolving best practices. As an Identity Access Engineer , you have a pivotal operational role to provide and deprovision system access.You have an equally crucial role to partner collectively with stakeholders to mature, streamline, and automate Identity and Access Management procedures for Blackbaud. What you’ll do Ensure appropriate Control through timely removal of unnecessary or inappropriate system access Expediently provision approved access, often utilizing evolving Role Based Access Controls (RBAC), for Blackbaud systems to prevent excessive permissions and rights. Proactively expand approved RBAC roles through analysis, recommendation and adoption/rollout. Analyze and resolve access issues, coordinating with system owners or technical support resources as necessary. Participate in ongoing audits and assessments, and assist with implementation of audit or compliance recommendations Develop and maintain detailed documentation on standard operating procedures, system configurations, and technical settings for internal team use, end user support Identify , evaluate and recommend opportunities to eliminate, streamline, and automate access management practices.Partner with colleagues including application owners, cloud engineers, cyber security SMEs, etc. to effectively execute improvements based on expected value. Generate reports to perform in-depth analysis and data collection for issues associated with IAM What you’ll bring 2 years of experience in Identity or Access Management Tireless adherence and attention to appropriate IT general computing controls Ability to understand, work with and where appropriate leverage various technologies including PowerShell , ServiceNow, SailPoint's Identity-Now, Active Directory, EntraID , Salesforce, Workday, etc. Practical experience with SCA, ITIL, COBIT, NIST and/or other security and control frameworks Stay up to date on everything Blackbaud, follow us on Linkedin, X, Instagram, Facebook and YouTube Blackbaud is a digital-first company which embraces a flexible remote or hybrid work culture. Blackbaud supports hiring and career development for all roles from the location you are in today! Blackbaud is proud to be an equal opportunity employer and is committed to maintaining an inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.

Job Purpose (overall high-level summary of the role) Build and lead global relationships for Cybersecurity (sitting within the wider IT organization), representing WPB IT and WPB Cyber interests within the context of transformational and service uplift from central and federated functions. As a senior Cybersecurity SME for WPB, promote the principles of secure development and ensure effective coverage for all Cybersecurity services consumed. The Senior Cyber SME is, among many other things, responsible for the following key activities: Coordinate and manage the relationship between the central Cybersecurity leadership teams, WPB IT leadership and WBP CISO; reporting to WPB IT CISO. Provide specialist technical and process knowledge to influence support and manage the direction of cyber tooling, processes and practices into WPB IT and engineering teams. Lead the Information Security agenda within the central cyber control owners, including driving business/functional stakeholder engagement to ensure delivery of security programmes, tooling, and initiatives. Develop and maintain strong relationships with the cyber control owners and Heads of cybersecurity functions to ensure optimum synergy and collaboration between them WPB IT. Monitor and engage with cyber control owners, heads of cyber practices and central programme managers to shape and represent WPB IT in order to ensure that deliveries align with WPB IT interests and strategic direction. Promote the development and rollout of security tools and processes that aligns with WPB IT engineering strategies and ensure that group security scanning and orchestration tools can be adopted and used within WPB IT s CI/CD pipeline and engineering teams. Work with service line and value stream CIOs and their representatives to ensure that cyber assurance actions, vulnerability remediation and KCI compliance receives the right level of attention and support, and to escalate and highlight blockers if required. Guide the service lines/value streams CIOs and their representatives with respect to compliance with relevant security policies, standards, and governance, including challenging the risk profile, appetite, and control effectiveness, coordinating with embedded WPB Cyber SMEs, Risk Champions, and central Cyber teams required to ensure overall WPB IT operation within appetite. With specific focus ensure that control and risk metrics and related responsibilities for cyber assurance activities, vulnerability, and secure development practices & tooling, third party security reviews are monitored, actioned, and understood by WPB CIOs and their delegates. Ensure that WPB IT and Cyber priorities are communicated to cyber control owners and central cyber functions. Facilitate ongoing cybersecurity awareness within the Service Line to strengthen the responsible culture. Lead Annual Assurance activities (Pen Test & TMA) for WPB and provide oversight responsibility for TPSR Organization structure Reports to the WPB IT CISO Principal Accountabilities: key activities and decision-making areas Typical Targets and Measures Impact on the Business/Function Protect the Bank. Lead Security embedding within WPB IT together with the WPB CISO, owning the relationship with cybersecurity control owners and heads of cyber functions. Uses technical expertise and experience to enable WPB IT and Cybersecurity to develop implementable designs, solutions and operational plans to ensure compliant security is enforced. Leads and drives this change through effective communication, preparation, and implementation. Driving sustainable growth. Drive efficiencies in the SDL through secure from start development, SecDevOps and minimal iterative issue-remediation. Ensure that evolving technologies are embraced with appropriate mitigation controls and contingency planning. Achieving excellence. Promote the understanding of risk in the context of security in order to align WPB security practices with business risk appetite and strategic objectives. Generate an environment in which innovation is supported by security in the working practices. Measures benefits over the short, medium, and long term. Demonstrates a comprehensive WPB IT view when developing solutions. Executes ideas and innovation that are original but remain aligned to business objectives and cybersecurity principles and plans. Customers / Stakeholders Customer focus. Lead a customer-centered culture, championing activities encouraging outstanding customer advocacy. Proactively seek opportunities to utilize strong Cybersecurity principles to improve availability and ensure privacy for customers. Strengthening stakeholder relationships. Enhance key relationships, using rapport-building expertise and appropriate influencing to add value beyond the initial scope, increasing stakeholder advocacy. Maintain key relationships to include technology and business heads across WPB and Cybersecurity along with other GB/GF/R counterparts across the globe. Understanding markets and customers Cultivate strong relationships with organizationally important global and/or high value stakeholders with a tailored approach. Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets. Promotes the most appropriate security solution even if there are short term additional costs. Demonstrates sensitivity to the realities and concerns of their stakeholders' situation. Analyses and interprets the evolving security threat landscape. Uses innovation to address the needs of customers and stakeholders (building trust). Leadership & Teamwork Drive the development and communication of a clear vision for secure development and maintenance in WPB IT which is aligned to the overall HSBC and Cybersecurity strategy, values and goals in order to inspire and engage people to create an inclusive, high performing, customer-centered culture. Lead, develop and motivate adoption of and compliance with the cybersecurity principles across the lifecycle in the PODs, XFTs, and service Lines / value streams within WPB IT. Lead and encourage constructive teamwork within value streams by demonstrating collaboration and matrix management in action and taking prompt action to address any activities and behaviors that are not consistent with HSBC's diversity policy and/or the best interests of the business and its customers. Monitors complex dependencies and respond accordingly to ensure on-going delivery to local and WPB IT goals. Translates the required course of action into a clear and realistic vision. Develops international solutions that are beneficial for the Service Line across its geographies and its customers. Identifies and builds relationships with key contacts and influencers Effectively translates coaching requirements to WPB IT s overall performance requirements. Operational Effectiveness & Control: Lead the continuing development, implementation and improvement of the security processes, understanding of risk and controls, and capabilities needed to deliver agreed plans and targets. Collaborate with control owners and WPB leadership to maximize end-to-end integration, effectiveness, and efficiency. Establish and maintain a robust and efficient control environment across the lifecycle to ensure good operational, financial and project management and compliance with HSBC policy and procedures, together with early identification and effective resolution or escalation of issues that arise. Lead the implementation and oversight of the Cyber Risk standards and governance frameworks, process and procedures, including adaptation of documentation, to ensure relevance to WPB operations, effective risk management and regulatory compliance. Creates an environment which anticipates risk, ensuring action is taken to quantify and mitigate them. . Coordinate with central cyber teams, 2LOD and control owners to ensure that WPB specific requirements and ways of working are integral to adopted Cyber Policies, Processes, and tooling. Implement IT best practices in risk policies and governance frameworks in areas across WPB IT. Management of Risk (Operational Risk / FIM requirements) The Senior Cyber SME will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation. The Senior Cyber SME will also continually reassess the Cybersecurity and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology. This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department. Observation of Internal Controls (Compliance Policy / FIM requirements) Maintains HSBC internal control standards vis- -vis cybersecurity operations, including coordination and resolution planning of internal and external audit points together with any issues raised by external regulators. The Senior Cyber SME will also manage and coordinate the implementation of new internal control and risk -related metrics relating to cyber and secure development practices (KCIs, KRIs, and GRAS). This will be achieved by service line / value stream adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified Cybersecurity risks. Escalation to CIOs and CISO when required for prompt addressing to relevant risk forum, such as WPB IT Cyber Working Groups, RCMMs to mention some examples. Local Job Requirements (This could include; Job Dimensions, Job Context & Major Challenges) Budget & people. This is a cross-functional and Senior Cyber SME role which supports and represents WPB IT interests against central cyber and group IT initiatives. This is achieved though and with the support of a large number of CIO delegates (risk champions), embedded cyber-SMEs, pod leads and ITSOs within WPB IT. It will secure applications leveraging right tools and processes enabled by Cybersecurity. The indirect headcount which will be supported by this role would be more than 150-200 staff. Relationships. Key relationships include ownership of the relationship with Cybersecurity control owners and Heads of Cybersecurity Functions and extends to peers across other Global Businesses, Global Functions and Regions up to MD levels in HSBC, including relationships with auditors, regulators and external security forums. This may also include external relationships with TPEMs and potentially vendors, focusing on security support to the WPB IT. Regulatory & Risk Management. Working closely with WPB IT Value Streams and governance counterparts (such as 2LOD, RR and CCO), build strong relationships with internal and external stakeholders (risk, audit, government agencies, industry forums etc) to understand the IT/Information Security risk profile, monitor compliance with policies and standards, and identify and address WPB IT specific requirements. Strategic input. Providing influence and input to ensure alignment between Cybersecurity and Central Cyber Functions and Leadership to represent and ensure WPB IT strategic outcomes and business goals. Uses technical knowledge and experience to solve complex problems, and propose implementable solutions, to deliver ongoing improvements in line with business strategy. Certifications, Qualifications & Experience (For the Job not the Job holder. Minimum requirements of the Job) Good understanding of WPB businesses and general understanding of the bank s businesses and differentiating factors between retail, wholesale, and investment banking A fair understanding of laws and regulations with an emphasis on regulations, rules and standards with global or boarder regional impact (e.g. GDPR, PCI DSS, DORA, HIPAA, etc.) Formal education with a post-graduate degree in IT, Information Security, Risk Management, Business Management or other relevant areas 10+ years of experience in Information Security Management and Cybersecurity High level of personal drive and motivation to ensure delivery of a broad range of outputs simultaneously across WPB IT and HSBC Technology Extensive Programme Management experience and analytical skills. Proven ability to articulate complex issues concisely and in simple language to support problem analysis. Strong knowledge of the external environment regulatory, political, competitors etc. Outstanding relationship management, collaboration and influencing skills. Strong attention to detail and business writing skills and to be able to challenge and shape submissions. Outstanding communication and interpersonal skills with the ability to produce clear and concise reports and communications to senior internal and external stakeholders. Excellent stakeholder management skills with a proven ability to build and maintain strong relationships and communicate on complex issues with a wide spectrum of stakeholders. Proven abilities in working across cultures. Familiarity with Information Security Control and Risk Frameworks (e.g., NIST, ISO 27001, COBIT, etc.) Strong familiarity with and competence in application security tools in general and with specific focus on security tooling used in secure development (e.g., SAST, DAST, MAST, FOSS), threat modelling and risk management. Certifications, Qualifications & Experience (For the Job not the Job holder. Minimum requirements of the Job) Familiarity with security controls around technologies such as cloud, mobile, social, open-banking, etc. Familiarity with OWASP, Cloud, and SANS guidelines on application-security. Experience in supporting Agile and DevOps methodologies. Experience in lifecycle management across the CI/CD pipeline Excellent understanding of banking and security in context of wider industry trends and direction

Career Category Information Systems Job Description Join Amgen s Mission of Serving Patients At Amgen, if you feel like you re part of something bigger, it s because you are. Our shared mission to serve patients living with serious illnesses drives all that we do. Since 1980, we ve helped pioneer the world of biotech in our fight against the world s toughest diseases. With our focus on four therapeutic areas -Oncology, Inflammation, General Medicine, and Rare Disease- we reach millions of patients each year. As a member of the Amgen team, you ll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives. Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, you ll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career. Junior Vulnerability Management Analyst What you will do Let s do this. Let s change the world. In this vital role supports the identification, assessment, and tracking of vulnerabilities across the organization s IT landscape. The Junior Vulnerability Management Analyst assists senior team members in analyzing vulnerability data, correlating risk indicators (e. g. , KEV, EPSS), and supporting remediation efforts. This position offers an opportunity to grow technical expertise while contributing to the organization s security posture through structured vulnerability management processes. Roles Responsibilities: Assist with analyzing vulnerability scan results from tools such as Tenable, Qualys, or Rapid7. Support prioritization efforts using CVSS scores, KEV (Known Exploited Vulnerabilities), EPSS (Exploit Prediction Scoring System), and asset criticality. Collaborate with IT and security teams to track remediation status and escalate high-risk findings. Monitor public threat intelligence sources to understand the context of vulnerabilities. Contribute to the development of dashboards and reports for tracking vulnerabilities and trends. Assist in documenting vulnerability management processes and remediation workflows. Support compliance and audit requests by providing vulnerability data as needed. Learn and follow policies related to patch management and secure configurations. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Bachelor s degree and 0 to 3 years of experience in cybersecurity or IT operations with exposure to vulnerability or security tools OR Diploma and 4 to 7 years of experience in cybersecurity or IT operations with exposure to vulnerability or security tools Must-Have Skills: Basic familiarity with vulnerability management platforms (e. g. , Tenable, Qualys, or Rapid7) Understanding of basic CVSS scoring and vulnerability classification Awareness of cybersecurity concepts such as threat intelligence, patching, and risk assessment Foundational knowledge of networking and common IT systems Willingness to learn and grow in the field of vulnerability management Preferred Qualifications: Good-to-Have Skills: Exposure to KEV, EPSS, or similar threat-based scoring frameworks Basic experience with scripting languages (e. g. , Python, PowerShell) Awareness of cloud security tools (e. g. , AWS Inspector, Azure Defender) Familiarity with compliance standards such as NIST, ISO, or PCI-DSS CompTIA Security+ (preferred) Tenable Certified Nessus Auditor (Preferred) Qualys Vulnerability Management Specialist (Preferred) Soft Skills: Analytical Thinking - Comfortable working with data and identifying patterns Attention to Detail - Careful review and tracking of vulnerabilities Communication Skills - Able to clearly document and explain findings Collaboration Teamwork - Works well with cross-functional teams Curiosity Continuous Learning - Strong interest in cybersecurity and professional growth Problem-Solving Mindset - Seeks practical solutions to real-world security issues What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now and make a lasting impact with the Amgen team. careers. amgen. com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. .

Job Summary: The Security consultant will be responsible for end-to-end Incident Response which includes detecting, analyzing, and responding to security incidents to protect an organizations IT infrastructure and products. The role involves working with product teams, leveraging tools, and following structured incident response policies and process. Key Responsibilities: 1. Incident Detection Analysis - Monitor security alerts from SIEM, IDS/IPS, and endpoint detection tools. - Investigate security events to determine impact, scope, and root cause. - Analyze network traffic, logs, and forensic artifacts to detect malicious activity. - Utilize frameworks like MITRE ATTCK, NIST 800-61, and Cyber Kill Chain for attack analysis. 2. Incident Response Mitigation - Respond to security incidents and perform containment, eradication, and recovery. - Document incident response actions and maintain playbooks for future reference. - Collaborate with IT, Security, and DevOps teams to implement security fixes. - Conduct malware analysis and reverse engineering when required. 3. Threat Intelligence Hunting - Stay updated on emerging threats and vulnerabilities. - Perform proactive threat hunting to detect potential attacks before they escalate. - Work with Threat Intelligence teams to assess indicators of compromise (IoCs). 4. Security Automation SOAR - Automate security incident response tasks using SOAR platforms. - Develop and optimize playbooks for automated threat containment. 5. Compliance Reporting - Ensure compliance with regulatory standards such as ISO 27001, NIST, PCI-DSS, SOC 2. - Prepare detailed incident reports and post-incident reviews (PIRs). - Assist in security audits and tabletop exercises for incident preparedness. Required Qualifications Skills Technical Skills: - SIEM Platforms - Endpoint Security - Forensics Malware Analysis - Threat Intelligence Tools - Programming/Scripting: Python, PowerShell - Cloud Security: AWS, Azure security best practices Soft Skills: - Strong problem-solving and analytical thinking. - Effective communication skills for technical and non-technical audiences. - Ability to work in high-pressure situations and make quick decisions. - Strong collaboration skills to work with cross-functional teams. Preferred Certifications: - Certified Incident Handler (GCIH) GIAC - Certified Cyber Incident Responder (ECIH) EC-Council - Certified Information Systems Security Professional (CISSP) (Nice to have) - Microsoft Certified: Security Operations Analyst Associate (Nice to have) - AI/ML Knowledge (Nice to have)

Lead GRC , risk assessment, and implementation. Strong in ISO 27001, PCI, PSS, SOC 2, IRDAI. Ensure compliance, audits, awareness. Design InfoSec strategies aligned with ISO, NIST, RBI, SEBI to enhance cybersecurity and meet regulations.

New requirement - JD for Cybersecurity risk manager: Key responsibilities As a Cyber Risk compliance Professional in our Group CISO office, you will be occupied in the following domains: a) Risk management b) Compliance. This role is responsible for planning, managing and coordinating various cybersecurity risk management activities focused on identifying, assessing, and mitigating risks for the enterprise from a business perspective. Skill requirement: Degree, or equivalent, in Information Security or Cyber Security or Computer science or similar course Self-motivation to continuously develop in the areas of cybersecurity Ability to prioritize and complete multiple complex projects under tight deadlines Ability to translate security issues into business risks Excellent interpersonal skills and ability to work effectively within a team at all hierarchical levels Willingness to research client inquiries and emerging issues, including regulations, industry practices, and new technologies Experience, knowledge and strong interest in information and cyber security domains are essential for this role Experience Cyber / technology risk assessments management methodologies Hands on with assessment report preparation and presenting to senior technical and business stakeholders Articulative and confident in presentation to senior stakeholders Knowledge of use of and risks related to modern and emerging technologies Cybersecurity audit Advanced knowledge and understanding of ITGC, NIST 800-53, NIST CSF controls and Risk management frameworks Expertise in complex business processes and technological risks Deep understanding of security technologies including firewalls, proxies, SIEM, XDR, CSPM, IGA, PAM, Data protection Experience: 8 12 years.

Job Description: IT & Cyber Security Auditor Location- Andheri or any client Position: IT & Cyber Security Auditor Employment Type: Full-time Job Overview: We are seeking a highly skilled IT & Cyber Security Auditor to join our team. The ideal candidate will be responsible for conducting comprehensive audits of IT systems, applications, infrastructure, and cyber security protocols. This role involves assessing risks, evaluating security controls, and ensuring compliance with industry standards and regulatory requirements. The auditor will provide valuable insights and recommendations to enhance the organization's security posture. Key Responsibilities: Conduct IS, IT & Cyber Security Audits: Plan, execute, and report on audits of IT systems, applications, infrastructure, and cyber security protocols. Manage end-to-end audit engagements, including risk assessments, scope development, fieldwork, and reporting. Assess and test the effectiveness of information security controls and risk management practices. Ensure audits comply with relevant regulations, industry standards, and best practices (such as ISO 27001, NIST, PCI DSS, etc.). Identify gaps in processes, systems, and controls, providing actionable recommendations. Prepare audit reports highlighting key findings, risks, control weaknesses, and recommendations for remediation. Present findings to senior management, including executives, and provide support in remediation efforts. Qualifications: Bachelors/Masters degree in Information Technology, Cyber Security, or a related field. Relevant certifications such as CISA, CISSP, ISO 27001 Lead Auditor, or CEH are preferred. Strong knowledge of IT security frameworks, risk management, and compliance standards. Experience in conducting IT audits, vulnerability assessments, and security risk assessments. Experience with regulatory compliance in financial services (RBI, SEBI, IRDA) is highly preferred. Excellent analytical, problem-solving, and communication skills. Ability to work independently and collaboratively with cross-functional teams. How to Apply: Interested candidates are invited to submit their resume and cover letter to [Pallavi.kulkarni@anbglobal.com]. Please include "IT & Cyber Security" in the subject line. Equal Opportunity Employer: ANB is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. For more information about our company and culture, visit https://anbglobal.com/

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it , our most valuable asset is our people. Here you’ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage an d passion to drive life-changing impact to ZS. Our most valuable asset is our people . At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems—the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. Information Security Project Specialist ZS’s India Capability & Expertise Center (CEC) houses more than 60% of ZS people across three offices in New Delhi, Pune and Bengaluru. Our teams work with colleagues across North America, Europe and East Asia to create and deliver real world solutions to the clients who drive our business. The CEC maintains standards of analytical, operational and technological excellence across our capability groups. Together, our collective knowledge enables each ZS team to deliver superior results to our clients. What You’ll Do Executes the end-to-end management of security projectsincluding resource management, communications, training requirements, change management and budget (if applicable). Estimate the resources and participants needed to achieve project goals. Reviews and recommends changes, reductions or additions to the overall project Acts as the liaison between InfoSec and end-users when applicable Maintains the efficiency of the project management process such as planning, scheduling, and budget and risk assessment. Identifies and mitigates potential risks Work with cross-functional teams and staff of all levels, including assisting in the development, training and assignment of work/projects to team members reporting to others; Works well within a structured environment in which team members can work together as an efficient team. What You’ll Bring Bachelor’s Degree required. 7 - 10 years of relevant work experience, including Information Security, project management (5+ years), and team management. PMP-PMI certification desired, or completion within a year of assuming the position. Agile certification desired, or completion within a year of assuming the position. Security+ or equivalent certification desired, or completion within a year of assuming the position. (CISM- Certified Information Security Manager, CompTIA Security+, Etc ) Project plan development experience, including charter, scope, project management approach, management plans, statement of work, cost estimates, schedule. Excellent communication (written and oral) and interpersonal skills; ability to interface and influence all levels within the organization, including facilitation, consulting, negotiation, and presentation. Excellent project management and coordination skills working with multiple stakeholders across several technology platforms and business areas Strong technical skills and experience. The ideal candidate has lead projects relating to Information Security deliveries or migrations (Vulnerability Management, Identity and access management, Cloud Strategy & Governance, Data Security, Enterprise Risk Management, Asset Management, Security awareness & training) Project plan and budget management. Knowledge of project management best practices, Experience identifying and mediating risk. Perks & Benefits: ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Travel: Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures. Considering applying At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To Complete Your Application: Candidates must possess or be able to obtain work authorization for their intended country of employment.An on-line application, including a full set of transcripts (official or unofficial), is required to be considered. NO AGENCY CALLS, PLEASE. Find Out More At www.zs.com

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it , our most valuable asset is our people. Here you’ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage an d passion to drive life-changing impact to ZS. Our most valuable asset is our people . At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems—the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. We seek an Audit & Compliance Associate to join our Pune, India office. As a member of the ZS Software as a Service (SaaS) Hosting Team, the Information Security and Compliance Associate Associate will perform (and participate in) the planning, execution, and reporting on technology infrastructure and application security and compliance audits in support of various internal compliance requirements and initiatives as well as client directed compliance mandates. What you’ll do Perform audits in accordance with the plan based on various control frameworks and standards; Establish, monitor, document, and update compliance controls and findings; Create remediation plans based on findings and initiate projects, as necessary, in order to meet commitments made within remediation plans; Participate in client directed audit and compliance initiatives, including but not limited to, SAS 70 (SSAE 16) audits, client SOX audit assistance requests and Vendor Data Security and Privacy assessments; Develop and update IT Policies, process maps, templates and supporting change management tools, as often as needed; Assist in the development of training material in support of IT Policy adoption enterprise wide; participate in compliance training workshops, as needed; Monitor compliance with existing IT Policies and supporting tools; Liaison with ZS Client Teams and the ZS SaaS Hosting Team Manager to ensure that all mutually agreed upon business operations SLAs are met; Plan and participate in DR planning and testing; Assist with vendor review and selection in support of on-going internal and client directed compliance initiatives; Assist the Legal team with the review of client contracts as it relates to technology specific compliance requirements; Assist the Legal team with the interpretation of various US and EU laws and technical compliance directives and determine potential impact to the organization. Assist with the completion of client RFPs and RFIs as it relates to compliance; Work with IT, consulting, SD Group and legal teams on compliance standards; Security and compliance projects as assigned. What you’ll bring 2 years of information systems experience with audit planning, risk assessment, and reporting/documentation Hardware, software, and networking information technologies IT security, controls, practices, and procedures Working knowledge of various control frameworks like mentioned below are desirable COBIT – Control Objectives for Information and Related Technology ISO/IEC 27002:2005 – Code of Practice for Information Security Management ITIL – Information Technology Infrastructure Library SOX – Sarbanes-Oxley HIPAA HITECH – Health Insurance Portability and Accountability SAS 70 – Statement of Auditing Standards No. 70 SSAE 16 – Statement on Standards for Attestation PCI DSS – Payment Card Industry Data Security Standard Engagements ISAE 3402 – International Standard for Assurance Engagements NIST – National Institute of Standards and Technology Disaster Recovery planning and testing Perks & Benefits ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Travel Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures. Considering applying At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To Complete Your Application Candidates must possess or be able to obtain work authorization for their intended country of employment.An on-line application, including a full set of transcripts (official or unofficial), is required to be considered. NO AGENCY CALLS, PLEASE. Find Out More At www.zs.com