11 Security Frameworks Jobs

What you will do In this vital role the Specialist Data Security Engineer covering Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) technologies. This role will report to the Manager, Data Security. This position will provide essential services that enable us to better pursue our mission. Specialist Data Security Engineers operate, manage, and improve Amgens DLP and Cloud Access Security Broker (CASB) solutions. In our Data Security team, they will identify emerging risks related to changes in cloud technologies, advise management, and develop technical remediations to address those risks. Specialists lead the development of processes and procedures for multiple solutions which enable business units to remediate identify cloud data exposures. They run multiple projects simultaneously to implement and improve the cloud data security protection and use advanced analytics to demonstrate success. This engineer will play a key role in educating and evangelizing to technologists and business leaders the security strategies that both protect and enable business processes related to cloud data handling. Roles & Responsibilities: Designs, operates, maintains, and enhances capabilities for the technical systems that ensure protection of data for all Amgen global operations. Identifies new risk areas for data and plans controls to mitigate those risks. Researches new technologies, processes, and approaches based on industry practices and recommends future plans for data protection. Authors procedures and guidelines and advises on policies related to data protection requirements and remediation or investigation of violations. Develops and conducts training on data protection technologies for operations staff. Educates business leadership about data risk. Advises other technology groups on data protection strategies and recommends appropriate points of both technical and process integration. Partners with the Manager of Data Security to liaise to legal and human resources leadership on violation remediations. Collaborates with cloud strategy leaders and business unit leadership to ensure that cloud data protection is incorporated by design into new business projects. Collaborates with Cloud Security Engineers to integrate cloud data protection technology into the operations of traditional Data Loss Prevention operations. Basic Qualifications: Masters degree and 4 to 6 years of experience OR Bachelors degree and 6 to 8 years of experience OR Diploma and 10 to 12 years of experience. Functional Skills: Must-Have Skills Familiarity with one or more security frameworks, especially in regulated environments. Proficiency specifying requirements for technical systems, as well as designing, implementing, and operating those systems. Expertise in global IT operations, including an understanding of regulatory and cultural differences encountered when dealing with international peers and customers. Demonstrated competence maintaining applications on Windows and Linux based operating systems, and basic understanding of one or more programming or scripting languages. Demonstrated proficiency with one or more Cloud Access Security Platforms (Elastica, Netskope, SkyHigh,etc) Track record of project management leadership, preferably using Agile methodology. Deep knowledge of the principles of Data Protection, including availability, integrity, and confidentiality of data. Good-to-Have Skills: Proficiency with communications focused on both the development of written technical processes and the ability to convey complex ideas clearly in front of an audience. Experience with data analytics focused on building executive reports Reputation of successfully navigating large enterprise environments, understanding both ITIL driven processes and business relationship building Ability to self-direct work on multiple priorities with little to no oversight, based on critical initiatives. Professional Certifications (please mention if the certification is preferred or required for the role): Systems Security Certified Practitioner (SSCP) or Security+ SANS Certifications Cloud security certifications Relevant vendor-specific certifications Soft Skills: Established analytical and gap/fit assessment skills. Ability to work effectively with global, virtual teams High degree of initiative and self-motivation. Ability to manage multiple priorities successfully. Team-oriented, with a focus on achieving team goals Effective presentation and public speaking skills.

Your role and responsibilities The Security Compliance Specialist works with the Security Compliance Leader and will have the execution responsibility around (but not limited to) the following areas: Compliance enforcement: Implementing necessary controls and measure to ensure organization's overall security compliance, in alignment with internal security standards, applicable regulations and industry standards (e.g., ISO 27001, NIST, GDPR). Ensure adherence to the compliance requirements for network infrastructure, OpenShift environments, and IBM Z systems based on the actionable policies and procedures using approved IBM technology choices. Policy Creation and Management: Maintain and enforce security policies, standards, and controls applicable to network operations, cloud environments, and mainframe systems. Partner with IBM CISO organization to regularly review and update security policies to address emerging threats, regulatory changes, and organizational needs. Risk Management: Conduct risk assessments to identify potential compliance gaps and vulnerabilities within the organization's IT environment. Collaborate with IT and security teams to develop risk mitigation strategies and implement necessary compliance controls. Audit and Assessment: Prepare for regular compliance audits for network, OpenShift platform, and IBM Z systems. Ensure prompt rectification of any compliance findings and develop action plans for continuous improvement. Training and Awareness : Conduct comprehensive training programs to raise awareness of security compliance requirements and best practices among employees. Foster a culture of security compliance by regularly communicating the importance of adherence to security standards. Monitoring and Reporting Adopt/leverage metrics and reporting frameworks to continuously monitor compliance status and effectiveness of security controls. Prepare regular reports for executive management on compliance initiatives, audit findings, and the overall status of security compliance across the organization. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Qualifications & Skill 8-10 years of professional experience with at least 5+ years of relevant experience in the information technology security & compliance domain. Bachelor's degree in Cybersecurity, Information Technology, or a related field; advanced degree or security certifications (e.g., CISSP, CISM, CISA) are a plus. Extensive experience in security compliance management, particularly in network security, cloud security, and mainframe environments. Strong understanding of regulatory requirements and compliance frameworks relevant to the industry. Should be open and willingness to learn new technologies and be open for continuous upskilling experience. Excellent analytical and problem-solving skills to assess compliance issues and risks. Strong Proficiency in working with Secured communications across varied Hybrid platforms (On-Prem, On-Cloud etc). Strong leadership and communication skills to influence and guide cross-functional teams. Ability to work collaboratively with various stakeholders, including technical teams, executive management, and external auditors. Proficiency in compliance management tools and security frameworks. Proficiency in automation tools such as Ansible and pipeline orchestration tools such as Tekton and GitHub Actions.

What you will do Lets do this. Lets change the world. In this vital role you will work for the Manager of Endpoint Security, in direct support of the global endpoint management group. This position will provide essential services that enable us to better pursue our mission. The Specialist Endpoint Security Engineer will operate, manage, and improve Amgens endpoint security posture solutions. In the Endpoint Security team, you will identify emerging risks related to endpoint protection, advise management, and develop technical remediations to address those risks. Specialists lead the development of processes and procedures for multiple solutions Amgen utilizes to deliver to the promise of a secure digital workplace. They run multiple projects simultaneously to implement and improve the endpoint security protections and use advanced analytics to demonstrate success. This engineer will play a key role in educating technologists and business leaders about the security strategies that both protect and enable business processes related to cloud data handling. Lets do this. Lets change the world. In this vital role you will: Designs, operates, maintains, and enhances capabilities for the technical systems that ensure protection of endpoints for Amgens global workforce. Works daily alongside the digital workforce experience team to specify, implement, and validate security controls for Amgens workstation and mobile platforms. Identifies new risk areas for data and plans controls to mitigate those risks. Researches new technologies, processes, and approaches based on industry practices and recommends future plans for secure configurations. Authors procedures and guidelines and advises on policies related to workstation and mobile protection requirements and remediation or investigation of violations. Develops and conducts training on protection technologies for operations staff. Educates business leadership about data risk. Consults other technology groups on endpoint protection strategies and recommends appropriate points of both technical and process integration. Partners with the Manager of Endpoint Security to collaborate closely with legal and human resources leadership on violation remediations. Collaborates with architecture strategy leaders and business unit leadership to ensure that security by design configurations are incorporated into new business projects. Collaborates with Endpoint Security Engineers to integrate protection technology into the operations of traditional Endpoint Detection and Response operations. Basic Qualifications: Doctorate degree OR Masters degree and 4 to 6 years of Information Security or Information Technology experience OR Bachelors degree and 6 to 8 years of Information Security or Information Technology experience OR Diploma and 10 to 12 years of Information Security or Information Technology experience Preferred Qualifications: Familiarity with one or more security frameworks, especially in regulated environments. Holds or is actively seeking one or more security related certifications, preferably with a focus on cloud technologies or data protection. Proficiency specifying requirements for technical systems, as well as designing, implementing, and operating those systems. Expertise in global IT operations, including an understanding of regulatory and cultural differences encountered when dealing with international peers and customers. Skill with elements of MDM systems such as Intune, Workspace One, and JAMF on Windows, MacOS and iOS based operating systems. Basic capabilities with programming or scripting languages. Understanding of endpoint technologies from a security perspective including the security risks associated with misconfiguration. Experience implementing secure baselines such as DISA STIGs and CIS Benchmarks. Experience with project management workstream leadership, preferably using Agile methodology. Deep knowledge of the principles of endpoint protection, including availability, integrity, and confidentiality of user devices. Good-to-Have Skills Proficiency with communications focused on written technical processes and the ability to convey complex ideas clearly in front of an audience. Experience with data analytics in building executive reports. Reputation of successfully navigating large enterprise environments, understanding both ITIL driven processes and business relationship building Ability to self-direct work on multiple priorities with little to no oversight, based on critical initiatives. Work Hours This position requires you to work from 2:00pm to 10:00pm IST. Professional Certifications: Systems Security Certified Practitioner (SSCP) or Security+ SANS Certifications Soft Skills: Excellent analytical and troubleshooting skills Highly motivated and able to work effectively under minimal supervision Strong written and verbal communication skills in English Successful management of multiple priorities Effective working with global, virtual teams Team-oriented, placing priority on the successful completion of team goals

We are seeking a highly skilled and experienced L3Engineer to join our cybersecurity team. The ideal candidate will have extensive experience in Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), Web Application Firewall (WAF)

Location: Remote- Delhi / NCR,Bangalore/Bengaluru,Hyderabad/Secunderabad,Chennai,Pune,Kolkata,Ahmedabad,Mumbai Job Responsibilities: . Architect and design secure, scalable Salesforce solutions aligned with business and technical requirements. . Define data models, object relationships, and system integrations with external platforms. . Provide technical leadership and architectural guidance to Salesforce developers and admins. . Oversee development using Apex, Lightning Web Components (LWC), Flows, and APIs. . Lead platform integrations using REST/SOAP APIs, MuleSoft, and streaming/event-driven architecture. . Ensure data governance, compliance, and performance optimization across Salesforce implementations. Job Requirements: . Bachelors/Masters degree in Computer Science, Engineering, or a related field. . At least 10+ years of experience in Salesforce development, architecture, and administration. . Strong expertise in Sales Cloud, Service Cloud, Experience Cloud, and the Salesforce Platform. . Proficiency in Apex, LWC, SOQL/SOSL, Flows, and Salesforce integration patterns. . Experience in DevOps, CI/CD pipelines, and agile development methodologies. . Deep understanding of data modeling, security frameworks, and regulatory compliance in Salesforce environments. Nice to Have: . Salesforce Architect Certifications (Technical, System, or Application Architect). . Experience with Marketing Cloud, CPQ, Field Service, or Einstein AI. . Familiarity with cloud services integration (AWS, Azure, or GCP). . Proven experience leading Salesforce digital transformation and enterprise-scale projects.

Job Responsibilities: Candidate must have 4+ years of experience in IAM (Identity & Access Management) engineering or a related field. Experience with industry leading IAM solutions such as SailPoint Okta Ping Identity or ForgeRock. Candidate must Having experience with scripting languages cloud platforms directory services security frameworks. Strong understanding of IAM concepts principles and best practices. Design implement and maintain IAM solutions including identity provisioning access control single sign-on (SSO) and multi-factor authentication (MFA). Provide technical expertise and support for IAM related projects and initiatives. Troubleshoot and resolve IAM related issues in a timely manner. Develop and maintain IAM policies standards and procedures. Conduct regular IAM audits and assessments. Stay up to date on the latest IAM technologies and trends. Contact Person : Ackshaya Contact Number : 9360808872 Email : ackshaya@gojobs.biz

Primary job responsibilities/ description include: (1) To perform and support technical risk assessments on various technologies, systems, and processes of cloud environments in UKG. (2) To perform continuous monitoring activities to confirm the control environment is operating effectively and escalate identified deviations and track those towards resolutions. (3) To support and actively collaborate with stakeholders to ensure control activities are designed and implemented appropriately to protect the security, confidentiality, privacy, integrity, and availability of data in compliance with companys policies and standards. (4) To utilize industry experience and knowledge to provide expertise and support to ensure companys security framework remains in compliance with applicable regulations and internal policies and standards. (5) To provide expertise in support of new cloud environment activities and projects to ensure it complies with information security and privacy standards. (6) To assist with audits of SSAE18 SOC 1, SOC 2, and ISO compliance. Contribute risk and compliance expertise and support to assist in the achievement of cloud audit/compliance programs. (7) To facilitate the exception and exemption processes for companys policies and standards. (8) To support the development, implementation, and updating of relevant documentation (e.g. narratives, how-to documents, procedures, etc.). (9) To identify relevant key performance indicators (KPIs) and perform required reporting to quantify the effectiveness of controls implemented for risk management activities. (10) To perform additional duties and projects as assigned by management. Qualifications (1) Bachelor of Engineering (B.E.) or Bachelor of Technology (B.Tech.) degree in Computer Science or IT audit related discipline or equivalent experience. (2) A minimum of 4-5 years' work experience in information security governance and risk functions (such as IT audit or IT Risk Management). (3) Experience with information security frameworks including, SOC 2 or ISO27001/17/18 or ITGC audits. (4) Experience in risk and issue management (identification, assessment, mitigation/ treatment, tracking, escalations). (5) Experience in Security Monitoring of IT processes or IT Processes Testing (monitoring or testing of IT processes, such as, Problem, Incident, Change, Backup, Endpoint Protection/ Antivirus, Logical Access, Patch, Servers, Operating Systems, Databases and Networks). The candidate should've security/ risk related working experience at least to some of these processes, if not on all of these. (6) Experience in working closely together with business/ stakeholders for risks and issues identification and resolution. (7) Experience in Reporting or Metrics or KPI to measure effectiveness of controls. (8) Familiarity or Experience with Governance, Risk and Compliance (GRC) tools, reporting and tracking. (9) Strong verbal and written communication skills. (10) Knowledge or Experience working in Cloud environment from security/ risk standpoint (preferred). (11) CISSP, CRISC, CISA or similar security certification preferred.

Certifications: CISSP or equivalent (Preferred) Shift Timings: 3 PM to 12 AM IST / 7 PM to 4 AM IST About the Role: We are actively hiring experienced Data Security Posture Management (DSPM) professionals to join our dynamic and fast-growing team. If you have hands-on expertise with DSPM technologies such as Varonis, BigID, or similar platforms , wed love to hear from you! Key Responsibilities: Implement, configure, and optimize DSPM solutions like Varonis, BigID, etc. Assess and improve data security posture , ensuring compliance with industry regulations. Collaborate with security, IT, and compliance teams to identify and mitigate data security risks . Develop and enforce data governance policies to protect sensitive information. Perform security assessments, audits, and continuous monitoring of data access and usage. Work with stakeholders to enhance data visibility, classification, and risk management strategies . Required Skills & Experience: 8 + years of hands-on experience in Data Security Posture Management (DSPM) . Expertise in tools like Varonis, BigID, or similar DSPM technologies . Strong understanding of data governance, access controls, and security frameworks . Experience working with structured and unstructured data environments . Knowledge of regulatory frameworks (GDPR, CCPA, HIPAA, etc.). CISSP or relevant certification is required

Information Security and QA process compliance Experience: 5 to 8 Years` Hiring office: Chennai (Remote) Job Description The Information Security compliance function is responsible for evaluating security and compliance risks within the organization. They set up security benchmarks, verify adherence to international standards and frameworks and promote a culture of information security throughout the company. Candidates who have taken a break from career can also apply. Candidates who demonstrate strong intention and capability to learn this domain and have worked in Quality and Process development roles can apply. Excellent communication skills and documentation skills are very important. Key Responsibilities: Proficiency in Information Security domains, such as policies and procedures, risk management, compliance, and incident response; familiarity with security frameworks (ISO 27001, NIST, CIS, etc.). Creation and periodic revision of company policies and procedures to align with different compliance standards. Conduct regular security assessments and audits to ensure compliance with industry regulations and best practices. Ensure the organization follows best practices in cloud security, application security, and endpoint protection. Identify vulnerabilities and provide actionable recommendations to enhance security measures. Prepare audit reports detailing gaps, risks, and areas for improvement. Participate in compliance training sessions to educate employees on new policies and procedures. Collaborate with cross-functional teams to address security issues and improve overall security posture. Review and validate release documentation (e.g., release notes, rollback plans) for completeness and accuracy against defined acceptance criteria. Monitor and validate change management processes to guarantee compliance with SOC2, HITRUST, and industry-specific regulations. Identify gaps in the release management process and recommend corrective actions. Ensuring deployment approvals are properly documented. Work closely with Development, QA, NOC and Security teams to align release processes with compliance requirements. Communicate release compliance issues and risks to stakeholders. Track and Report on compliance metrics to senior management. Required Qualifications: Minimum 5+ years of experience and Strong knowledge of information security and cybersecurity, including network security and infrastructure assessments. Good knowledge of security frameworks, standards, and best practices (SOC2, ISO 27001, NIST and HITRUST). Proficiency in using security tools and technologies for auditing and vulnerability assessment. Certified ISO 27001 Lead Auditor Ability to work independently and manage multiple tasks effectively.

Understand Regulations, Security frameworks, Security standards, Infosec & IT policies. Maintenance of security controls addressing security gaps and provide assurance. Manage day-to-day security operations like SOC events, Regulatory alerts, IAM, DLP, End-point security, Network security, Cloud security, Log Management etc. Conduct VAPT, Breach simulations and implement remediation. Develop and consistently test Incident Response Capability Conduct periodic activities toward IT Risk Assessment, 3rd Party Risk Assessments etc. Manage DR drills, BCP, SIRT, Crisis Management, Technical investigations. Setup/enhance processes, Define KPIs, track, report and take corrective actions. Planning security operations, monitor and report operational activities on daily basis. Prepare reports for Sr Management on weekly, monthly, ad-hoc basis Preparations for Board of Directors meetings. Manage Information Security budgets Manage cross-functional teams Manage vendors Must have Team Handling experience Certifications like CISM, CISSP, CEH etc Interview Mode - Face to Face (Physical)

Department: IT Reporting to: CTO We are seeking a skilled and experienced IT Security Professional with a primary focus on Application Level Security and a solid understanding of Server Level Security. The ideal candidate will be responsible for ensuring the security of our software applications and underlying servers, safeguarding against threats, vulnerabilities, and unauthorized access. This role requires a deep knowledge of security practices, the ability to assess and mitigate risks, and collaboration with development and operations teams to integrate security into the software development lifecycle (SDLC). Key Responsibilities: 1. Application Level Security: Conduct security assessments and vulnerability analysis of web and mobile applications. Implement secure coding practices and review application code for security flaws. Perform penetration testing on applications to identify and rectify security vulnerabilities. Develop and maintain security controls within applications to prevent unauthorized access, data breaches, and other cyber threats. Collaborate with development teams to ensure security is integrated into the software development lifecycle (SDLC). Implement and manage application firewalls, security gateways, and encryption technologies. Strong understanding of network security, web application security, API Security across public and private networks. Experience in Black Box and Gray Box testing with the capability of finding business logic vulnerabilities Knowledge in performing VAPT as per OWASP Top 10 and SANS Top 25 including Broken Access Controls, SQL Injection, Security Misconfiguration, Cross-Site Scripting, CSRF, and authentication / authorization issues. Proficient in both manual and automated tool-based testing for these vulnerabilities. Tools Awareness Nmap, Nessus, SSL Scan, burp Suite, SQL map, OWASP ZAP, Metasploit, Wireshark, Kali-Linux, Nikto, Nipper, Postman, Dir buster etc 2. Server Level Security: Assess and improve the security posture of servers hosting critical applications. Implement and manage server security measures, including firewalls, intrusion detection systems (IDS), and security patches. Conduct regular security audits and vulnerability assessments on server infrastructure. Monitor server logs and alerts to detect and respond to potential security incidents. Collaborate with system administrators to ensure servers are configured securely and comply with industry standards. Understanding of OSI Layer, TCP/IP, IPv4 & IPv6 and various Network Protocols. Good knowledge of firewalls, intrusion detection and prevention systems (IDS/IPS), and network segmentation. 3. Risk Management and Compliance: Identify and evaluate security risks related to applications and servers, and implement mitigation strategies. Ensure compliance with relevant security standards, regulations, and best practices (e.g., OWASP, ISO 27001, PCI-DSS). Maintain and update security policies, procedures, and documentation related to application and server security. Participate in incident response activities, including investigating security breaches and implementing corrective actions. 4. Security Awareness and Training: Conduct security awareness training for development, operations, and other relevant teams. Stay up-to-date with the latest security trends, vulnerabilities, and technologies. Provide guidance and support to other IT teams on security best practices. 5. Continuous Improvement: Continuously monitor and improve application and server security measures. Evaluate and implement new security tools, technologies, and methodologies to enhance security. Participate in security research and development initiatives to advance the organizations security capabilities. Qualifications: Bachelors degree in Computer Science, Information Security, or a related field. Minimum of 5 years of experience in IT security, with a focus on application security and server security. Strong knowledge of security frameworks and standards (e.g., OWASP, NIST, CIS). Hands-on experience with security tools such as web application firewalls, IDS/IPS, vulnerability scanners, and encryption technologies. Proficiency in secure coding practices and experience with programming languages such as Java, Python, or C#. Experience with cloud security and securing applications in cloud environments (AWS, Azure, Google Cloud) is a plus. Certifications such as CISSP, CEH, OSCP, Certified Ethical Hacker or similar are highly desirable. Excellent problem-solving skills, with the ability to identify and mitigate security risks. Strong communication skills, with the ability to convey complex security concepts to technical and non-technical stakeholders