18 Security Governance Jobs

You are a Cyber Security - TPRM professional with 4 to 6 years of experience in IT applications, infrastructure, risk, and cybersecurity. Your responsibilities include establishing security governance, conducting risk assessments and audits, identifying security risks, developing risk management strategies, and implementing security controls and standards. You will collaborate with the Information Security team and other stakeholders to ensure compliance with security best practices and standards. Additionally, you will develop and maintain security policies, procedures, and standards, report audit findings, and stay updated on the latest trends in information security and risk management. Being a self-starter, you can work independently and take complete ownership of your assigned objectives in a "semi-structured" environment.,

The Security & Compliance Manager will oversee all aspects of the company's security and compliance programs, ensuring they remain pragmatic, effective, and aligned with industry best practices. This role requires a strong focus on maintaining compliance certifications, managing IT infrastructure, and addressing customer security inquiries while facilitating governance processes across the organization. Key Responsibilities: Policy Maintenance: Manage and maintain all company policies, ensuring alignment with best practices and regulatory requirements. Facilitate periodic reviews and secure necessary approvals from management. Compliance Oversight: Monitor SOC 2 Type 2, ISO 27001, and other certifications via Vanta or similar tools, ensuring adherence to controls and requirements. Audit Management: Arrange audits for certifications, collaborate with auditors, and resolve nonconformities proactively to maintain a clean audit record. IT Infrastructure Management: Oversee IT infrastructure, including account creation for onboarding, offboarding employees, managing web filtering, and governing company laptops. Security Governance: Organize and facilitate periodic security governance meetings with management to review and improve security practices. Customer Security Requests: Serve as the primary point of contact for customer-side CISO requests. Respond to security inquiries, provide necessary documents, and collaborate with implementation and sales teams. Regulatory Filings: Work with the Customer Success team to manage periodic regulatory filings and security documentation required by customers. Pragmatic Security: Maintain a mature and sensible security posture that meets customer expectations without overkill, balancing practicality and professionalism. Security Best Practices: Stay updated on the latest security trends and adopt best practices to continuously enhance the organization's security posture. Qualifications: Proven experience in security, compliance, or IT governance roles, with a track record of maintaining certifications like SOC 2 and ISO 27001. Strong understanding of compliance tools such as Vanta or similar platforms. Experience managing IT infrastructure and security governance, including employee onboarding/offboarding processes. Ability to manage audits and effectively collaborate with auditors to ensure compliance. Strong communication skills to address customer security inquiries and provide clear documentation. A pragmatic approach to security that balances feasibility with maturity. Proactive, detail-oriented mindset with the ability to handle multiple responsibilities simultaneously. Familiarity with security best practices and the ability to stay ahead of industry trends.

Yubi, formerly known as CredAvenue, is redefining global debt markets by freeing the flow of finance between borrowers, lenders, and investors. As the world's possibility platform for the discovery, investment, fulfillment, and collection of any debt solution, Yubi offers numerous opportunities for individuals equipped with the right tools to seize them. In March 2022, Yubi achieved the milestone of becoming India's fastest-growing fintech startup to join the unicorn club through a successful Series B fundraising round of $137 million. Since its inception in 2020, Yubi has been on a mission to transform and deepen the global institutional debt market using cutting-edge technology. The two-sided debt marketplace established by Yubi facilitates institutional and HNI investors in finding a wide network of corporate borrowers and debt products. Simultaneously, it assists corporates in discovering investors and accessing debt capital efficiently. The seamless integration between platforms enables investors to lend, invest, and trade bonds all in one place, revolutionizing the traditional debt ecosystem and offering new avenues for digital finance. Yubi's various platforms, including Yubi Credit Marketplace, Yubi Invest, Financial Services Platform, Spocto, and Corpository, cater to a diverse set of financial needs and requirements. The company boasts of onboarding over 17000+ enterprises, 6200+ investors and lenders, and facilitating debt volumes exceeding INR 1,40,000 crore. Backed by prominent investors like Insight Partners, B Capital Group, Dragoneer, Sequoia Capital, LightSpeed, and Lightrock, Yubi stands out as a unique debt platform globally, making significant strides in the industry. At Yubi, people are considered the core of the business, and the company's most valuable assets. With a team of over 1000 like-minded individuals, Yubi is constantly growing and changing the perception of debt by creating a purposeful impact. The company values a fun and highly motivated work environment, inviting individuals to be a part of their epic growth story. Yubi is currently inviting applications for the role of Data Protection & Privacy Manager, with responsibilities including delivering cybersecurity engagements, analyzing Privacy legislation, conducting Privacy Impact Assessments, ensuring security governance, risk, and compliance, auditing Privacy controls, and deploying Data leak prevention tools. The ideal candidate for this role should possess a Bachelor's Degree with a minimum of 8-10 years of related experience, security-related qualifications such as ISO 27001 LI/LA, ISO27701, and certifications like Certified Information Privacy Professional or Certified Data Privacy Solutions Engineer. Effective communication skills, the ability to handle audits and assessments, and prior experience in GDPR implementation and information security are highly desirable. Join Yubi to be part of a dynamic team that is reshaping the future of debt markets and creating innovative solutions for global finance.,

Job description This role reports to the Information Security Governance, Risk and Compliance (GRC) Manager and will work across all the product and technology teams to strengthen and enforce Bottomline s information security posture. As the Information Security GRC consultant, you will be responsible for building trust and confidence among our clients on the information security posture. This role also involves working closely with stakeholders to ensure adherence to regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Essential Functions and Responsibilities: Governance - work with key stakeholders to develop, implement and enhance the information security policies, standards and processes in alignment with regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Execute governance routines and reporting to ensure compliance with required policies and standards. Risk Management - build and maintain a control library for enterprise-wide controls and product specific controls. Maintain the risk register (issues and risk acceptances) to ensure effective tracking, prioritization and reporting of risks. Process risk acceptances to ensure they are appropriately rated with sufficient mitigating controls. Compliance - Coordinate assessments to ensure compliance with applicable regulations and industry requirements (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Client Support - Gather, assess and present the information security posture to customer (i.e., completion of request for information, contract language reviews, completion of due diligence questionnaires etc.). Education and Awareness - develop and deliver information security awareness and training Required Experience & Qualifications 6+ years of experience in Cybersecurity and Risk Management Bachelor s degree In depth knowledge on regulations and industry requirements (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Preferred Experience & Qualifications Cyber certifications (e.g., CISSP) or equivalent

Job description This role reports to the Information Security Governance, Risk and Compliance (GRC) Manager and will work across all the product and technology teams to strengthen and enforce Bottomline s information security posture. As the Information Security GRC consultant, you will be responsible for building trust and confidence among our clients on the information security posture. This role also involves working closely with stakeholders to ensure adherence to regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Essential Functions and Responsibilities: Governance - work with key stakeholders to develop, implement and enhance the information security policies, standards and processes in alignment with regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Execute governance routines and reporting to ensure compliance with required policies and standards. Risk Management - build and maintain a control library for enterprise-wide controls and product specific controls. Maintain the risk register (issues and risk acceptances) to ensure effective tracking, prioritization and reporting of risks. Process risk acceptances to ensure they are appropriately rated with sufficient mitigating controls. Compliance - Coordinate assessments to ensure compliance with applicable regulations and industry requirements (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Client Support - Gather, assess and present the information security posture to customer (i.e., completion of request for information, contract language reviews, completion of due diligence questionnaires etc.). Education and Awareness - develop and deliver information security awareness and training Required Experience & Qualifications 6+ years of experience in Cybersecurity and Risk Management Bachelor s degree In depth knowledge on regulations and industry requirements (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Preferred Experience & Qualifications Cyber certifications (e.g., CISSP) or equivalent

Job description This role reports to the Information Security Governance, Risk and Compliance (GRC) Manager and will work across all the product and technology teams to strengthen and enforce Bottomline s information security posture. As the Information Security GRC consultant, you will be responsible for building trust and confidence among our clients on the information security posture. This role also involves working closely with stakeholders to ensure adherence to regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Essential Functions and Responsibilities: Governance - work with key stakeholders to develop, implement and enhance the information security policies, standards and processes in alignment with regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Execute governance routines and reporting to ensure compliance with required policies and standards. Risk Management - build and maintain a control library for enterprise-wide controls and product specific controls. Maintain the risk register (issues and risk acceptances) to ensure effective tracking, prioritization and reporting of risks. Process risk acceptances to ensure they are appropriately rated with sufficient mitigating controls. Compliance - Coordinate assessments to ensure compliance with applicable regulations and industry requirements (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Client Support - Gather, assess and present the information security posture to customer (i.e., completion of request for information, contract language reviews, completion of due diligence questionnaires etc.). Education and Awareness - develop and deliver information security awareness and training Required Experience & Qualifications 6+ years of experience in Cybersecurity and Risk Management Bachelor s degree In depth knowledge on regulations and industry requirements (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Preferred Experience & Qualifications Cyber certifications (e.g., CISSP) or equivalent

As a Deputy Director with over 13 years of experience in the IT industry, including 5 years of specialized expertise in Cloud Security and a thorough understanding of the SAFE Agile framework, you will play a crucial role in ensuring the security of our cloud infrastructure. Your responsibilities will encompass driving excellence in security engineering processes, managing SIEM technologies, and actively participating in the SAFE Agile transformation of our IT operations. This role demands a blend of robust technical skills, effective leadership qualities, and a comprehensive grasp of security principles and best practices. In the domain of Cloud Security Engineering, you will be tasked with designing, implementing, and overseeing cloud security architecture across major platforms such as AWS, Azure, and Google Cloud. Your role will involve leading the establishment of secure cloud environments in compliance with industry regulations like GDPR, HIPAA, and NIST. Additionally, you will be responsible for identifying and mitigating security vulnerabilities, deploying cloud-native security tools, defining security policies and compliance rules, and implementing Role-Based Access Control (RBAC), SSO, and API security measures. Your role also entails ensuring the excellence of security engineering practices within the organization. You will lead incident response and remediation efforts, collaborate with DevOps teams to bolster secure pipelines and code practices, and set Key Performance Indicators (KPIs) for security metrics. Furthermore, you will actively drive the SAFE Agile transformation process for IT security teams, ensuring security alignment with Agile principles and facilitating security integration in all development phases. In terms of collaboration and strategy, you will work closely with IT leadership to define and execute a comprehensive security strategy aligned with business objectives. You will also mentor junior security engineers, promote knowledge-sharing practices, and engage in continuous learning to stay abreast of the latest trends and best practices in cloud security, IT security, and Agile methodologies. To qualify for this role, you should possess a minimum of 13 years of IT experience, with at least 5 years dedicated to Cloud Security engineering. Additionally, experience in SAFE Agile processes and implementations, proficiency in cloud platforms and associated security services, and relevant certifications such as CISSP, AWS Certified Security Specialty, and Certified SAFe Program Consultant (SPC) will be advantageous. Strong leadership, communication, and mentoring skills are essential attributes for this role. Join us in our mission to uphold the security of our cloud infrastructure, drive security excellence, and champion Agile transformation within our IT operations.,

As a pioneering health-tech platform dedicated to making healthcare accessible, affordable, and preventive, Visit Health is seeking an IT Audit and Compliance Executive to enhance security frameworks, regulatory compliance, and risk management initiatives. The ideal candidate will ensure adherence to industry regulations, implement security best practices, and lead audits to maintain compliance with international standards. Responsibilities: Security Governance & Risk Management: - Develop and implement security policies, standards, and guidelines. - Conduct risk assessments and security audits to identify vulnerabilities and mitigate risks. - Collaborate with IT and legal teams to ensure secure infrastructure and data protection. - Monitor emerging security threats and recommend appropriate countermeasures. Regulatory Compliance & Audits: - Ensure compliance with industry regulations such as ISO 27001, HIPAA, GDPR, SOC 2, PCI-DSS, NIST, and others. - Lead internal and external security audits, managing relationships with auditors and regulators. - Develop compliance reports and maintain documentation for audits and assessments. - Educate internal teams on compliance requirements and security best practices. Data Protection & Privacy: - Implement and maintain data protection policies to safeguard sensitive information. - Work with legal and IT teams to ensure compliance with global privacy laws (e.g., GDPR, CCPA). - Conduct Data Protection Impact Assessments (DPIAs) and oversee incident response plans. Incident Management & Response: - Develop and maintain incident response plans and security monitoring mechanisms. - Lead investigations into security incidents, breaches, and compliance violations. - Coordinate with cybersecurity teams to implement security controls and remediation strategies. Training & Awareness: - Conduct security awareness training for employees to promote a security-first culture. - Stay updated on new regulations and industry trends to proactively adapt policies. Join Visit Health in empowering workplaces with accessible, affordable, and impactful healthcare by ensuring the security, compliance, and risk management of our innovative health-tech platform.,

A Banking domain Multi Cloud, Azure, Oracle Cloud Infrastructure (OCI), and AWS. In Phase-1 CWE EC2 & DB servers Database Optimization In Phase-2 Migrate to Kubernetes Cloud Security In Phase-3 Cloud Governance VAPT

The Information Security Officer (ISO) at Wishfin plays a crucial role in safeguarding the organization's information assets and technologies. Reporting to the Technical Lead, you will be at the forefront of establishing and maintaining the enterprise vision and strategy to ensure robust protection against security risks. As an ISO, your key responsibilities will include identifying, assessing, and prioritizing potential security risks to systems, data, and networks. You will develop and implement effective strategies to mitigate these risks while ensuring compliance with regulations such as GDPR and PCI DSS. Leading incident response efforts, you will be responsible for investigating, containing, and resolving security incidents, as well as implementing preventive measures. Developing and enforcing security policies, standards, and procedures to safeguard sensitive information will be a core part of your role. You will also be tasked with delivering security awareness training programs to educate employees on best practices and compliance requirements. Assessing the security posture of third-party vendors and collaborating with IT and engineering teams to design secure architectures for systems will be among your responsibilities. Regular security audits, assessments, and compliance reviews will be conducted by you, in addition to deploying and managing security monitoring tools for real-time threat detection. Establishing and chairing a security governance committee to oversee initiatives and provide strategic direction will also be part of your duties. You will prepare and present reports on information security status to senior management and stakeholders. To qualify for this role, you must possess a Bachelor's degree in Computer Science, Information Technology, or a related field. Professional certifications such as CISSP, CISM, or CISA are advantageous but not mandatory. Two years of experience in information security roles, particularly in risk management, compliance, and incident response within fintech or financial services, is required. Familiarity with security frameworks and regulatory requirements, as well as strong communication skills and an analytical mindset, are essential for success in this position. If you meet the qualifications and are interested in this opportunity, please apply or send your updated resume to hrteam@wishfin.com.,

The Cybersecurity Intern will be responsible for supporting various aspects of cybersecurity operations including governance, risk, compliance, assessments, and Security Operations Center (SOC) activities. The Intern will have the opportunity to work on different projects across multiple locations such as Thane, Pune, Bengaluru, and Mumbai. This internship will provide hands-on experience in the field of cybersecurity and offers a potential full-time position upon successful completion. In the role of CyberSecurity Intern - GRC, you will assist in developing and implementing information security policies, standards, and procedures. Your responsibilities will include educating employees on best practices, collaborating on security awareness programs, and supporting clients in establishing effective security governance frameworks. Additionally, you will help in compliance programs, conduct security audits, and identify vulnerabilities in clients" IT infrastructure. As a CyberSecurity Intern - Assessment, your key responsibilities will involve conducting Vulnerability Assessment and Penetration Testing (VAPT) for various applications, performing source code and configuration reviews, and preparing detailed security findings and recommendations. You will also guide clients in patching vulnerabilities, stay updated on cybersecurity trends, and contribute to continuous learning and adaptation in the field. In the role of CyberSecurity Intern - SOC, you will monitor security events and alerts, assist in analyzing potential threats, and participate in the investigation and documentation of security incidents. You will research emerging cyber threats, work on improving detection use cases, apply threat intelligence to monitoring activities, and support in creating reports and dashboards. Requirements for this internship include pursuing a degree in Computer Science, Information Security, or a related field, basic understanding of cybersecurity principles and tools, familiarity with Linux/Windows systems and networking concepts, eagerness to learn in a SOC/MDR environment, excellent communication and analytical skills. Certifications like CompTIA Security+ and CEH are preferred but not mandatory.,

As a Security Delivery Associate Manager at Accenture, you will be part of the Technology for Operations team, serving as a trusted advisor and partner to Accenture Operations. Your role will involve providing innovative and secure technologies to assist clients in building an intelligent operating model that drives exceptional results. Collaborating closely with the sales, offering, and delivery teams, you will identify and develop innovative solutions to meet client needs. Your responsibilities will include establishing and maintaining a security governance framework, supporting management structures and processes to ensure information security strategies align with business objectives and comply with relevant laws and regulations. By adhering to policies and internal controls, assigning responsibilities, defining metrics, and reporting, you will help manage risk and compliance requirements effectively. We are seeking a candidate with a commitment to quality, experience in research and development, strong negotiation skills, effective problem-solving abilities, and proficiency in risk management. The ideal candidate will possess in-depth knowledge in application security, hands-on experience in SAST, DAST, and penetration testing, as well as familiarity with DevSecOps and Software Composition Analysis. Additionally, expertise in scripting using Python, database knowledge, networking skills, and certifications such as CISSP, CCSP, CISM, CEH, and ECSA would be advantageous. In this role, you will analyze and resolve moderately complex problems, create new solutions by adapting existing methods and procedures, and align your work with the strategic direction set by senior management. Your primary interactions will be with your direct supervisor or team leads, as well as peers and management levels within Accenture and client organizations. You should be able to work independently on new assignments with minimal guidance, making decisions that impact your team and occasionally other teams. If in a leadership role, you may manage medium-sized teams or work efforts at a client or within Accenture. Please be aware that this position may involve working in rotational shifts.,

About Godrej Agrovet: Godrej Agrovet Limited (GAVL) is a diversified, Research & Development focused agri-business company dedicated to improving the productivity of Indian farmers by innovating products and services that sustainably increase crop and livestock yields. GAVL holds leading market positions in various businesses including Animal Feed, Crop Protection, Oil Palm, Dairy, Poultry, and Processed Foods. With a pan India presence, GAVL sells over a million tons annually of high-quality animal feed and cutting-edge nutrition products for cattle, poultry, aqua feed, and specialty feed. The company has also developed large Oil Palm Plantations in collaboration with Indian farmers to bridge the demand and supply gap of edible oil in India. In the crop protection segment, GAVL meets the niche requirements of farmers through innovative agrochemical offerings. GAVL's subsidiary, Astec Life Sciences Limited, is a business-to-business (B2B) focused bulk manufacturer of fungicides & herbicides. In Dairy, Poultry, and Processed Foods, the company operates through its subsidiaries Creamline Dairy Products Limited and Godrej Tyson Foods Limited. Additionally, GAVL has a joint venture with the ACI group of Bangladesh for the animal feed business in Bangladesh. For more information on the Company, please visit www.godrejagrovet.com. Designation: IT & OT Infrastructure, Data, and Applications Security Manager Location: Mumbai Job Purpose: You will be responsible for leading the security strategy and implementation for IT & OT (Operational Technology) environments at Godrej Agrovet. This role requires a highly skilled and experienced individual to ensure that critical infrastructure, network systems, and applications are secure from cyber threats while maintaining operational continuity in both IT and OT domains. Collaboration with cross-functional teams is essential to safeguard digital assets and operations effectively. Roles & Responsibilities: IT & OT Infrastructure Security: - Develop, implement, and maintain security policies, procedures, and controls to protect IT & OT infrastructure components. - Collaborate with IT teams to ensure secure integration between IT and OT systems. - Conduct regular risk assessments, vulnerability scans, and penetration tests to identify and mitigate threats. - Manage the security of industrial networks, SCADA systems, and IIoT devices. - Implement and maintain security for cloud services, on-premises data centers, and critical OT assets. Data Security: - Implement data encryption, tokenization, and masking techniques to protect sensitive data. - Ensure data protection compliance with legal and regulatory requirements. - Oversee data backup, disaster recovery, and business continuity planning related to data security. - Conduct data loss prevention (DLP) assessments and implement preventative controls. - Manage access control policies for databases and ensure data integrity. Network Security: - Develop and maintain robust network security architecture for IT & OT networks. - Monitor and analyze network traffic to detect potential threats and vulnerabilities. - Implement network segmentation to isolate IT and OT environments. - Configure and manage firewalls, intrusion detection/prevention systems, and secure VPNs. - Manage secure communication channels for IT/OT devices. Applications Security: - Lead the implementation of secure application development practices for OT applications. - Conduct regular security assessments and code reviews for applications. - Implement security controls around application access and data integrity for OT applications. Incident Response & Threat Management: - Lead response efforts to security incidents involving OT systems. - Develop incident response plans specific to OT risks. - Conduct post-incident analysis and apply corrective actions. Security Governance and Compliance: - Ensure compliance with industry regulations and standards in OT environments. - Implement security governance, risk management, and compliance strategies. - Perform regular audits and assessments of OT security controls. Security Awareness and Training: - Develop and conduct security awareness training programs for OT staff. - Provide ongoing education on cybersecurity best practices. - Stay updated on emerging security trends and incorporate new knowledge into security practices. Educational Qualification: - Bachelor's degree in Computer Science, Information Security, Cybersecurity, Engineering, or a related field (Masters preferred). Experience: - Minimum of 5 to 6 years of experience in IT & OT security, Data security, and application security. - Extensive experience securing OT environments and industrial control systems. - Hands-on experience with OT vulnerability management and incident response processes. Skills: - Expertise in securing network and infrastructure devices, systems, and industrial control systems. - Deep knowledge of network protocols and security mechanisms. - Proficiency in securing cloud environments and on-premises systems. - Experience with tools for vulnerability scanning, penetration testing, and risk assessments. - Certifications such as CISSP, CISM, CISA, and network security certifications are preferred. An inclusive Godrej: At Godrej, diversity is a fundamental aspect of our company philosophy. We believe that a diverse team reflecting the diversity of our businesses and communities enables us to innovate better and grow faster. Discrimination has no place at Godrej, and we are committed to fostering an inclusive environment for all team members. If you are interested in this role, we encourage you to apply now. We are excited to meet you.,

You will be responsible for working as a Palo-alto L2, focusing on Firewall, Security Governance, Implementation, Migration, Configuration, and Network Protocols including MPLS, BGP, OSPF, and EIGRP. Having certifications like CCNA and CCNP will be an added advantage. The ideal candidate should be able to join immediately. The budget for this position is up to 6.24 LPA. The location of work will be in Noida Sec -135, and the role may involve working in rotational shifts.,

Job Description Role and Responsibilities: Act as a primary liaison between technical teams and business stakeholders, facilitating expert advice on vulnerability remediation strategies and best practices. Ensure strict adherence to security standards and advocate for the seamless integration of security measures into the Software Development Life Cycle (SDLC). Develop and nurture collaborative relationships with business and development teams to align security objectives with business priorities, ensuring mutual benefit and effective prioritization. Assess risks identified in vulnerability assessment results and other security-related data, prioritizing remediations in alignment with business objectives. Partner with application teams to devise strategies for mitigating identified security gaps, assisting in the planning and prioritization of security remediation efforts and control implementations. Provide technical guidance and support to application teams in implementing security controls, advocating for security-by-design principles, and integrating security scanning into the application build process. Collaborate closely with stakeholders to ensure the completeness and accuracy of information security exception requests, aligning them with predetermined criteria and established risk tolerance levels. Regularly communicate with management and stakeholders, presenting detailed reports and updates on vulnerabilities, ongoing remediation efforts, and the status and trends of exception requests Conduct ongoing security research to stay abreast of current security challenges, identifying new opportunities for security integration and automation to enhance overall security posture. Provide training and awareness on vulnerability risk management practices to technical teams and business stakeholders. Requirements: Bachelor's degree in computer science, Information Security, or a related field. Good to have advanced degree or relevant certifications (e.g., CISSP, CISM). Minimum 8 years of demonstrated expertise in application security, coupled with proficiency in development. Strong understanding of application security concepts, vulnerabilities, and attack vectors. Robust Information Security technical skills and knowledge to identify, research, and understand security control gaps and program compliance issues. Exceptional ability to communicate security concepts, threats, controls, and mitigation/remediation strategies to diverse audiences, including those unfamiliar with such topics. Proven track record in information security vulnerability assessment, remediation, and security governance. Familiarity with Security Policies, Procedures, Audit, and Compliance requirements. Expert understanding of code syntax and semantics of at least one object-oriented programming language. Possess an analytical mindset with the ability to prioritize and assess risks related to vulnerabilities and exception requests. Proven ability to work independently, prioritize tasks, and manage multiple projects simultaneously in a fast-paced environment, ensuring timely and efficient completion of objectives. Soft Skills: Excellent communication and interpersonal skills, adept at articulating technical concepts to non-technical stakeholders. Capable of effectively collaborating with cross-functional teams and building consensus is essential. Commitment to continuous learning and staying updated on industry developments and emerging technologies. Good to have: Familiarity with cloud security concepts, cloud services, and cloud security controls. Knowledge of security frameworks, standards, and benchmarks.

Role & responsibilities : GRC Analyst Location: India - Bangalore Office - Hybrid Budget: 30 LPA Duties: Perform vendor risk assessments against all security domains Perform technical implementation assessments from a security perspective related to vendor integrations (i.e. API integrations, SFTP integrations, etc.) to validate the secure implementation of the third party service at PANW Maintain and expand Customer Trust knowledge base Support PANW customer security assessment requests Support PANW customer audits Skills: Excellent understanding and practical application of industry security frameworks including SANS Critical Security Controls, CIS Controls, ISO 27001, NIST SP 800-53, PCI DSS, and SOC2. Great understanding of IT control frameworks (COBIT) and IT general controls Strong knowledge of information security concepts, risk and controls concepts Strong knowledge of standards such as ISO 27001/2, NIST CSF, NIST 800-53, TSC 2017 (SOC2), PCI DSS, etc. Strong knowledge of security control domains such as Asset Management, Configuration Management, SDLC, Logging and Monitoring, Data Security, Network Security, Security Governance, Identity Access Management, Vulnerability Management, etc. Proficiency in a wide spectrum of technical security controls encompassing logical access control, encryption , data loss prevention, secure coding practices, security architecture, vulnerability management, and network security technologies. Expert in conducting Vendor risk assessments and understand risk exposure of technology deficiencies and translating them to business impact Strong domain experience in security risk assessments Working knowledge of risk treatment and exception processes Strong knowledge of Security architecture design and review including key security controls related to authorization, authentication, and encryption of data in transit/at rest Ability to configure and/or maintain 3rd party customer audit management tools (such as OneTrust Compliance Automation or a similar tool ) for automated evidence collection to support customer audits is a plus Ability to configure and/or maintain 3rd party vendor risk management tools (such as OneTrust vendor assessment or a similar tool ) for third party risk assessments is a plus One or more certifications such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer Open to learning and working on new domains and technology Good written and spoken communications skills to explain and articulate technical concepts effectively to stakeholders including system engineers, and auditors Strong attention to detail and diligence Education: Bachelors Degree in Technology or Risk Management CISA/ CISM/CISSP certification, ISO 27001 (Lead Auditor) preferred Preferred candidate profile Bachelors Degree in Technology or Risk Management CISA/ CISM/CISSP certification, ISO 27001 (Lead Auditor) preferred Certifications & Licenses: CISA CISM CISSP Cissp Certification Proficiency in a wide spectrum of technical security controls encompassing logical access control. Please share me updated cv along with same mail for further information please do contact me. Thanks & Regards, Anusha R Ph No: 7989093547 Mail Me: anusha.r @rrootshell.com

Directory Architect with 12+ yrs exp in Active Directory, Entra ID, IAM, SSO, MFA, compliance, AD/LDAP, ADFS, DNS/DHCP. Designs IAM strategy, handles migrations, scripting (PowerShell), 24x7 support, global collaboration, and security governance.

Job Description: Strategic Leadership: Develop and execute the organization's cybersecurity and information management strategy, aligning it with business objectives and industry best practices. Collaborate with executive leadership to integrate security into all aspects of the company's operations and decision-making processes. Risk Management: Identify, assess, and prioritize cybersecurity risks and vulnerabilities, taking proactive measures to mitigate and manage them effectively. Establish a robust incident response plan and lead the response efforts in the event of a security breach. Security Governance: Oversee the development and implementation of information security policies, standards, and procedures. Ensure compliance with relevant regulatory requirements and industry standards (e.g., SEBI, RBI, DPDP, ISO 27001). Representation in various Committee and forums as required. Security Awareness and Training: Promote a strong cybersecurity culture across the organization through training, awareness campaigns, and ongoing education. Foster a sense of shared responsibility for security among employees and contractors. Security Architecture and Technology: Evaluate, recommend, and implement cutting-edge security technologies, tools, and practices. Oversee the design and maintenance of a secure and scalable IT infrastructure. Security Monitoring (SOC 24*7) and Incident Response: Implement continuous monitoring systems to detect and respond to security threats in real-time. Lead investigations into security incidents, documenting findings, and implementing remediation actions. Vendor and Third-Party Risk Management: Assess the security posture of third-party vendors and partners, ensuring they meet the company's security standards. Establish and maintain relationships with external security organizations and industry peers. Application Security and VAPT Budget and Resource Management Role and Responsibilities : Chief Information Security role comprehends the experience in ISMS implementation & audit management to strategize, improve and streamline information security governance within the organization. The role will be responsible for developing, implementing, and monitoring a strategic, comprehensive enterprise information security management program and protect the organization from cyber security and data breaches. Core Competencies : Technical & Functional Expertise Business & Commercial Acumen Market Intelligence Execution Excellence Strategic Orientation Decision Making Preferred Skills: Deep knowledge of cybersecurity technologies, risk management, and compliance requirements. Excellent Spoken & Written Communication. Analytical Ability. Stakeholder management.