96 Soc 2 Jobs

JD Exp : 1-3 Looking for candidates to join with 15-30 days *Track and ensure adequate and timely resolution to all audit and risk assessment findings or issues relating to information security and never miss a deadline. * Effectively and appropriately communicate audit engagement reports and recommendations to client management and resolve any client concerns or questions. * Ensure 100% certification success rate on ISMS projects. * Grow into a role with increasing responsibility. * Significant experience leading information security audits with a preference for IS0 27001 and SOC 2 audits or assessments. * Experience in leading or knowledge with implementations. * Experience authoring policies and procedures. * Significant experience working as a consultant working in a consulting firm * Significant knowledge of ISO 27001/2 and its derivatives (e.g., HITRUST, Shared Assessment) as much of our consulting and collaboration is around an ISO 27001 Information Security Management System. * Solid knowledge of the NIST 800-171/FISMA framework and is derivatives (e.g., Fed RAMP, CMS Information Security Program) as many of our clients serve government customers. * Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable. * Experience and knowledge with Governance, Risk Management and Compliance. * Experience with the my riad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP). * Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP). * Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001). * Familiar & have experience working in RBI & SEBI Guidelines. If interested kindly share your resume at [HIDDEN TEXT] Show more Show less

Role: Senior Infosec Engineer Reference Code: HR1175749300792697 Experience: 4-6 years Salary: Confidential (based on experience) Opportunity Type: Office (Mumbai) Placement Type: Full time Permanent Position (*Note: This is a requirement for one of Uplers Clients) Senior Infosec Engineer As a Senior Information Security Engineer, youll be the go-to guardian of our security and compliance framework. Youll own everything from ISO 27001 and SOC 2 audits (Internal and External) to Customerthird-party risk assessments, customer security requests, and internal ISMS management. You’ll work across product, engineering, and legalteams to ensure we’re notjust compliant—but secure by design. If you’re someone who knows how to manage an audit without breaking a sweat and gets a kick out of spotting gaps in security systems,this one’s for you. We are the match if you... Speak fluentISO 27001, SOC 2, and ISMS for 4 - 6 years Have experience owning and running end-to-end compliance audits Experienced in handling ISMS management end to end Responding to customerthird party risk assessments questionnaires and facing customerAudits Can guide control owners like a boss (and notjust with fancy dashboards) Enjoy writing and updating InfoSec policies (yes, we know that’s rare!) Know how to communicate security stuffto non-security folks Have worked in a SaaS environment or wantto secure one now Love working across multiple teams and hate working in silos Have strong knowledge of cloud platforms (GCP preferred, others okay too) Hold one or more certifications (mandatory): ISO 27001 LeadAuditor, CISA, CISSP Here’s what your day would look like... Maintain and manage ISMS as perISO 27001 and SOC 2 standards Coordinate and lead internal and external audits Oversee annual policy renewals, updates, documentation and ISMS activities Face third-party/vendorrisk assessments from our customer Respond to security questionnaires from customers and partners Track and close compliance deliverables with internal stakeholders Identify gaps in technical or procedural controls and work with teams to fix them Train internalteams on compliance expectations and workflows Monitor and improve security metrics across the org Stay up to date with industry trends and frameworks

About the role: Provide support for projects and operational tasks associated with Cvent's information security governance, risk management, and audit and compliance programs In This Role, You Will: Participate in internal security assessments and security reviews; conduct security risk analysis of business processes and technology solutions to evaluate whether they comply with internal security policies and standards as well as regulatory / industry requirements and security best practices Support development of and monitor progress on security risk treatment plans by risk owners; support regular risk and progress reporting to leadership stakeholders Support annual security compliance audits (e.g., PCI DSS, SSAE 18/SOC 1/SOC 2, ISO 27001:2013) Support the third-party/vendor security risk assessment process; monitor and report on progress of third-party/vendor security risk treatment activities by business owners Support the Sales process by participating in customer-initiated security due diligence and/or vendor qualification audits, reviewing security terms in customer contracts, and helping to respond to security questionnaires and documentation requests from customers Support development of technical solutions and processes to automate or streamline repeatable security risk assessment, audit, customer questionnaire response activities and workflows Assist with maintenance of information security program documentation consisting of information security policies, standards, and guidelines, and coordinating management ratification of policies and standards at regular intervals Participate in improving the overall Security culture across Cvent; contribute to employee security awareness campaigns and educational activities to address areas of potential risk and/or gaps in compliance Heres What You Need: 14 years of demonstrable experience in security risk management, auditing and compliance, with a focus on supporting security risk assessments and security audit and compliance activities Good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies Good understanding of industry standards for compliance such as ISO 27001:2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards Basic understanding of risk assessment methodologies and best practices Ability and willingness to produce and maintain documentation and reports, specifically developing policies, standards, risk assessment reports, and other forms of Security Risk Management Program documentation Proficiency with productivity and collaboration tools, such as Microsoft Office, Slack, Box, and Zoom Excellent presentation and written communications skills and a team-focused attitude Possess or actively seeking information security or IT audit certifications, such as CISSP, CISA, CISM CRISC, or their equivalent

As a Security Engineer at Oracle Cloud Infrastructure (OCI), you will be at the forefront of designing and building secure cloud systems that support global business operations. You will drive the planning, implementation, and continual improvement of robust security architectures-leveraging automation, orchestration, and AI to protect network and computing environments. In this role, you will leverage Oracle Cloud services (OCI), and Palo Alto Networks Cortex XSOAR to deliver next-generation security automation. You will work closely with security operations, engineering, and compliance teams to ensure timely detection and mitigation of threats, while also streamlining and optimizing security workflows using cutting-edge tools and methodologies. Key Responsibilities Lead automation and orchestration of security processes, utilizing XSOAR to reduce manual efforts and accelerate incident response. Plan, design, and build security architecture for network, infrastructure, and cloud environments in OCI. Oversee implementation of enterprise security controls and solutions, ensuring adherence to Oracle's security policies and industry standards. Collaborate in the development and enhancement of incident response capabilities, contributing to playbook design, tool selection, and team training. Research, track, and manage information security threats and vulnerabilities, leveraging both technical analysis and threat intelligence. Participate in incident response, root cause analysis, and workflow optimization, coordinating with cross-functional teams and escalating as needed. Develop and maintain scripts, tools, and AI-powered solutions to automate security monitoring, alerting, and response processes. Continuously assess and enhance security controls in alignment with the latest industry trends, risks, and compliance mandates (e.g., ISO 27001, SOC 2, HITRUST, FedRAMP). Recommend and implement security control improvements across Oracle's business lines to ensure a strong, proactive security posture. Required Qualifications 5+ years of progressive experience in information security, with hands-on roles supporting enterprise engineering. Proven expertise designing and implementing large-scale security solutions cloud-centric environments. Strong experience with programming and scripting (Python required) Substantial experience with security automation and orchestration frameworks, particularly Cortex XSOAR. In-depth knowledge of regulatory and compliance requirements (ISO 27001, SOC 2, HITRUST, FedRAMP) and application in cloud (SaaS, PaaS, and IaaS) operations. Familiarity with SDLC, DevSecOps practices, and modern CI/CD pipelines. Preferred Qualifications Master's degree or additional certifications (e.g., CISSP, CISM, CCSP, AWS/Azure Architect). Experience integrating AI/ML solutions into security operations. Demonstrated success developing and deploying automation tools to streamline SecOps. Experience using PAN XSOAR. Lead automation and orchestration of security processes, utilizing XSOAR to reduce manual efforts and accelerate incident response. Plan, design, and build security architecture for network, infrastructure, and cloud environments in OCI. Oversee implementation of enterprise security controls and solutions, ensuring adherence to Oracle's security policies and industry standards. Collaborate in the development and enhancement of incident response capabilities, contributing to playbook design, tool selection, and team training. Research, track, and manage information security threats and vulnerabilities, leveraging both technical analysis and threat intelligence. Participate in incident response, root cause analysis, and workflow optimization, coordinating with cross-functional teams and escalating as needed. Develop and maintain scripts, tools, and AI-powered solutions to automate security monitoring, alerting, and response processes. Continuously assess and enhance security controls in alignment with the latest industry trends, risks, and compliance mandates (e.g., ISO 27001, SOC 2, HITRUST, FedRAMP). Recommend and implement security control improvements across Oracle's business lines to ensure a strong, proactive security posture. Career Level - IC3

Freelancing Opportunity (Project Based), Exp in ISO27001,TPRM , Vendor Risk Management/Assessment, SSAE security audits, Cybersecurity reviews, ITGC,& IT Application Audits, Good understanding of internal controls, risk management, & ISMS frameworks.

Roles and Responsibilities Greetings from GRM Technologies!!! Providing support in IT and Cyber Risk Advisory services offered by GRM Technologies to its clients in the following domains- Information regulatory compliance (ISO 27001, PCIDSS, RBI, SEBI, SOC1, SOC2, PCI DSS, HITRUST, GDPR) Information risk management Information security and information assurance Information technology controls for financial and other systems Identifying processes and technologies to maintain and enhance the security architecture Disaster recovery and business continuity management Information privacy Have a fair understanding of Business Continuity Planning and DR Drills Should have conducted Information Life Cycle management reviews in the past Conducting Infrastructure Vulnerability Assessment and Penetration Testing Conducting Web and Mobile Application Security Assessment Conducting Secure Code Review Conducting Architecture Review Should have minimum 2-5 yrs. of experience into Cyber Security, including IT Risk, Cyber Risk & Compliance, IT Audit, Vendor Audit, VAPT, Application Security, Fraud Risk & Security. Knowledge of information security standards, principles and practices required Perform risk assessment, controls and documentation with expected standards (information technology/ business process) Conduct Infrastructure Vulnerability Assessment and Penetration Testing Conduct Web Application Security Assessment Conduct Mobile Application Security Assessment Conduct Source Code Review Perform SOX compliance audits, SOC 1 and SOC 2 audits, as well as testing and reporting Perform control testing pertaining to operating systems, data base (Windows, Unix, Oracle, MSSQL, DB2) Should be able to test basic and automated ERP ITGC controls (SAP, Oracle, etc.) Ability to draft BCP/ DR policy and carry out testing of plan and procedures would be preferable Ability to adapt to new scope areas and technologies Bring in vertical expertise in at least two verticals like BFSI, manufacturing, or more Ability to manage client communication and escalation Ability to make all attempts to guide the peers and self to improve client satisfaction scores Participate in proposal preparation Understanding of risk Appreciation for technological innovation Strong organization skills Curiosity and eagerness to learn Initiative to seek out opportunities and add value Tolerance for ambiguity and shifting priorities; appreciation of change. Should have certification on CCNA / CCNP / ITIL Exposure into ISO 27001 is mandate

We are seeking analyst level individuals with experience working in the field of cybersecurity and a desire to help organizations improve their operations to join our team and help run the ongoing security operations for RSM clients in a variety of industries and geographic locations. Successful candidates will have working knowledge in some or all these areas IT operations, security monitoring, active directory, IP networking and various cloud technologies. Position and Key Responsibilities At RSM, analysts work with large and small companies in variety of industries. They develop strong working relationships with their peers within the security operations center (SOC) while learning their clients businesses and challenges facing their organizations. Analysts work as part of a broader team under the direction of more senior analysts, threat hunters, shift leads, intelligence analysts and SOC managers in support of multiple clients. Working in a mutually respectful team environment helps our analysts perform at their best and integrate their career with their personal life. You will have the opportunity to: Role Responsibilities: Investigate security incidents using SIEM tools, automation, and other cybersecurity technologies (i.e. ServiceNow, Stellar Cyber, Hyas Insight and DNS Protect, sentinel One, ELK Stack, Virus total, Shodan, NetFlow, Passive DNS, Silobreaker, Tenable.io, Hatching Triage Sandbox) Analyze, escalate, and assist in remediation of critical security incidents. Improve and challenge existing processes and procedures in a very agile and fast-paced information security environment serving multiple clients Process IDS alerts and identifying incidents and events in customer data. Setup and execution and analysis of vulnerability scans Perform advanced analysis and investigation into alerts as they are identified Performing initial basic malware analysis utilizing automated means (static and dynamic sandbox analysis or other available tools) Incident intake, ticket updates and reporting of cyber events and threat intelligence Understanding, identifying, and researching indicators of compromise (IOCs) from a variety of sources such as threat intelligence reports and feeds Writing incident reports, process documentation, and interact with clients as required Transcribe and implement atomic indicators into a monitoring environment. Consume policy documentation and determine applicability in a network. Work with protocols at layers 2 and higher in the OSI model, to include ARP TCP, UDP, ICMP, DNS, Telnet, SSH, HTTP, SSL, SNMP, SMTP, and other common protocols that use well-known ports. Develops the playbooks to respond and recovery from various attacks/incidents. Drives the automation efforts focused on the closing cases, responding to Cyber events and analyzing data required to enable efficient response activities. Processing of Cyber Threat Intel that is used across RSM detection platforms to understand and prepare for potential threats. Threat intel is heavily used across RSM platforms drive issue prioritization. Open to working shifts in a 24x7 operations environment. Qualifications and Experience: Minimum B.A. or B.S. degree or equivalent from an accredited university by the time employment commences or prior relevant military / law enforcement experience. Computer science, information technology, information systems management, or other similar degrees preferably with a focus on information security 3-5 years experience working in a security operations center, networking operations center or threat intelligence capacity. Possess at least one security industry certification such as CYSA+, Security+, CISSP, SANS GIAC (GSOC, GCIA, GMON, CGCDA) Knowledge of security standards and information security and compliance frameworks, controls, and best practices, including SSAE 16, SOC 2 and SOC3, OWASP Top 10, SANS, NIST Must have a naturally curious mindset and approach to solving problems. Basic understanding of cloud technologies and their operations Experience supporting various operating systems such as Windows/Linux Understanding of IP network protocols

Role: Senior Analyst Department: Compliance Experience: 3 to 5 years Location: Ahmedabad or Pune Responsibilities / Duties: Lead and execute HITRUST (e1, i1, r2) assessments and audits, Conduct Control Testing and Evidence Validation Prepare and maintain HITRUST workpapers and related documentation in line with required methodologies Ensure timely completion of Internal Security Audits, submit reports, and follow up for closure of findings across functions and delivery projects Review and verify IT controls for PCI DSS & ISO 27001, including risk assessments, policy updates, incident analysis, and firewall rule reviews Drive readiness for external audits (HITRUST (e1, i1, r2), ISO 27001, PCI DSS) and maintain updated policies and procedures annually Support GRC Activities, prepare executive review PPTs, and respond to client security requirements and RFPs as needed, Conduct Customer Compliance Audits and reviews, Report ISMS Performance Metrics, Conduct Risk Assessments, Risk Reporting and Risk Monitoring Draft Responses for Client Initiated Security Assessments, Risk Assessments and Audits, and support in successful clearance. Work Experience Requirements: Hands-on experience with HITRUST CSF assessments (e1, i1, r2) and/or SOC 2 (Trust Services Criteria) Strong knowledge of ISO 27001:2022 and ISO 27002 controls, ISO 31000 (risk management), and related frameworks Familiarity with regulatory environments such as HIPAA, PCI DSS, GDPR, and other data protection laws Education requirement: BE/BTech/ MBA (IT), Computer Science, BCA, BCS, Cyber Security Specialization

Job description - Information Security Manager Role & responsibilities -Shall be accountable for interpreting the RFI/RFP, or Customer queries, and responding to them. -Review Contracts/MSA/DPA to ensure they include appropriate risk-related clauses, such as security controls, data privacy, liability, and business continuity terms. -Shall be accountable for assessing vendors or suppliers to identify potential risks in areas such as cybersecurity, data protection, regulatory compliance, and operational resilience. -Participate in meetings with customers, partners, and vendors and be accountable for handling security/privacy-related discussions. -Work closely with IT, HRD, L&D, and other teams to close any Customer audit observations, and shall be accountable. -Shall be accountable for tracking the external advisories/threat intelligence to closure. -Shall be accountable for Enterprise Risk Management. Eligibility Criteria -Must have 5 years in a Customer/Vendor role responsible for Responding, clarifyingand reviewing Contracts around below standards/models/industry best practices andtheir mapping to Organizational Practices. -In-depth knowledge of standards and frameworks such as ISO 9000, ISO 27001, PCIDSS, SOC 2, CMMi, NIST, HIPAA, GDPR, and CCPA. -Must have led the implementation of security standards like ISO 27001, PCI-DSS, SOC2, etc. -Knowledge of privacy regulations like GDPR, PDPD, DPDPA, etc. is preferred. -Must have faced or facilitated customer or external audits. -Proven experience in quality assurance, compliance, and risk management. At leastmore than 7 years of experience in managing the audit. -Excellent communication and interpersonal skills. -Strong analytical skills and attention to detail. -Ability to work collaboratively with cross-functional teams. -Must have managed a team of more than 3 members at least for 5 years. -Certification in Quality Assurance or Information Security (e.g., ISO 9001 Lead Auditor,ISO 27001 Lead Implementer, CEH) will be preferred. Role : IT & Information Security - Other Industry Type : Software Product Department : IT & Information Security Employment Type : Full Time, Permanent Role Category : IT & Information Security - Other Education UG: B.Tech/B.E. in Computer Science Engineering, Information Technology, Computer Science, Cyber Security, Computers PG: MCA in Any Specialization, MBA/PGDM in Information Technolog Show more Show less

Job Description: Senior GRC Analyst Location: Mumbai, India Department: Information Security, Risk & Compliance Reports To: CISO ? About Si Creva Capital Services Si Creva Capital Services Pvt. Ltd. is a leading NBFC engaged in digital lending, supported by OnEMI Technology Solutions as its Lending Service Provider. With a strong focus on compliance, operational resilience, and customer trust, we are ISO 27001 and SOC 2 compliant and adhere to RBIs Master Directions on IT Outsourcing, Digital Lending, and other regulatory frameworks. ? Role Overview The Senior GRC Analyst will play a key role in strengthening the Governance, Risk, and Compliance (GRC) function at Si Creva. The individual will oversee compliance with regulatory frameworks (RBI Digital Lending Directions, IT Outsourcing Directions, DPDP Act, ISO 27001, SOC 2), conduct risk assessments, manage audits, and enhance our security and compliance posture. This role requires strong analytical skills, regulatory knowledge, and the ability to coordinate with multiple stakeholders (tech, business, legal, and third-party vendors) to ensure a robust risk management framework. ? Key Responsibilities Governance & Compliance Ensure compliance with RBI Master Directions on IT Outsourcing, Digital Lending, and Cybersecurity for NBFCs. Maintain and update internal policies (Information Security, Data Privacy, BCP-DR, Access Control, Asset Management, etc.) aligned with ISO 27001 & SOC 2. Support implementation and compliance with the Digital Personal Data Protection (DPDP) Act, 2023. Conduct periodic compliance reviews of internal processes and third-party vendors. Risk Management Perform Risk Assessments, Risk Treatment Plans, and Risk Registers across information assets, applications, and third-party relationships. Map risks to Confidentiality, Integrity, and Availability (CIA) and criticality of assets. Monitor and report on Key Risk Indicators (KRIs) and prepare dashboards for management review. Support enterprise-wide IT and Operational Risk Management Frameworks. Audit & Assurance Coordinate and manage internal and external audits (ITGC, VAPT, SOC 2, ISO 27001 surveillance, statutory audits). Prepare and maintain evidence for AWS Artifact, vendor attestations, bridging letters, and regulatory inspections. Draft and track management responses to audit observations. Drive closure of non-compliance findings and report status to senior management. Third-Party Risk Management Conduct vendor due diligence and periodic security assessments of LSPs, DLAs, and technology partners. Ensure outsourcing agreements contain information security and data privacy clauses as mandated by RBI. Track and monitor vendor compliance (penetration test reports, data localization attestations, certifications). Business Continuity & Incident Management Support BCP/DR drills (AWS Mumbai as Primary, Hyderabad as DR site, RPO 0, RTO 60 min). Participate in Incident Response handling, root cause analysis, and regulatory reporting. Maintain playbooks for Crisis Management, Data Breach Notifications, and CERT-In coordination. ? Qualifications & Skills Education & Certifications Bachelors degree in Information Security, Computer Science, or related field. Preferred certifications: ISO 27001 LA, CISA, CISM, CISSP, CCSK, or RBI Cybersecurity Framework knowledge. Experience 36 years of experience in Information Security / GRC / Risk / Compliance within BFSI, NBFC, or Fintech sector. Strong understanding of regulatory frameworks (RBI, DPDP Act, IT Act, SPDI Rules, PCI-DSS optional). Hands-on experience in ISO 27001, SOC 2 audits, vendor risk management, and ITGC reviews. Core Competencies Strong knowledge of AWS security controls (IAM, encryption, CloudWatch, GuardDuty, Macie). Excellent skills in audit management, risk assessments, and policy documentation. Strong interpersonal and communication skills for working with auditors, regulators, and internal teams. Analytical thinker with ability to interpret regulations into actionable controls. ? What We Offer Exposure to a dynamic and fast-growing digital lending ecosystem. Opportunities to work on growing compliance and data protection frameworks. Collaborative work environment with focus on professional growth and certifications. Show more Show less

Technical Skill Requirements: Expertise in IT internal audit, Information Security/cybersecurity, IT SOX, Third Part Risk Assessment Reporting e.g., SOC1, SOC 2. Relevant expertise on CSA STAR requirements, ISO control, NIST Standards, PCI DSS and GDPR requirements. Experience in performing control testing, IT / infosec risk assessments, network security, Infrastructure assessments. Knowledge of technical domains such as cloud security and application security. Certification: CISA, CISSP, CEH, ISO, PCI DSS, NIST

As a Security Engineer at Oracle Cloud Infrastructure (OCI), you will be at the forefront of designing and building secure cloud systems that support global business operations. You will drive the planning, implementation, and continual improvement of robust security architectures-leveraging automation, orchestration, and AI to protect network and computing environments. In this role, you will leverage Oracle Cloud services (OCI), and Palo Alto Networks Cortex XSOAR to deliver next-generation security automation. You will work closely with security operations, engineering, and compliance teams to ensure timely detection and mitigation of threats, while also streamlining and optimizing security workflows using cutting-edge tools and methodologies. Key Responsibilities Lead automation and orchestration of security processes, utilizing XSOAR to reduce manual efforts and accelerate incident response. Plan, design, and build security architecture for network, infrastructure, and cloud environments in OCI. Oversee implementation of enterprise security controls and solutions, ensuring adherence to Oracle's security policies and industry standards. Collaborate in the development and enhancement of incident response capabilities, contributing to playbook design, tool selection, and team training. Research, track, and manage information security threats and vulnerabilities, leveraging both technical analysis and threat intelligence. Participate in incident response, root cause analysis, and workflow optimization, coordinating with cross-functional teams and escalating as needed. Develop and maintain scripts, tools, and AI-powered solutions to automate security monitoring, alerting, and response processes. Continuously assess and enhance security controls in alignment with the latest industry trends, risks, and compliance mandates (e.g., ISO 27001, SOC 2, HITRUST, FedRAMP). Recommend and implement security control improvements across Oracle's business lines to ensure a strong, proactive security posture. Required Qualifications 5+ years of progressive experience in information security, with hands-on roles supporting enterprise engineering. Proven expertise designing and implementing large-scale security solutions cloud-centric environments. Strong experience with programming and scripting (Python required) Substantial experience with security automation and orchestration frameworks, particularly Cortex XSOAR. In-depth knowledge of regulatory and compliance requirements (ISO 27001, SOC 2, HITRUST, FedRAMP) and application in cloud (SaaS, PaaS, and IaaS) operations. Familiarity with SDLC, DevSecOps practices, and modern CI/CD pipelines. Preferred Qualifications Master's degree or additional certifications (e.g., CISSP, CISM, CCSP, AWS/Azure Architect). Experience integrating AI/ML solutions into security operations. Demonstrated success developing and deploying automation tools to streamline SecOps. Experience using PAN XSOAR. Lead automation and orchestration of security processes, utilizing XSOAR to reduce manual efforts and accelerate incident response. Plan, design, and build security architecture for network, infrastructure, and cloud environments in OCI. Oversee implementation of enterprise security controls and solutions, ensuring adherence to Oracle's security policies and industry standards. Collaborate in the development and enhancement of incident response capabilities, contributing to playbook design, tool selection, and team training. Research, track, and manage information security threats and vulnerabilities, leveraging both technical analysis and threat intelligence. Participate in incident response, root cause analysis, and workflow optimization, coordinating with cross-functional teams and escalating as needed. Develop and maintain scripts, tools, and AI-powered solutions to automate security monitoring, alerting, and response processes. Continuously assess and enhance security controls in alignment with the latest industry trends, risks, and compliance mandates (e.g., ISO 27001, SOC 2, HITRUST, FedRAMP). Recommend and implement security control improvements across Oracle's business lines to ensure a strong, proactive security posture. Career Level - IC3

As a Security Engineer at Oracle Cloud Infrastructure (OCI), you will be at the forefront of designing and building secure cloud systems that support global business operations. You will drive the planning, implementation, and continual improvement of robust security architectures-leveraging automation, orchestration, and AI to protect network and computing environments. In this role, you will leverage Oracle Cloud services (OCI), and Palo Alto Networks Cortex XSOAR to deliver next-generation security automation. You will work closely with security operations, engineering, and compliance teams to ensure timely detection and mitigation of threats, while also streamlining and optimizing security workflows using cutting-edge tools and methodologies. Key Responsibilities Lead automation and orchestration of security processes, utilizing XSOAR to reduce manual efforts and accelerate incident response. Plan, design, and build security architecture for network, infrastructure, and cloud environments in OCI. Oversee implementation of enterprise security controls and solutions, ensuring adherence to Oracle's security policies and industry standards. Collaborate in the development and enhancement of incident response capabilities, contributing to playbook design, tool selection, and team training. Research, track, and manage information security threats and vulnerabilities, leveraging both technical analysis and threat intelligence. Participate in incident response, root cause analysis, and workflow optimization, coordinating with cross-functional teams and escalating as needed. Develop and maintain scripts, tools, and AI-powered solutions to automate security monitoring, alerting, and response processes. Continuously assess and enhance security controls in alignment with the latest industry trends, risks, and compliance mandates (e.g., ISO 27001, SOC 2, HITRUST, FedRAMP). Recommend and implement security control improvements across Oracle's business lines to ensure a strong, proactive security posture. Required Qualifications 5+ years of progressive experience in information security, with hands-on roles supporting enterprise engineering. Proven expertise designing and implementing large-scale security solutions cloud-centric environments. Strong experience with programming and scripting (Python required) Substantial experience with security automation and orchestration frameworks, particularly Cortex XSOAR. In-depth knowledge of regulatory and compliance requirements (ISO 27001, SOC 2, HITRUST, FedRAMP) and application in cloud (SaaS, PaaS, and IaaS) operations. Familiarity with SDLC, DevSecOps practices, and modern CI/CD pipelines. Preferred Qualifications Master's degree or additional certifications (e.g., CISSP, CISM, CCSP, AWS/Azure Architect). Experience integrating AI/ML solutions into security operations. Demonstrated success developing and deploying automation tools to streamline SecOps. Experience using PAN XSOAR. Lead automation and orchestration of security processes, utilizing XSOAR to reduce manual efforts and accelerate incident response. Plan, design, and build security architecture for network, infrastructure, and cloud environments in OCI. Oversee implementation of enterprise security controls and solutions, ensuring adherence to Oracle's security policies and industry standards. Collaborate in the development and enhancement of incident response capabilities, contributing to playbook design, tool selection, and team training. Research, track, and manage information security threats and vulnerabilities, leveraging both technical analysis and threat intelligence. Participate in incident response, root cause analysis, and workflow optimization, coordinating with cross-functional teams and escalating as needed. Develop and maintain scripts, tools, and AI-powered solutions to automate security monitoring, alerting, and response processes. Continuously assess and enhance security controls in alignment with the latest industry trends, risks, and compliance mandates (e.g., ISO 27001, SOC 2, HITRUST, FedRAMP). Recommend and implement security control improvements across Oracle's business lines to ensure a strong, proactive security posture. Career Level - IC3

About The Role As an Experienced Staff Consultant, your responsibilities will include standard project execution and client service activities, focused on IT compliance assessments (e.g., SOC 2 and ISO engagements). You will have the opportunity to gain project experience with clients ranging from start-ups to enterprises, across a variety of industries. As an added benefit, A-LIGN does not require Delivery Consultants to report time or sell work!? Reports to: Delivery Manager and/or Senior Manager Pay Classification: Full-Time Responsibilities Execute SOC 1, SOC 2, SOC 3, and other engagements, under the direction of a Senior Consultant and a member of the management team Create agendas Participate in client meetings and foster client relationships through proactive and positive communication Perform audit testing under the direction of a Senior Consultant or the management team Communicate effectively with the client, prior to, during, and post on-site visit Review the managers planning meeting minutes and prepare as appropriate for internal and external meetings Gather evidence and review Prepare lead sheets throughout the project Provide draft leadsheets to management for review within defined timelines Provide detailed project status reports weekly to management Organize client information on A-LIGNs OneDrive Proactively communicate to management regarding any potential issues Travel occasionally to clients offices Experience Minimum Qualifications At least 1-3 years of experience in IT audit, preferably with the Big 4 or a mid-tier audit/consulting firm Knowledge of various IT compliance standards including SOC 2, ISO 27001, PCI Experience using Microsoft Office suite including Word, Outlook, PowerPoint, and Excel Skills Ability to meet deadlines with a high degree of motivation Thrives in a fast-paced environment Ability to effectively multitask Ability to work individually as well as collaboratively Demonstrate capabilities with moderate supervision Ability to determine appropriateness of evidence provided by the client Strong interpersonal skills with a service-oriented mindset who can work well within a team as well as independently Must be detail oriented and organized in completing tasks Must be proactive, anticipate roadblocks, and offer solutions Ability to utilize the Microsoft Office suite including Word, Outlook, PowerPoint, and Excel Must have a sense of urgency around completing tasks and the order and priority of tasks based on business needs Strong composition, grammar, and business language skills Strong communication and interpersonal skills with the ability to effectively communicate with the management team and colleagues. Ability to work independently, set priorities and handle multiple tasks with a high level of efficiency About A-LIGN A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com Come Work for A-LIGN! Apply online today at A-LIGN.com and learn about life at A-LIGN by following us on LinkedIn A-LIGN is an Equal Opportunity Employer! Minorities, women, disabled, and veterans encouraged to apply Show more Show less

Designation: - Senior Cloud Solution Architect Location: - Noida (Sec-132) Key Responsibilities : Cloud Solution Design : Lead the design and architecture of cloud solutions on Microsoft Azure , including infrastructure, platform services, and security solutions. Client Consultation & Requirement Gathering : Work directly with stakeholders and clients to understand their business needs, goals, and challenges, translating them into scalable and efficient cloud architectures. Azure Implementation : Architect and implement end-to-end cloud solutions, leveraging services such as Azure Compute , Azure Storage , Azure Networking , Azure Security , and Azure Kubernetes Service (AKS) . Infrastructure as Code (IaC) : Utilize Azure Resource Manager (ARM) templates, Terraform , and Azure DevOps to automate cloud infrastructure provisioning, configuration, and management. Cloud Migration : Lead cloud migration projects from on-premises environments or other cloud platforms to Azure , ensuring a smooth transition while optimizing for performance, cost, and security. Security & Compliance : Design and implement secure cloud architectures adhering to industry standards and regulatory requirements, including GDPR , HIPAA , and SOC 2 . Performance Optimization : Continuously monitor, optimize, and ensure high availability and scalability of Azure-based solutions, addressing performance bottlenecks and cost optimization opportunities. Collaboration with Cross-Functional Teams : Collaborate with development, operations, and security teams to implement cloud-based solutions that meet business requirements while ensuring efficient deployment and operation. Technical Leadership & Mentorship : Provide technical leadership to junior architects and engineers, mentoring and guiding them in best practices, architecture patterns, and Azure technologies. Stay Current with Azure Innovations : Continuously explore and evaluate new Azure services and technologies, assessing how they can enhance existing solutions and deliver additional value to clients. Documentation & Best Practices : Create detailed architectural designs, implementation plans, and documentation to ensure solutions are repeatable and maintainable. Define and promote cloud adoption best practices within the organization. Cost Management : Develop strategies for cloud cost optimization, ensuring the most efficient use of resources while aligning with business objectives. Required Qualifications: Bachelors degree in Computer Science, Engineering, or a related field. 8+ years of experience in cloud architecture and solution design, with at least 5 years of hands-on experience working with Microsoft Azure . Extensive experience in designing and deploying enterprise-level solutions using Azure services (e.g., Azure Virtual Machines , Azure Kubernetes Service , Azure Functions , Azure SQL Database , Azure Networking , Azure Active Directory ). Expertise in Infrastructure as Code (IaC) , with proficiency in tools like Terraform , ARM templates , or Azure DevOps pipelines. Deep understanding of cloud security best practices , networking in cloud environments, and compliance frameworks. Proven experience in cloud migration strategies, including hybrid cloud models and multi- cloud architectures. Strong understanding of DevOps practices , CI/CD pipelines , and modern software development practices. Experience with monitoring and cost management tools such as Azure Monitor , Azure Cost Management , and Application Insights . Strong analytical, problem-solving, and troubleshooting skills. Excellent communication skills, with the ability to explain complex technical concepts to both technical and non-technical stakeholders. Proven leadership experience, with a track record of mentoring and guiding junior architects and engineers. Show more Show less

About G2 - The Company When you join G2, youre joining the team that helps businesses reach their peak potential by powering decisions and strategies with trusted insights from real software users. G2 is the world&aposs largest and most trusted software marketplace. More than 100 million people annually including employees at all Fortune 500 companies use G2 to make smarter software decisions based on authentic peer reviews. Thousands of software and services companies of all sizes partner with G2 to build their reputation and grow their business including Salesforce, HubSpot, Zoom, and Adobe. To learn more about where you go for software, visit www.g2.com and follow us on LinkedIn. As we continue on our growth journey, we are striving to be the most trusted data source in the age of AI for informing software buying decisions and go-to-market strategies. Does that sound exciting to you Come join us as we try to reach our next PEAK! About G2 - Our People At G2, we have big goals, but we stay grounded in our PEAK ( P erformance + E ntrepreneurship + A uthenticity + K indness) values. Youll be part of a value-driven, growing global community that climbs PEAKs together. We cheer for each others successes, learn from our mistakes, and support and lean on one another during challenging times. With ambition and entrepreneurial spirit we push each other to take on challenging work, which will help us all to grow and learn. You will be part of a global, diverse team of smart, dedicated, and kind individuals - each with unique talents, aspirations, and life experiences. At the heart of our community and culture are our people-led ERGs, which celebrate and highlight the diverse identities of our global team. As an organization, we are intentional about our DEI and philanthropic work (like our G2 Gives program) because it encourages us all to be better people. About The Role The AWS Security Engineer is responsible for designing, implementing, and managing cloud security controls to protect infrastructure, data, and workloads running on AWS. This role ensures secure cloud operations aligned with industry best practices, compliance requirements, and the organizations risk posture. In This Role, You Will Responsibility Area: Cloud Security Architecture & Configuration Design and implement secure architectures for AWS environments, including VPCs, IAM, encryption, and networking controls (30%) Configure and enforce security guardrails using AWS Config, SCPs, and Service Control Policies (15%) Evaluate and implement cloud-native security tools such as AWS Security Hub, GuardDuty, Macie, and Inspector (10%) Design and implement security controls for other cloud environments like GCP, Snowflake, Looker, Sigma, Salesforce, and others. Responsibility Area: Detection, Monitoring, and Incident Response Build and maintain security monitoring, alerting, and logging pipelines using CloudTrail, CloudWatch, and centralized log aggregation tools (15%) Investigate and respond to security alerts, vulnerabilities, and incidents within AWS accounts (10%) Integrate detection and response capabilities into the broader SOC or SIEM platforms (e.g., Splunk, Datadog, Graylog) (5%) Integrate and instrument monitoring and controls for other critical cloud infrastructure including GCP, Snowflake, Looker, Sigma, Salesforce, and others. Responsibility Area: Governance, Compliance & Automation Develop and enforce automated compliance checks aligned to frameworks such as SOC 2, CIS AWS Foundations, and NIST (10%) Partner with DevOps and engineering teams to integrate security into CI/CD pipelines (DevSecOps) and infrastructure as code (Terraform, CloudFormation) (3%) Support audit evidence gathering, risk assessments, and security documentation for cloud environments (2%) Minimum Qualifications We realize applying for jobs can feel daunting at times. Even if you dont check all the boxes in the job description, we encourage you to apply anyway. 58 years of hands-on experience securing AWS environments Deep knowledge of AWS services, including IAM, S3, EC2, VPC, KMS, CloudTrail, Config, Lambda Experience with AWS security services (e.g., Security Hub, GuardDuty, Macie, Inspector, Detective) Familiarity with cloud security principles, including least privilege, encryption, network segmentation, and shared responsibility Scripting or IaC experience with Terraform, Python, or CloudFormation Understanding of security compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53 Ability to learn security best practices for other cloud environments including, Salesforce, GCP, Snowflake, Looker. What Can Help Your Application Stand Out AWS Security Specialty or Solutions Architect certification Experience integrating AWS security with third-party tools (e.g., CrowdStrike, Wiz, Lacework) Experience with container security (ECS, EKS, Docker) Familiarity with CI/CD pipelines and DevSecOps practices Our Commitment to Inclusivity and Diversity At G2, we are committed to creating an inclusive and diverse environment where people of every background can thrive and feel welcome. We consider applicants without regard to race, color, creed, religion, national origin, genetic information, gender identity or expression, sexual orientation, pregnancy, age, or marital, veteran, or physical or mental disability status. Learn more about our commitments here. -- For job applicants in California, the United Kingdom, and the European Union, please review this applicant privacy notice before applying to this job. How We Use AI Technology In Our Hiring Process G2 incorporates AI-powered technology to enhance our candidate evaluation process. These tools may assist with initial application screening, skills assessment analysis, and identifying candidates whose qualifications align with specific role requirements. While AI technology supports our recruitment workflow, all final hiring decisions remain under human oversight and judgment. Your Choice Matters: If you would prefer that your application be reviewed without AI assistance, you can opt out by entering your email address in the email entry field at the bottom of the Automated Processing Legal Notice. Choosing to opt out will not disadvantage your application in any waywe will ensure your materials receive a thorough manual review by our hiring team. For additional details about how we handle your information throughout the application process, please review G2&aposs Applicant Privacy Notice. Show more Show less

About AlphaSense The worlds most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients own research content. The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S&P 500. Founded in 2011, AlphaSense is headquartered in New York City with more than 2,000 employees across the globe and offices in the U.S., U.K., Finland, India, Singapore, Canada, and Ireland. Come join us! The Role Were looking for a Staff/Senior-level, hands-on Network Security Engineer to design, deploy, and secure our global corporate network across offices in North America and EMEA/APAC. Youll be the technical authority for secure networking architecture, driving automation, and ensuring our infrastructure is resilient, scalable, and vendor-agnostic. This role will partner closely with Corporate Technology, SRE, and Security Engineering and requires the ability to travel globally for deployments. What Youll Do Architect and implement secure LAN/WAN/SD-WAN and Wi-Fi for multiple global offices. Manage Cisco Meraki switches/routers/firewalls and APs, while staying vendor-agnostic for future integrations. Deploy and manage network security controls including segmentation, NAC/802.1X, VPN, SWG/SASE, ZTNA, IDS/IPS, and DLP. Implement and manage Wi-Fi EAP (Enterprise Authentication), certificate-based authentication, and enforce zero-trust access controls. Plan and optimize enterprise Wi-Fi, including RF design, surveys, and performance tuning. Build secure cloud and hybrid networking (AWS, Azure, GCP). Automate deployments and configuration management with Python, Ansible, and IaC tools (Terraform, GitOps). Implement observability and alerting; drive improvements in MTTR and service reliability. Support compliance (SOC 2, ISO 27001) with secure configs, change control, and documentation. Travel globally (approx. 2540% during buildouts) for on-site deployments and architecture reviews. Who You Are 810+ years in enterprise networking and network security, with multi-site design and operations experience. Deep expertise in routing, switching, and segmentation; strong firewalling skills. Proven experience with Cisco networking technology, especially Cisco Meraki. Proficient in Python and Ansible for automation. Skilled in NAC/RADIUS integrations with identity providers (Okta, Azure AD). Strong understanding of certificate-based authentication, EAP, and zero-trust architectures. Strong troubleshooting, documentation, and leadership skills. Willing and able to travel internationally for deployments. Nice To Have Cloud networking depth (AWS, Azure, GCP). Experience with SASE/ZTNA platforms(Cloudflare/Zscaler). Professional certifications (CCNP, CCIE, JNCIP, etc.). AlphaSense is an equal-opportunity employer. We are committed to a work environment that supports, inspires, and respects all individuals. All employees share in the responsibility for fulfilling AlphaSenses commitment to equal employment opportunity. AlphaSense does not discriminate against any employee or applicant on the basis of race, color, sex (including pregnancy), national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, military or veteran status, disability, or any other non-merit factor. This policy applies to every aspect of employment at AlphaSense, including recruitment, hiring, training, advancement, and termination. In addition, it is the policy of AlphaSense to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations, and ordinances where a particular employee works. Recruiting Scams and Fraud We At AlphaSense Have Been Made Aware Of Fraudulent Job Postings And Individuals Impersonating AlphaSense Recruiters. These Scams May Involve Fake Job Offers, Requests For Sensitive Personal Information, Or Demands For Payment. Please Note AlphaSense never asks candidates to pay for job applications, equipment, or training. All official communications will come from an @alpha-sense.com email address. If youre unsure about a job posting or recruiter, verify it on our Careers page. If you believe youve been targeted by a scam or have any doubts regarding the authenticity of any job listing purportedly from or on behalf of AlphaSense please?contact us. Your security and trust matter to us. Show more Show less

Job Summary As an Inside Sales Representative (ISR) at CyberSigma, your role will be to drive revenue growth by proactively engaging with leads and prospects in regulated industries such as fintech, healthcare, SaaS, and e-commerce. You&aposll focus on identifying customer needs, promoting our cybersecurity and compliance services, and closing deals through strategic outreach. You will work closely with Regional Sales Managers, Solution Architects, and the Marketing team to convert inbound interest into long-term clients and expand the reach of CyberSigma&aposs compliance and security offerings. Key Responsibilities Conduct high-volume outbound calling, email campaigns, and virtual meetings to generate qualified leads. Drive the sales process for cybersecurity compliance services including PCI DSS, ISO 27001, SOC 2, GDPR, HIPAA, DPDPA, and VAPT audits and consulting. Qualify prospects through discovery calls and needs assessments. Schedule demos and consultations for senior sales or technical consultants. Follow up on marketing-generated leads and events/webinars. Support proposal creation and respond to client RFPs or RFIs. Coordinate with Regional Sales Managers on territory strategy and account penetration plans. Achieve and exceed monthly and quarterly sales targets. Compliance standards : PCI DSS, ISO 27001/27701, SOC 1 & SOC 2, HIPAA, GDPR, DPDPA, NIST, etc. Security Testing : VAPT (Web, Mobile, Infra), Red Team exercises. Managed Services : GRC automation tools, MDR, SIEM/SOC offerings. Qualifications & Skills 25 years of B2B inside sales or lead generation experience (cybersecurity or compliance domain preferred). Strong understanding of cybersecurity frameworks, risk management, and regulatory compliance services is a major plus . Demonstrated ability to manage full sales cycle or handoff after qualification. Excellent written, verbal, and interpersonal communication skills. Strong organizational skills with attention to detail and follow-through. A self-starter with a results-driven approach and the ability to work independently. Bachelors degree preferred (in Business, Marketing, Information Security, or related fields). Show more Show less

Position Title Assistant D&T Manager - Cyber Security, Third Party Risk Function/Group Digital & Technology Location Mumbai Shift Timing Regular Role Reports to D&T Manager - Cyber Security, Enterprise Vulnerability Management Remote/Hybrid/in-Office Hybrid ABOUT GENERAL MILLS We make foodthe world loves: 100 brands. In 100 countries. Across six continents. With iconic brands like Cheerios, Pillsbury, Betty Crocker, Nature Valley, and Hagen-Dazs, we've been serving up food the world loves for 155 years (and counting). Each of our brands has a unique story to tell. How we make our food is as important as the food we make. Our values are baked into our legacy and continue to accelerate us into the future as an innovative force for good. General Mills was founded in 1866 when Cadwallader Washburn boldly bought the largest flour mill west of the Mississippi. That pioneering spirit lives on today through our leadership team who upholds a vision of relentless innovation while being a force for good. For more details check out General Mills India Center (GIC) is our global capability center in Mumbai that works as an extension of our global organization delivering business value, service excellence and growth, while standing for good for our planet and people. With our team of 1800+ professionals, we deliver superior value across the areas of Supply chain (SC) , Digital & Technology (D&T) Innovation, Technology & Quality (ITQ), Consumer and Market Intelligence (CMI), Sales Strategy & Intelligence (SSI) , Global Shared Services (GSS) , Finance Shared Services (FSS) and Human Resources Shared Services (HRSS).For more details check out We advocate for advancing equity and inclusion to create more equitable workplaces and a better tomorrow. JOB OVERVIEW KEY ACCOUNTABILITIES Team Leadership & Development: . Mentorship and Coaching: Guide and mentor team members, fostering their professional growth in Third-party Risk Management. Provide regular feedback and development opportunities. . Performance Management: Support the performance review process and help address performance gaps within the team. . Team Building & Collaboration: Cultivate a positive and collaborative team environment. Facilitate effective communication and knowledge sharing within the team and across other departments. . Stakeholder Management: Build and maintain strong relationships with key stakeholders across the organization . Building awareness amongst stakeholders about Third Party Risk Management Process Development & Improvement: . Perform hands-on Third Party Security Risk Assessments on a regular basis to ensure a clear understanding of the processes and procedures . Continuous Improvement: Regularly review the third-party security risk management processes to Identify and propose areas for improvement. This will ensure its effectiveness and alignment with business objectives. . Stay abreast of industry best practices, emerging threats, and regulatory changes in the third-party risk management space. . Innovation & Improvement: Continuously seek opportunities to improve and innovate the third-party security risk management program. . Develop a strong understanding of the Supply Chain Center of Excellence. Build and maintain strategic partnerships in that space while gaining insights and influencing best practices. MINIMUM QUALIFICATIONS 7+ years of experience working in cyber security, cy ber security technology, risk assessment and management Bachelor's degree in Computer Science/Electronics/Electrical Specific Job Experience or Skills needed: Proven experience in managing Third-Party Security Risks Extensive experience conducting risk assessments and developing remediation plans. Strong understanding of information security principles, best practices, and frameworks (e.g., NIST CSF, ISO 27001, SOC 2) Experience working with vendors and managing vendor relationships. Competencies/Behaviors required for Job: Fosters environment of teamwork, positive relationships, accountability, and results within and across teams Strong learning agility and willing to learn new tools and technologies. Actively coaches group members in developing their skills Strong communication skills with ability to communicate complex issues to a diverse audience Self-starter with ability to drive an item from concept to full implementation independently Ability to conduct thorough analysis and recommend data driven actions The aptitude to innovate-to integrate new and better technologies and methods into our processes Highly organized and able to tackle issues efficiently. PREFERRED QUALIFICATIONS Demonstrated experience leading and managing a team of security professionals. ISO27001 lead auditor and other Cyber security certifications.

JOB DESCRIPTION About the Role We're seeking a hands-on and detail-oriented Security and Compliance Engineer to drive security across our applications, infrastructure, and compliance programs-especially in a healthcare environment. This role combines security engineering, DevSecOps, and risk management with a strong focus on application, cloud, AI, and data security. You will work closely with engineering, DevOps, and compliance teams to embed security into the development lifecycle, support regulatory frameworks, and ensure cloud-native environments and AI technologies are secure by design. Responsibilities Conduct web and mobile application penetration testing, vulnerability scanning, and remediation support across our platforms. Integrate DevSecOps practices into CI/CD pipelines, using tools like Snyk, Terraform, and container security scanners. Implement and monitor Cloud Security Posture Management (CSPM) tools such as Wiz to secure cloud configurations and infrastructure. Partner with DevOps to enforce secure provisioning via Infrastructure as Code (IaC). Lead and support compliance initiatives (HIPAA, SOC 2, HITRUST) using platforms like Drata (Compliance-as-a-Service). Design and enhance email gateway security (e.g., Barracuda) and bot protection (e.g., WatchGuard) to defend against phishing and automated threats. Evaluate and secure chatbots and AI systems, addressing risks like prompt injection, data leakage, and model integrity. Drive data security best practices including encryption, data loss prevention (DLP), and classification strategies. Collaborate with engineering to embed security controls in product design and conduct threat modeling, secure code reviews, and architecture reviews. Participate in incident detection, response, and root cause analysis, while ensuring effective logging and monitoring are in place. Maintain security documentation and support audits and third-party assessments. Required Skills & Qualifications 4-6 years of experience in security engineering, compliance, and DevSecOps. Proficiency in web and mobile application security, including OWASP Top 10, SAST/DAST tools, and manual testing with Burp Suite, etc. Strong exposure to DevSecOps workflows, with hands-on experience using tools like Snyk, Terraform, and container security. Deep understanding of HIPAA, SOC 2, and healthcare compliance requirements. Experience with cloud security, preferably on Microsoft Azure, and familiarity with CSPM tools like Wiz. Working knowledge of Drata or similar compliance automation platforms. Exposure to email security gateways, bot protection, and threat detection tools. Familiarity with AI and chatbot security concepts and current risks in the generative AI space. Strong grasp of data security principles-encryption, access controls, data classification, and DLP. Scripting or automation skills in Python, Bash, or equivalent are a plus. Strong written and verbal communication, documentation, and collaboration skills. Nice to Have Certifications like OSCP, CEH, CCSK, CISSP, HCISPP, or similar. Familiarity with tools like KnowBe4, Intune, or Azure AD for identity and endpoint security. Understanding of Zero Trust Architecture, RBAC, and endpoint detection and response (EDR) strategies. Previous experience in a health tech, SaaS, or AI-focused organization. Why Join Us Make a real impact in securing healthcare and AI systems at scale. Collaborate in a high-ownership environment with modern tools and cloud-native practices. Work in a security-forward company that values both innovation and compliance. Flexible work environment and growth opportunities in a fast-paced tech culture.

Job Title: Security Architect - AI Products & Multi-Cloud Security Location : Offshore( Bangalore/Pune/Hyderabad) Job Summary We are seeking a skilled Security Architect to ensure the security of our AI-powered products across multi-cloud platforms. This role will focus on implementing end-to-end security practices during the entire software development lifecycle, ensuring data privacy, safeguarding AI models, and promoting Responsible AI practices. You will be instrumental in developing and enforcing security guardrails that protect our AI solutions from potential threats and vulnerabilities. Key Responsibilities Application Security : Develop security policies and practices for AI and ML models. Conduct security assessments, code reviews, and threat modeling for AI applications. Implement security measures following OWASP Top 10 guidelines to prevent common vulnerabilities. DevSecOps : Integrate security into CI/CD pipelines to enable automated security testing. Use tools like GitHub Actions, Jenkins , and Terraform to automate infrastructure security checks. Promote secure coding standards and practices across development teams. Data Security : Design and implement data protection mechanisms such as encryption (both at rest and in transit) and data anonymization techniques. Ensure compliance with data privacy regulations such as GDPR and CCPA . Utilize tools like Data Loss Prevention (DLP) and data masking technologies for sensitive data protection. Identity & Access Management (IAM) : Develop and enforce IAM strategies across multi-cloud platforms (AWS, Azure, GCP). Implement Zero Trust Architecture and role-based access controls (RBAC) to safeguard user access. Utilize multi-factor authentication (MFA) and identity federation protocols. AI Security & AI Guardrails : Define AI guardrails to mitigate risks like model drift, bias, adversarial attacks, and unauthorized model access. Implement AI model monitoring tools like LIME , SHAP , and IBM AIF360 for model interpretability and fairness. Promote Responsible AI practices, ensuring ethical AI deployment and compliance with industry standards. Cloud Security : Architect and implement secure cloud environments using AWS, Azure, and GCP services. Leverage cloud-native security tools such as AWS Shield , Azure Security Center , and Google Security Command Center . Conduct regular cloud security audits and vulnerability assessments. Compliance & Governance : Ensure alignment with security and compliance frameworks like NIST , ISO 27001 , and SOC 2 . Lead security audits and penetration testing to identify and mitigate vulnerabilities. Establish security policies and guidelines to ensure organizational compliance. Technical Skills Required 3+ years of experience in Data Privacy,cybersecurity, focusing on AI and cloud security. Hands-on experience with one major cloud (AWS, Azure, or GCP) or preferably multi-cloud security (AWS, Azure, GCP)and AI model governance. Strong knowledge of DevSecOps practices and automated security testing. Proficiency with AI/ML security frameworks and tools for monitoring and securing AI models. Experience with security tools like Burp Suite, OWASP ZAP , and SonarQube . Familiarity with AI ethics, model explainability tools (e.g., LIME , SHAP ), and AI risk management. Strong understanding of Privacy by Design Principle, data privacy regulations (GDPR, CCPA) and data security best practices. Knowledge of identity management solutions and best practices in IAM. Strong knowledge of Data lifecycle management in AI context. Preferred Qualifications Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP) AWS Certified Security - Specialty Azure Security Engineer Associate Certified AI Ethics & Governance Professional Soft Skills Excellent communication skills to collaborate with cross-functional teams, including Data Science, DevOps, and Product Management. Strong analytical and problem-solving abilities. Proven ability to stay updated with the latest security trends, AI regulations, and cloud technologies. Ability to articulate security concepts and practices to both technical and non-technical stakeholders. Nice-to-Have Experience with Machine Learning Operations ( MLOps ) security. Hands-on knowledge of Container Security (Docker, Kubernetes). Familiarity with AI ethics frameworks and AI safety research . Exposure to Responsible AI tools and methodologies.

NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Information Security Senior Specialist to join our team in banglore, Karn?taka (IN-KA), India (IN). Job Description: The primary function of this role is to conduct activities to support compliance with security, customer, and regulatory requirements. The candidate will also have the opportunity to contribute to other areas within the Security Risk Management and Compliance arena such as Policy Management, Third-Party Risk Management, Security Awareness Training, and various other initiatives. Primary responsibilities include: Respond to customer inquiries for information regarding Enlyte's security controls and completion of security assessments/questionnaires. Conduct access and entitlement reviews for users of internal systems. Perform weekly compliance review for security training assignments and send reminder notifications for out-of-compliance users. Obtain internal documentation and information in support of security compliance audits. Secondary Responsibilities: Maintain the Security team GRC system including building of assessments, reporting, and monitoring dashboards. Create How-to Guides and departmental operating procedure documentation. Update internal policy sites and policy documents as needed. Preferred Qualifications: Experience: Proficiency in Microsoft Word, Excel, & PowerPoint. Proficient grammar, sentence structure, and advanced report writing and technical writing skills. Desired: Knowledge of security/privacy standards and regulatory requirements such as ISO 27001, SOC 1, SOC 2, PCI, HIPAA, HITRUST, etc. Technical Skills & Experience: Experience using Microsoft Azure, O365, and GRC tools is a plus. Licenses or Certifications: CISA, CISSP, CRISC, ISO 27001 Lead Auditor certification is a plus. About NTT DATA NTT DATA is a $30 billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long term success. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure and connectivity. We are one of the leading providers of digital and AI infrastructure in the world. NTT DATA is a part of NTT Group, which invests over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. Visit us at Whenever possible, we hire locally to NTT DATA offices or client sites. This ensures we can provide timely and effective support tailored to each client's needs. While many positions offer remote or hybrid work options, these arrangements are subject to change based on client requirements. For employees near an NTT DATA office or client site, in-office attendance may be required for meetings or events, depending on business needs. At NTT DATA, we are committed to staying flexible and meeting the evolving needs of both our clients and employees. NTT DATA recruiters will never ask for payment or banking information and will only use @nttdata.com and @talent.nttdataservices.com email addresses. If you are requested to provide payment or disclose banking information, please submit a contact us form, . NTT DATA endeavors to make accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at . This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click . If you'd like more information on your EEO rights under the law, please click . For Pay Transparency information, please click.

ISO 27001 Certification mandatory. Hands on experience in ISO 27001, SOC 2, GDPR, PCI-DSS, ISMS.

About Our Company: SpinSci Technologies is a leading innovator in the healthcare technology sector, dedicated to developing cutting-edge products that enhance patient care, streamline operations, and improve health outcomes. We are rapidly expanding our cloud infrastructure across both Amazon Web Services (AWS) and Oracle Cloud Infrastructure (OCI) to deliver highly secure, scalable, and reliable healthcare solutions. We are seeking a passionate and skilled SecOps Engineer to join our growing team and fortify our security posture. Job Summary: As a SecOps Engineer, you will play a critical role in safeguarding our cloud-native healthcare products and infrastructure hosted on AWS and OCI. You will be responsible for the detection, analysis, and response to security incidents, while also proactively identifying and mitigating security risks. This role requires a strong understanding of cloud security principles, incident response methodologies, vulnerability management, and the unique compliance requirements within the healthcare industry (e.g., HIPAA, GDPRSOC 2, ISO 27001). Key Responsibilities: Security Monitoring & Alerting: Design, implement, and manage security monitoring tools and platforms (e.g., SIEM, EDR, Cloud Native Security Tools) across AWS and OCI environments. Develop and fine-tune security alerts, dashboards, and reports to detect suspicious activities, anomalies, and potential threats. Perform real-time security event analysis and triage. Incident Response & Management: Lead security incident response efforts from detection to resolution, including containment, eradication, recovery, and post-mortem analysis. Develop, maintain, and test incident response plans and playbooks. Coordinate with internal teams (DevOps, Engineering, IT) and external stakeholders during security incidents. Vulnerability Management: Conduct vulnerability scanning, penetration testing coordination, and security assessments of cloud infrastructure, applications, and network components. Prioritize, track, and validate remediation of identified vulnerabilities. Cloud Security Operations: Implement and enforce security best practices for AWS and OCI services (e.g., IAM, network security, data encryption, security groups, WAFs, security policies). Automate security tasks, responses, and deployments using Infrastructure as Code (IaC) tools (e.g., CloudFormation, Terraform). Manage cloud access controls, ensuring least privilege access principles are followed. Compliance & Audit Support: Ensure adherence to healthcare industry regulations (e.g., HIPAA, HITECH) and security standards (e.g., SOC 2, ISO 27001). Assist in internal and external security audits, providing necessary documentation and evidence. Implement controls to meet compliance requirements. Security Tooling & Automation: Evaluate, deploy, and manage security tools and technologies that enhance our SecOps capabilities. Drive automation initiatives to improve the efficiency and effectiveness of security operations. Security Awareness & Training: Contribute to fostering a strong security culture within the organization. Provide guidance and support to development and operations teams on secure coding and infrastructure practices. Required Qualifications: Bachelors degree in computer science, Information Security, or a related field; or equivalent practical experience. 3-5+ years of experience in Security Operations (SecOps), Cyber Security, or a similar role, with a strong focus on cloud environments. Demonstrable experience with security services and best practices in AWS . Familiarity with security concepts and services in Oracle Cloud Infrastructure (OCI) . Strong understanding of security frameworks and compliance standards relevant to healthcare (e.g., HIPAA, SOC 2, ISO 27001). Experience with SIEM (Security Information and Event Management) tools (e.g., Splunk, ELK Stack, Sumo Logic, Sentinel). Proficiency in scripting languages (e.g., Python, Bash) for automation and data analysis. Solid understanding of networking protocols, operating systems (Linux/Windows), and web application security. Experience with incident response methodologies and tools. Excellent analytical, problem-solving, and communication skills. Preferred Qualifications: AWS Security Specialty certification or other relevant AWS certifications. OCI Foundations Associate, OCI Security Professional, or other relevant OCI certifications. Experience with container security (Docker, Kubernetes) and serverless technologies. Familiarity with DevSecOps principles and integrating security into CI/CD pipelines. Experience with vulnerability management platforms (e.g., Qualys, Tenable, Nessus). Knowledge of penetration testing methodologies and tools.

About Us: Liberis is on a mission to supercharge the power of small businesses all over the world - delivering the financial products they need to grow through a network of global partners. Before all else, Liberis is a technology company, connecting finance with small businesses. We use data to help partners understand their customers real time needs and tech to offer tailor-made funding and financial products. Empowering small businesses to grow and keep their independent spirit alive is central to our vision. Up to now we have funded almost 40,000 small businesses with over $1.5bn - but we believe there is much more to be done. Liberis and Blenheim Chalcot Liberis was founded and is backed by Blenheim Chalcot, the UK&aposs leading digital venture builder. This powerful partnership provides us with a unique advantage, combining our fintech agility with the strategic support and deep expertise of a company renowned for building and scaling disruptive digital businesses. As a key part of the Blenheim Chalcot portfolio, we benefit from a vibrant ecosystem of collaboration and innovation, placing us at the forefront of the embedded finance revolution. The Role: The Head of InfoSec and Cyber Security is a high-impact leadership role within the Blenheim Chalcot portfolio and Liberis , reporting directly to the Chief Risk Officer (CRO). You will lead and scale the InfoSec function across the US, UK, EU, and India, define the global security roadmap, and ensure regulatory and partner confidence across jurisdictions. This is a unique opportunity to shape the global security posture of a fintech already operating at scale. Key Responsibilities: Define and execute the global information security roadmap. Own ISO 27001 and SOC 2 Type II implementation. Mature cloud-native security across AWS, GCP, and Azure environments. Govern CI/CD pipelines and embed DevSecOps in partnership with engineering. Manage the InfoSec risk lifecycle across platform, data, and third-party vendors. Represent Liberis to regulators, partners, and enterprise clients. Lead security operations including threat detection, incident response, and vulnerability management. Drive security awareness and training programs across the organization. Collaborate with cross-functional teams to embed security into product and engineering workflows. About You: The ideal candidate will be a strategic thinker with deep technical expertise and a proven track record in building and leading high-performing InfoSec teams. You should be comfortable operating in a fast-paced, high-growth environment and have strong stakeholder management skills. Qualifications, Technical and/or Professional Experience: 10+ years in InfoSec leadership, ideally in US/UK fintechs. Hands-on experience with ISO 27001 and SOC 2 frameworks. Strong grasp of global regulations including GDPR (UK/EU), PCI DSS, and US Federal/State laws. Technical fluency across cloud, data, application, and network security. Proven experience working directly with boards, executive teams, and regulators. Certifications: CISSP, CISM, CRISC (required). Excellent communication and leadership skills. About Blenheim Chalcot: Blenheim Chalcot is one of the leading venture builders in the world. We have been building exciting and disruptive businesses for over 26 years across sectors including FinTech, EdTech, GovTech, Media, Sport, Charity and more. These companies are all GenAI enabled and are some of the most innovative companies in the UK and increasingly around the world. The BC team in India has been instrumental to the growth and success of Blenheim Chalcot. Established in 2014, Blenheim Chalcot India serves as a pivotal launchpad for those aiming to make a difference in the realm of innovation and entrepreneurship. We support our diverse portfolio of ventures and create impactful solutions that shape global trends. We provide a range of services to help new businesses get off the ground, including technology, growth (marketing and sales), talent, HR, finance, legal and tax, plus so much more What We Offer: Be part of the worlds leading digital venture builder Blenheim Chalcot. Work in a high-growth FinTech environment with exposure to GenAI tools. 24 days annual leave + 10 public holidays. Private medical insurance for you and your immediate family. Life insurance and access to continuous learning and development. A collaborative, inclusive, and cricket-loving culture (we own the Rajasthan Royals IPL team!). Show more Show less