35 Soc 2 Jobs

Ready to shape the future of work At Genpact, we don&rsquot just adapt to change&mdashwe drive it. AI and digital innovation are redefining industries, and we&rsquore leading the charge. Genpact&rsquos , our industry-first accelerator, is an example of how we&rsquore scaling advanced technology solutions to help global enterprises work smarter, grow faster, and transform at scale. From large-scale models to , our breakthrough solutions tackle companies most complex challenges. If you thrive in a fast-moving, tech-driven environment, love solving real-world problems, and want to be part of a team that&rsquos shaping the future, this is your moment. Genpact (NYSE: G) is an advanced technology services and solutions company that delivers lasting value for leading enterprises globally. Through our deep business knowledge, operational excellence, and cutting-edge solutions - we help companies across industries get ahead and stay ahead. Powered by curiosity, courage, and innovation , our teams implement data, technology, and AI to create tomorrow, today. Get to know us at and on , , , and . Inviting applications for the role of Manager- Information Security In this role we are looking for someone who has relevant years of relevant work experience in Information Security, Audit & assurance role with expertise in ITGC, network security and Application Security controls Responsibilities Experience in facilitating external & internal audits from inception to completion. Experience in drafting comprehensive risk-based control framework aligned to SOC 1, SOC 2 standard. Solutioning skills to resolve complicated IT, F&A and & application security issues. Working experience as an engagement lead for SOC 1 and SOC 2 audits at a Big 4/reputed IT organization Exposure to leadership connects on compliance posture, getting management commitment. Design and lead an internal monthly compliance monitoring framework with minimum manual touchpoints. Prepare & present an effective compliance dashboard for internal leaders and external stakeholders. Qualifications we seek in you! Minimum Qualifications Strong domain knowledge in ITGC testing, Application controls testing, SOC 1, SOC 2 reports, SaaS/PaaS/IaaS, Interface controls, Application Pre-Implementation and post Implementation reviews, Software Compliance reviews, IT & Network Security, Controls, Risk Frameworks, File Integrity Monitoring solutions, Cloud Security, Cyber security. Good performance rating in the current organization (verifiable) Any one audit certification: CISA/CISM/CRISC/CISSP Preferred Qualifications/ Skills Analytical skills, excellent problem-solving skills, ability to work within deadlines, excellent interpersonal and communication skills. Why join Genpact Be a transformation leader - Work at the cutting edge of AI, automation, and digital innovation Make an impact - Drive change for global enterprises and solve business challenges that matter Accelerate your career - Get hands-on experience, mentorship, and continuous learning opportunities Work with the best - Join 140,000+ bold thinkers and problem-solvers who push boundaries every day Thrive in a values-driven culture - Our courage, curiosity, and incisiveness - built on a foundation of integrity and inclusion - allow your ideas to fuel progress Come join the tech shapers and growth makers at Genpact and take your career in the only direction that matters: Up. Let&rsquos build tomorrow together. Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color , religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation. Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a %27starter kit,%27 paying to apply, or purchasing equipment or training.

Cloud Expertise: Google Cloud Platform (GCP) Mandatory, AWS Experience Required Key Responsibilities - Provision, manage, and support GCP sandbox environments for testing and development. - Ensure sandbox governance, security, and compliance with Citi policies. - Engage with Google Cloud & AWS support teams to troubleshoot and resolve issues. - Ensure sandbox isolation from production workloads and enforce resource lifecycle management (deletion/suspension of unused resources). - Onboard Citi teams and developers to new or existing AWS/GCP accounts. - Manage user access for single/multiple cloud accounts, ensuring least privilege access. - Assign and audit IAM roles and permissions for security and compliance. - Remove user access to specific accounts as needed. - Configure real-time alerts for sandbox activities and send to Citi Sandbox Email DL IDs. - Set up budget alerts (soft/hard limits) to prevent overspending. - Monitor security incidents, unauthorized access attempts, and anomalies. - Implement cost tracking mechanisms and automate resource cleanup to prevent cost overruns. - Implement GCP/AWS cost control measures (budgets, quotas, auto-scaling). - Track spending patterns and optimize resource allocation. - Ensure compliance with financial industry regulations (SOC 2, ISO 27001, GDPR). - Conduct periodic security and cost audits. - Automate cloud operations using Terraform, CloudFormation, or Deployment Manager. - Use Python/Bash scripting for process automation and cost/resource optimization.

Job Summary: We are looking for an experienced IT Audit Specialist with a proven track record in Big 4 consulting firms (Deloitte, PwC, EY, or KPMG). The ideal candidate must hold a valid CISA or CISSP certification and demonstrate deep expertise in IT general controls (ITGC), risk management, cybersecurity, and compliance. This role is focused solely on IT audits and advisory, not statutory or financial audits. Key Responsibilities: Lead and perform IT audits, including ITGC testing, automated controls reviews, and application audits across various environments. Evaluate cybersecurity controls, risk mitigation practices, and IT governance processes. Conduct assessments for SOX IT compliance, SOC 1/SOC 2, GDPR, and other regulatory frameworks. Work closely with internal stakeholders and client teams to identify control weaknesses and recommend remediation strategies. Participate in risk assessments, control design evaluations, and implementation of industry best practices. Document findings, prepare reports, and present results to senior leadership or client executives. Stay updated on emerging IT risks, technologies, and industry regulations to enhance audit effectiveness. Required Qualifications: 6+ years of IT audit experience with exclusive background in Big 4 firms (Deloitte, PwC, EY, KPMG). Professional certification: CISA (required); CISSP or other security certifications are a plus. Strong knowledge of ITGCs, application controls, and security frameworks (COBIT, NIST, ISO 27001). Experience in ERP systems audits (e.g., SAP, Oracle) and cloud environment assessments (AWS, Azure, GCP). Strong analytical, documentation, and communication skills. Ability to manage multiple projects and meet tight deadlines in a client-facing environment. Preferred Skills: Experience with SOC 1/SOC 2 reporting, vulnerability assessments, or data privacy audits. Familiarity with tools like Archer, ServiceNow GRC, or audit analytics platforms. Exposure to IT risk advisory or cybersecurity transformation projects.

Must have experience in dealing with NBFC/FinTech specific regulatory audit - ISO, RBI, SOC 2, PCI.AWS based application deployment, DevOps/DevSecops, technology stack and information security solutions Required Candidate profile Help develop practice for Risk Advisory, Transformation and Assurance under the Practice Leader. Provide consulting advisory to various customers around GRC advisory space Represent

Opportunity for a remote role. Experienced in GDPR, HIPAA, PCI-DSS, ISO 27001, SOC 2 compliance. Led implementation and maintenance of compliance programs including TPRA. Skilled in IT audit planning, ISO 27001 audits, and reporting.

Lead and support IT compliance audits and assessments aligned with ISO 27001 and SOC 2 standards.Understanding of regulatory compliance standards, such as GDPR, HIPAA,PCI-DSS,or ISO27001.Understanding of cloud platforms (AWS, Azure, or Google Cloud)

Role Overview We are looking for experienced DevOps Engineers (8+ years) with a strong background in cloud infrastructure, automation, and CI/CD processes. The ideal candidate will have hands-on experience in building, deploying, and maintaining cloud solutions using Infrastructure-as-Code (IaC) best practices. The role requires expertise in containerization, cloud security, networking, and monitoring tools to optimize and scale enterprise-level applications. Key Responsibilities Design, implement, and manage cloud infrastructure solutions on AWS, Azure, or GCP. Develop and maintain Infrastructure-as-Code (IaC) using Terraform, CloudFormation, or similar tools. Implement and manage CI/CD pipelines using tools like GitHub Actions, Jenkins, GitLab CI/CD, BitBucket Pipelines, or AWS CodePipeline. Manage and orchestrate containers using Kubernetes, OpenShift, AWS EKS, AWS ECS, and Docker. Work on cloud migrations, helping organizations transition from on-premises data centers to cloud-based infrastructure. Ensure system security and compliance with industry standards such as SOC 2, PCI, HIPAA, GDPR, and HITRUST. Set up and optimize monitoring, logging, and alerting using tools like Datadog, Dynatrace, AWS CloudWatch, Prometheus, ELK, or Splunk. Automate deployment, configuration, and management of cloud-native applications using Ansible, Chef, Puppet, or similar configuration management tools. Troubleshoot complex networking, Linux/Windows server issues, and cloud-related performance bottlenecks. Collaborate with development, security, and operations teams to streamline the DevSecOps process. Must-Have Skills 3+ years of experience in DevOps, cloud infrastructure, or platform engineering. Expertise in at least one major cloud provider: AWS, Azure, or GCP. Strong experience with Kubernetes, ECS, OpenShift, and container orchestration technologies. Hands-on experience in Infrastructure-as-Code (IaC) using Terraform, AWS CloudFormation, or similar tools. Proficiency in scripting/programming languages like Python, Bash, or PowerShell for automation. Strong knowledge of CI/CD tools such as Jenkins, GitHub Actions, GitLab CI/CD, or BitBucket Pipelines. Experience with Linux operating systems (RHEL, SUSE, Ubuntu, Amazon Linux) and Windows Server administration. Expertise in networking (VPCs, Subnets, Load Balancing, Security Groups, Firewalls). Experience in log management and monitoring tools like Datadog, CloudWatch, Prometheus, ELK, Dynatrace. Strong communication skills to work with cross-functional teams and external customers. Knowledge of Cloud Security best practices, including IAM, WAF, GuardDuty, CVE scanning, vulnerability management. Good-to-Have Skills Knowledge of cloud-native security solutions (AWS Security Hub, Azure Security Center, Google Security Command Center). Experience in compliance frameworks (SOC 2, PCI, HIPAA, GDPR, HITRUST). Exposure to Windows Server administration alongside Linux environments. Familiarity with centralized logging solutions (Splunk, Fluentd, AWS OpenSearch). GitOps experience with tools like ArgoCD or Flux. Background in penetration testing, intrusion detection, and vulnerability scanning. Experience in cost optimization strategies for cloud infrastructure. Passion for mentoring teams and sharing DevOps best practices.

Role Overview We are looking for experienced DevOps Engineers (8+ years) with a strong background in cloud infrastructure, automation, and CI/CD processes. The ideal candidate will have hands-on experience in building, deploying, and maintaining cloud solutions using Infrastructure-as-Code (IaC) best practices. The role requires expertise in containerization, cloud security, networking, and monitoring tools to optimize and scale enterprise-level applications. Key Responsibilities Design, implement, and manage cloud infrastructure solutions on AWS, Azure, or GCP. Develop and maintain Infrastructure-as-Code (IaC) using Terraform, CloudFormation, or similar tools. Implement and manage CI/CD pipelines using tools like GitHub Actions, Jenkins, GitLab CI/CD, BitBucket Pipelines, or AWS CodePipeline. Manage and orchestrate containers using Kubernetes, OpenShift, AWS EKS, AWS ECS, and Docker. Work on cloud migrations, helping organizations transition from on-premises data centers to cloud-based infrastructure. Ensure system security and compliance with industry standards such as SOC 2, PCI, HIPAA, GDPR, and HITRUST. Set up and optimize monitoring, logging, and alerting using tools like Datadog, Dynatrace, AWS CloudWatch, Prometheus, ELK, or Splunk. Automate deployment, configuration, and management of cloud-native applications using Ansible, Chef, Puppet, or similar configuration management tools. Troubleshoot complex networking, Linux/Windows server issues, and cloud-related performance bottlenecks. Collaborate with development, security, and operations teams to streamline the DevSecOps process. Must-Have Skills 3+ years of experience in DevOps, cloud infrastructure, or platform engineering. Expertise in at least one major cloud provider: AWS, Azure, or GCP. Strong experience with Kubernetes, ECS, OpenShift, and container orchestration technologies. Hands-on experience in Infrastructure-as-Code (IaC) using Terraform, AWS CloudFormation, or similar tools. Proficiency in scripting/programming languages like Python, Bash, or PowerShell for automation. Strong knowledge of CI/CD tools such as Jenkins, GitHub Actions, GitLab CI/CD, or BitBucket Pipelines. Experience with Linux operating systems (RHEL, SUSE, Ubuntu, Amazon Linux) and Windows Server administration. Expertise in networking (VPCs, Subnets, Load Balancing, Security Groups, Firewalls). Experience in log management and monitoring tools like Datadog, CloudWatch, Prometheus, ELK, Dynatrace. Strong communication skills to work with cross-functional teams and external customers. Knowledge of Cloud Security best practices, including IAM, WAF, GuardDuty, CVE scanning, vulnerability management. Good-to-Have Skills Knowledge of cloud-native security solutions (AWS Security Hub, Azure Security Center, Google Security Command Center). Experience in compliance frameworks (SOC 2, PCI, HIPAA, GDPR, HITRUST). Exposure to Windows Server administration alongside Linux environments. Familiarity with centralized logging solutions (Splunk, Fluentd, AWS OpenSearch). GitOps experience with tools like ArgoCD or Flux. Background in penetration testing, intrusion detection, and vulnerability scanning. Experience in cost optimization strategies for cloud infrastructure. Passion for mentoring teams and sharing DevOps best practices.

Roles and Responsibilities Greetings from GRM Technologies!!! Providing support in IT and Cyber Risk Advisory services offered by GRM Technologies to its clients in the following domains- Information regulatory compliance (ISO 27001, PCIDSS, RBI, SEBI, SOC1, SOC2, PCI DSS, HITRUST, GDPR) Information risk management Information security and information assurance Information technology controls for financial and other systems Identifying processes and technologies to maintain and enhance the security architecture Disaster recovery and business continuity management Information privacy Have a fair understanding of Business Continuity Planning and DR Drills Should have conducted Information Life Cycle management reviews in the past Conducting Infrastructure Vulnerability Assessment and Penetration Testing Conducting Web and Mobile Application Security Assessment Conducting Secure Code Review Conducting Architecture Review Should have minimum 2-5 yrs. of experience into Cyber Security, including IT Risk, Cyber Risk & Compliance, IT Audit, Vendor Audit, VAPT, Application Security, Fraud Risk & Security. Knowledge of information security standards, principles and practices required Perform risk assessment, controls and documentation with expected standards (information technology/ business process) Conduct Infrastructure Vulnerability Assessment and Penetration Testing Conduct Web Application Security Assessment Conduct Mobile Application Security Assessment Conduct Source Code Review Perform SOX compliance audits, SOC 1 and SOC 2 audits, as well as testing and reporting Perform control testing pertaining to operating systems, data base (Windows, Unix, Oracle, MSSQL, DB2) Should be able to test basic and automated ERP ITGC controls (SAP, Oracle, etc.) Ability to draft BCP/ DR policy and carry out testing of plan and procedures would be preferable Ability to adapt to new scope areas and technologies Bring in vertical expertise in at least two verticals like BFSI, manufacturing, or more Ability to manage client communication and escalation Ability to make all attempts to guide the peers and self to improve client satisfaction scores Participate in proposal preparation Understanding of risk Appreciation for technological innovation Strong organization skills Curiosity and eagerness to learn Initiative to seek out opportunities and add value Tolerance for ambiguity and shifting priorities; appreciation of change. Should have certification on CCNA / CCNP / ITIL Exposure into ISO 27001 is mandate

Lead GRC , risk assessment, and implementation. Strong in ISO 27001, PCI, PSS, SOC 2, IRDAI. Ensure compliance, audits, awareness. Design InfoSec strategies aligned with ISO, NIST, RBI, SEBI to enhance cybersecurity and meet regulations.

Information Security Assistant Manager Location: Remote. Apply at: ravi.kumar1@akmglobal.in | +91-7838872468 Seeking a highly skilled and experienced Information Security Assistant Manager to join our team. This role requires proficient experience in ISO 27001 and SOC 2 implementation and compliance , along with a strong understanding of global security standards. If you are passionate about information security and looking to advance your career in a dynamic, professional environment, we encourage you to apply. Total Experience: Relevant Experience in ISO 27001 Implementation: Relevant Experience in SOC 2: Current CTC: Expected CTC: Notice Period: Key Responsibilities Collaborate with the CISO to design, implement, and enhance the organizations cybersecurity framework. Maintain, update, and ensure adherence to information security policies in alignment with ISMS standards. Ensure compliance with ISO 27001, SOC 2, HIPAA, and related security and privacy regulations. Serve as the primary point of contact for internal and external audits related to information security. Work closely with technical teams and external clients to uphold robust security practices in all products and services. Develop and maintain comprehensive security documentation and reports. Monitor emerging threats, legal and regulatory changes, and adapt security practices accordingly. Lead and support company-wide security training, awareness initiatives, and best practice promotion. Play an active role in the end-to-end implementation and management of ISO 27001 controls and frameworks. Required Qualifications & Skills Hands-on experience in ISO 27001 implementation (mandatory). Strong familiarity with SOC 2 controls and reporting frameworks (mandatory). Working knowledge of HIPAA, GDPR (EU & UK), and U.S. data privacy laws. Prior experience in managing audits and ensuring regulatory compliance. Excellent written and verbal communication skills, with the ability to convey complex security concepts to diverse audiences. Ability to manage multiple projects and priorities under pressure. Proven leadership in executing information security projects. Experience working with international clients or in multicultural environments. Fluency in English (spoken and written) is essential.

The position will be primarily responsible for implementation and / or assessment of ISO 27001:2022, 27002, SOC 2 standard for clients. The position will work independently or with senior consultants for the implementation and management of information security compliance and/or other best practices. Key Performance Indicators Experience in ISO 27001/27002 controls verification and compliance: Assist Clients to get ISO 27001 certification by identification and implementation of appropriate controls in the Audit scope. Conduct Risk assessment of activities and coordinate with stakeholders till closure signoff / risk acceptance. Define, Develop and review information security policies, procedures, guidelines, forms and templates as per best practice Create and review baseline standards for OS, Database, webservers and applications and recommend improvements Support post implementation and continuous audits for ISO 27001:2013 and ensure compliance. Create organizational information security awareness program and conduct awareness. Assist and recommend measures to ensure compliance with Security standards (ISO, NIST, CIS, PCI DSS etc) or any best practices. Skills: Information Technology and/or Cybersecurity skills: Information Technology and/or Cybersecurity skills a solid IT foundation, ability to communicate technical information verbally and through written documentation, Knowledge of security areas such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, or web services is preferred Presales skills: Excellent communication, problem-solving, client-facing, ability to work as a team Competence: ISO 27001 / Cybersecurity Certifications. Willingness to obtain the Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) designations.

Information Security Engineer Experience: 2 - 6 Years Exp Salary : Competitive Preferred Notice Period : Within 30 Days Shift : 10:00AM to 7:00PM IST Opportunity Type: Onsite (Mumbai) Placement Type: Permanent (*Note: This is a requirement for one of Uplers' Clients) Must have skills required : ISO 27001, SOC 2, AWS, GCP, Azure, public cloud IDfy (One of Uplers' Clients) is Looking for: Infosec Engineer who is passionate about their work, eager to learn and grow, and who is committed to delivering exceptional results. If you are a team player, with a positive attitude and a desire to make a difference, then we want to hear from you. Role Overview Description Who are we? Trust isnt a given, it needs to be built. And in a world where fraud is evolving faster than ever, trust must be safeguarded at every step. At IDfy, we make trust scalable. As an Integrated Identity Platform, we help businesses verify identities, detect fraud, and stay compliantensuring every interaction starts with confidence. Our clients include HDFC Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. With more than 13+ years of experience and 2 million verifications per day, we are pioneers in this industry. We do this through three interconnected platforms: Onboarding Platform: Our IDfy360 and Video Solutions make KYC and identity verification seamless, turning compliance into a frictionless experience. Fraud & Risk Management Platform: We stay ahead with CrimeCheck, RiskAI, and our Transaction Intelligence Platform identifying synthetic identities, financial risks, and bad actors before they cause damage. Privacy & Data Governance Platform: With PRIVY, businesses can navigate evolving data protection laws with ease, ensuring security and transparency at every step. Infosec Engineer As an Information Security Engineer at IDfy, youll support the InfoSec team in ensuring that our systems, policies, and processes meet global compliance standards. From supporting audits to reviewing documentation and responding to customer requests, youll get hands-on experience in what it takes to keep a fast-paced tech company secure. This is the perfect role if youve dabbled in audits, are curious about security frameworks, and want to grow into a well-rounded InfoSec professional. We are the match if you... Have been part of audits (ISO 27001, SOC 2, Customer TPRA) either conducting or surviving them for 2-4 years Have good understanding of ISO 27001, SOC 2, or other security frameworks Experienced in handling ISMS management end to end independently/ as a part of a team Are organized, detail-oriented, and a bit obsessed with checklists Know your way around cloud basics (GCP preferred, others fine too) Can document policies and processes clearly Want to learn how security works in a product and SaaS environment Are eager to work with a team that takes compliance seriously (but not too seriously) Are open to earning certifications down the line (CISA, ISO 27001 LA, etc.) Heres what your day would look like... Assist in maintaining our ISMS for ISO 27001 and SOC 2 including policy review/updates, creating SOPs and executing ISMS activities Support internal and external audit prep and documentation Track and respond to client security questionnaires Face / assist customer third-party risk assessments Collaborate with legal, engineering, and product teams to ensure compliance Assist in monitoring compliance metrics and identifying improvement areas Learn, grow, and eventually take on more ownership within the InfoSec team Whats it like working at IDfy? We build products that detect and prevent fraud. With billions of transactions flowing through our pipes, InfoSec is not just important, its critical. Youll have the space to take ownership, challenge the status quo, and build security systems that scale with our growth. And yes, we love memes, chai, and debating compliance checklists over lunch. Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies. We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities. How to apply for this opportunity: Easy 3-Step Process: 1. Click On Apply! And Register or log in on our portal 2. Upload updated Resume & Complete the Screening Form 3. Increase your chances to get shortlisted & meet the client for the Interview! About Our Client: IDfy is an Integrated Identity Platform offering products and solutions for KYC, KYB, Background Verifications, Risk Assessment, and Digital Onboarding. We establish trust while delivering a frictionless experience for you, your employees, customers and partners. About Uplers: Our goal is to make hiring and getting hired reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant product and engineering job opportunities and progress in their career. (Note: There are many more opportunities apart from this on the portal.) So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

Infosec Engineer Experience: 2 - 6 Years Exp Salary : Competitive Preferred Notice Period : Within 30 Days Shift : 10:00AM to 7:00PM IST Opportunity Type: Onsite (Mumbai) Placement Type: Permanent (*Note: This is a requirement for one of Uplers' Clients) Must have skills required : ISO 27001, SOC 2, AWS, GCP, Azure, public cloud IDfy (One of Uplers' Clients) is Looking for: Infosec Engineer who is passionate about their work, eager to learn and grow, and who is committed to delivering exceptional results. If you are a team player, with a positive attitude and a desire to make a difference, then we want to hear from you. Role Overview Description Who are we? Trust isnt a given, it needs to be built. And in a world where fraud is evolving faster than ever, trust must be safeguarded at every step. At IDfy, we make trust scalable. As an Integrated Identity Platform, we help businesses verify identities, detect fraud, and stay compliantensuring every interaction starts with confidence. Our clients include HDFC Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. With more than 13+ years of experience and 2 million verifications per day, we are pioneers in this industry. We do this through three interconnected platforms: Onboarding Platform: Our IDfy360 and Video Solutions make KYC and identity verification seamless, turning compliance into a frictionless experience. Fraud & Risk Management Platform: We stay ahead with CrimeCheck, RiskAI, and our Transaction Intelligence Platform identifying synthetic identities, financial risks, and bad actors before they cause damage. Privacy & Data Governance Platform: With PRIVY, businesses can navigate evolving data protection laws with ease, ensuring security and transparency at every step. Infosec Engineer As an Information Security Engineer at IDfy, youll support the InfoSec team in ensuring that our systems, policies, and processes meet global compliance standards. From supporting audits to reviewing documentation and responding to customer requests, youll get hands-on experience in what it takes to keep a fast-paced tech company secure. This is the perfect role if youve dabbled in audits, are curious about security frameworks, and want to grow into a well-rounded InfoSec professional. We are the match if you... Have been part of audits (ISO 27001, SOC 2, Customer TPRA) either conducting or surviving them for 2-4 years Have good understanding of ISO 27001, SOC 2, or other security frameworks Experienced in handling ISMS management end to end independently/ as a part of a team Are organized, detail-oriented, and a bit obsessed with checklists Know your way around cloud basics (GCP preferred, others fine too) Can document policies and processes clearly Want to learn how security works in a product and SaaS environment Are eager to work with a team that takes compliance seriously (but not too seriously) Are open to earning certifications down the line (CISA, ISO 27001 LA, etc.) Heres what your day would look like... Assist in maintaining our ISMS for ISO 27001 and SOC 2 including policy review/updates, creating SOPs and executing ISMS activities Support internal and external audit prep and documentation Track and respond to client security questionnaires Face / assist customer third-party risk assessments Collaborate with legal, engineering, and product teams to ensure compliance Assist in monitoring compliance metrics and identifying improvement areas Learn, grow, and eventually take on more ownership within the InfoSec team Whats it like working at IDfy? We build products that detect and prevent fraud. With billions of transactions flowing through our pipes, InfoSec is not just important, its critical. Youll have the space to take ownership, challenge the status quo, and build security systems that scale with our growth. And yes, we love memes, chai, and debating compliance checklists over lunch. Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies. We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities. How to apply for this opportunity: Easy 3-Step Process: 1. Click On Apply! And Register or log in on our portal 2. Upload updated Resume & Complete the Screening Form 3. Increase your chances to get shortlisted & meet the client for the Interview! About Our Client: IDfy is an Integrated Identity Platform offering products and solutions for KYC, KYB, Background Verifications, Risk Assessment, and Digital Onboarding. We establish trust while delivering a frictionless experience for you, your employees, customers and partners. About Uplers: Our goal is to make hiring and getting hired reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant product and engineering job opportunities and progress in their career. (Note: There are many more opportunities apart from this on the portal.) So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

Introduction We are looking for a detail-oriented Security Services Specialist with a strong focus on compliance, audits, and business continuity/disaster recovery (BCDR). This role is responsible for supporting internal and external security audits and maintaining continuous regulatory compliance. The ideal candidate will have experience aligning security and compliance programs with frameworks such as SOC 2, ISO 27001, and NIST, while also supporting the development and testing of BCDR plans. You will work closely with internal stakeholders and external auditors to ensure our security practices meet applicable requirements and support business goals. Your role and responsibilities Audit Management: Coordinate and support internal and external audits, including evidence collection, control testing, and remediation tracking. Serve as the secondary point of contact for auditors and third-party assessors. Maintain audit logs, findings, and corrective action plans. Compliance Oversight: Monitor and ensure compliance with industry regulations and internal security policies. Map controls and processes to multiple compliance frameworks (e.g., NIST, ISO, SOC 2, HIPAA). Track evolving compliance obligations and help update policies accordingly. Access Management: Support access management processes Coordinate and drive periodic user access reviews. Business Continuity & Disaster Recovery (BCDR) Collaborate with IT, operations, and business units to develop and maintain BCDR plans. Coordinate and conduct periodic BCDR tests, document results, and track corrective actions. Evaluate critical business processes to identify single points of failure and propose continuity strategies. Ensure BCDR plans align with compliance requirements and organizational risk appetite. Maintain an inventory of critical assets and dependencies required for continuity and recovery. Policy Development & Enforcement: Assist in developing, updating, and enforcing information security policies, procedures, and standards. Ensure policies align with compliance frameworks and are effectively communicated across the organization. Documentation & Reporting: Maintain detailed and organized documentation of security controls, evidence, and compliance artifacts. Create reports and dashboards for leadership on compliance status and audit readiness. Other assignments as required to support the security, compliance, and resilience goals of the organization. Required education Bachelors Degree Preferred education Bachelors Degree Required technical and professional expertise Bachelor degree in Cybersecurity, Information Systems, Risk Management, or related field. 3+ years of experience in information security, with a focus on compliance and audits. Hands-on experience supporting one or more compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, NIST). Strong understanding of security controls and risk management practices. Strong understanding of network, system, and application security principles. Strong knowledge of risk management principles and audit processes. Excellent analytical, problem-solving, and communication skills. Preferred technical and professional experience Strong attention to detail and organizational skills. Excellent written and verbal communication. Ability to manage multiple audits and compliance initiatives simultaneously. Comfortable working with technical and non-technical teams.

Professionally handle communications with internal and external stakeholders on compliance issues. Maintain up-to-date knowledge of IDfys products, environment, systems, and architecture. Educate control owners on compliance workflows and processes. Maintain IDfys security control framework and continuous control monitoring activities. Gather and report on established metrics within the security compliance programs. Conduct security control tests of design and tests of operating effectiveness activities. Identify observations and manage remediation tasks through to closure while adhering to strict deadlines. Support internal and external auditors or advisors as needed. Demonstrated experience with security control frameworks, e.g. SOC 2, ISO, etc. Execute end-to-end compliance initiatives in accordance with the compliance roadmap. Design high-quality test plans and direct security control test activities. Continuously improve IDfys security control framework Direct external audits. Build and maintain security controls that map to IDfy s security compliance requirements and provide implementation recommendations

In This Role, You Will: Support the sales process by participating in customer-initiated security due diligence and/or vendor security audits and helping to respond to security questionnaires and documentation requests from customers Participate in internal security assessments and security reviews Work with stakeholders to address and mitigate any open findings, and prepare customer communications against them, as required Support development of and monitor progress on security risk treatment plans by risk owners; support regular risk and progress reporting to leadership stakeholders Support development of technical solutions and processes to automate or streamline repeatable security risk assessment, audit, customer questionnaire response activities and workflows Assist with maintenance of information security program documentation consisting of information security policies, standards, and guidelines, and coordinating management ratification of policies and standards at regular intervals Participate in improving the overall Security culture across Cvent; contribute to employee security awareness campaigns and educational activities to address areas of potential risk and/or gaps in compliance Collaborate with internal stakeholders to maintain an up-to-date knowledge base of all Cvent's product functionalities, along with their respective security and compliance posture Measure, track and report KPIs to senior management Heres What You Need: 4-8 years of demonstrable experience in customer assurance, and good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies Good understanding of industry standards for compliance such as ISO 27001:2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards Basic understanding of risk assessment methodologies and best practices Ability and willingness to produce and maintain documentation and reports Proficiency with productivity and collaboration tools, such as Microsoft Office, Slack, Box, and Zoom Excellent presentation and written communications skills and a team-focused attitude Must be organized, detail-oriented, and possess the ability to multi-task in a dynamic, fast-changing, entrepreneurial environment

ou are an experienced and dynamic information security risk management leader able to support and manage the day-to-day operations of Cvent's regional Security Risk and Compliance team based in Gurgaon, India. In this role, you will be responsible for leading people and processes focused on internal technology and third-party security risk management as well as leading audit and compliance activities with numerous security standards and frameworks. In This Role, You Will: Team Leadership and Management Lead the regional Security Risk & Compliance team with an emphasis on developing sustainable, scalable programs and processes, efficiently and effectively allocating resources and responsibilities, coaching and developing staff, and driving results through overall performance management In consultation and partnership with global Information Security leadership, plan, design, and execute regional programs, projects, and processes related to the Security Risk & Compliance function, ensuring alignment and effectiveness with local and global business, technology, and security goals Serve as primary regional leadership representative for the Security Risk & Compliance function, engaging regularly with regional leadership stakeholders to align business and technology practices with company security strategy, policies and standards Actively promote and drive secure and compliant technology risk management practices and support achievement of strategic security objectives and key results Foster a high-performing team culture of ownership, collaboration, and continuous learning and improvement Security Risk Management & Compliance Collaborate with global Information Security leadership and functional peers to develop, maintain, communicate, and implement information security policies, standards, and procedures Lead and manage regional security risk assessments of internal technology projects as well as third-party solutions and vendors; collaborate with regional leadership and relevant stakeholders to prioritize, plan, resource, and implement risk treatment plans Lead regional certification audit activities scoped to a variety of security standards and regulatory frameworks relevant to Cvent's global SaaS operations, including but not limited to ISO 27001, ISO 27701, SOC 2, and PCI-DSS Support global information security metrics reporting and governance processes, including developing processes, tools, and reports that transform data into insights and information to drive achievement of security risk management objectives and key results Innovation and Continuous Improvement: Stay abreast of emerging security risks, compliance frameworks and regulatory requirements threats, technologies, compliance frameworks, and best practices, particularly those relevant to the global SaaS industry Foster and promote development of innovative security processes and solutions to enhance Cvent's security and compliance posture Continuously assess and improve the effectiveness of the Cvent India R&C Security team as well as the respective security programs, initiatives, and day-to-day activities Here's What You Need: Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field; Master's degree preferred Relevant industry certifications, such as CISSP, CISA, CISM, or CRISC Experience: 10+ years of experience in information security, with at least 6 years in an information security leadership role Demonstrable experience with various information security domains including, but not limited to, information security auditing and compliance, information security risk management, third-party technology risk management, technology vulnerability management, and cloud security Proven track record of implementing security risk management standards, frameworks, and methodologies, including regulatory security requirements related to global data privacy and protection laws relevant to cloud service providers Strong technical knowledge of cybersecurity and technology risk management principles, best practices, and solutions Soft Skills: Exceptional leadership and management abilities; proven ability to effectively allocate and delegate responsibility for, oversee, and drive successful execution of programs, projects, and tasks Strong, persuasive communications skills; ability to coach and develop staff, influence stakeholders, and drive positive change across an organization at all levels Excellent stakeholder management and negotiation skills; ability to effectively articulate complex cybersecurity risk management and compliance concepts to both technical and non-technical audiences to build consensus and achieve cross-functional alignment on security risk management and compliance as well as security assurance priorities Strong business acumen with the ability to align security initiatives with business objectives Ability to navigate and adapt to ambiguity as well as be personally resilient in a fast-paced, dynamic, multi-national company

Responsibilities: * Design, implement, and maintain secure solutions on AWS cloud platform using IAM and security architecture principles.

We want to shape the future with vision and innovation. Be part of it and develop your full potential! As part of the global NTT DATA Group, one of the most successful IT service providers in the world, we specialize in value-added SAP solutions as NTT DATA Business Solutions. With over 16,000 employees in more than 30 countries, we design, implement, and develop custom-fit SAP solutions for our global customers. Would you like to take the next step in your career and be part of our highly qualified team? Are you ready to break new ground? Job Title: Information Security Analyst Experience: 3 - 6 Years Job Location: Hyderabad Technical Experience Experience in managing security audits, such as, ISO 27001, SOC I / II including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors. In-depth knowledge of security controls, interpreting control requirements for ISO 27001 (Must) and SOC II (good to have), audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Experience planning and performing vendor security risk reviews including creation of templates and reporting for reviewing different types and categories of vendors such as cloud, vendors hosting sensitive data, and vendors with access to sensitive data. Experience reviewing ISO 27001, SOC 2, Pen Test , and other forms of security assessment reports. Manages and tracks the delivery of Security Training and Awareness campaigns. Assists in the development of content for Security Awareness campaigns. Actively contributes to the Security knowledgebase to enable internal knowledge sharing and facilitates efficient audits and questionnaire responses. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Manages and performs quarterly access reviews ensuring completeness and accuracy of results and consistent evidence collection. Supports the Risk Management function by reviewing and documenting Security exceptions and recommending appropriate actions. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Educational Qualification: Must be a graduate. Must be ISO27001:2022 Lead Auditor / Lead Implementer certified. Interested candidates share me your updated resume to Satyendra.TVNR@bs.nttdata.com

IT audit experience in Domain like ITGC, Cyber Security, SOC 2, Application and IT security Infrastructure and IT Regulatory compliance Familiarity with IT regulatory requirements related to IS of regulators such as RBI, SEBI and other IT Standards

Job Summary: We are seeking an experienced Cybersecurity Strategy & Security Engineer to develop and implement security policies, frameworks, and architectures that align with organizational goals. This role is critical for defining security roadmaps, evaluating current capabilities, and ensuring robust protection across networks and cloud environments. We are looking for immediate joiners or a notice period less then a month is preferrable. Work from office and will have rotational shifts. Key Responsibilities: Develop and maintain IT security policies and standards for infrastructure components (firewalls, routers, VPNs, etc.) Design and implement cybersecurity strategies and roadmaps aligned with business objectives Conduct risk and maturity assessments and recommend security improvements Evaluate and integrate new security technologies and authentication protocols Provide expertise in network security architecture and cloud security across AWS, Azure, or GCP Collaborate with stakeholders to identify critical business functions and ensure alignment of security initiatives Reference and implement industry-standard frameworks like NIST 800-53, CIS Controls, ISO 27001, SOC 2 Mandatory Skills: Proven experience in security policy & standards development Deep understanding of security frameworks : NIST, CIS Controls, ISO 27001, SOC 2 Expertise in security strategy and roadmap development Strong background in network security architecture Cloud security knowledge in AWS, Azure (preferred), or GCP Familiarity with tools like Firewalls, WAF, VPN, EDR/XDR , and cloud-native tools (e.g., Prisma, Microsoft Defender for Cloud Apps, Azure Firewall ) Strong grasp of security reference architectures across domains like application, network, and data security Preferred Qualifications: Experience with security risk assessments, cost analysis, and security maturity evaluations Knowledge of security standards and compliance requirements (e.g., PCI-DSS)

To act as the SPOC for all third-party audits, especially from BFSI clients & create Network Infrastructure. JD: https://www.pinnacle.in/career/security-manager JD:https://www.pinnacle.in/career/network-manager To work purely from HO Nagpur

Client interface for understanding the IT Governance, IT Risk & Compliance Management Controls as applicable to Infrastructure operations. Responsible and accountable for driving and maintaining the Compliance Program Which Includes: I. Defining and implementing controls as per Customer defined Security and Privacy policies II. Ensuring measurement and compliance to the policies. III. Drives Internal and External Audits IV. Participate and advise on Security Incident Investigation V. Training and awareness of Employees on Security Policies Well versed and hands-on experience for establishing processes, controls and audits of compliances like ISO 27001, ISO 15408. SOX ITGCs, SSAE 18 SOC 1 & SOC 2, PCIDSS,HIPAA, Data Privacy Standards (GDPR/Schrems) Frameworks. Documentation of IT & risk management Controls as they are currently being executed in client environment and ensuring that the same controls are followed and implemented in service delivery operations Work with the client & technical teams for change request on any risk or control implementation as well as governance process Participate in internal as well as external regulatory audits as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security Point of contact for the client compliance & IT audit team for provisioning audit evidences within the SLAs defined. Provide strategic guidance & consulting support on implementation of IT controls for Networks, Operating Systems, System Security, Backup & Recovery, Storage, BCP/DR Work with the client & team in identifying any process/ control gaps and suggesting the remediation plan& tracking the plan progress till closure. Liaison with Audit Firms and Client for all types of External audits like (ISO 27001, SSAE 16 SOC 1/ SOC 2 etc)

Job Description: Design and execute the day-to-day activities of Information Technology (IT) audit engagements, with a focus on strategic, operational and regulatory/compliance related risks Plan activities related to development of audit program, and execution of internal audits and IT control assessments in the following areas: cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third party risk, programs and projects, automation, General Information Technology Controls (GITCs) and application controls, and regulatory/compliance requirements Review clients' processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management Contribute to IT Audit knowledge base and internal practice development initiatives Supervise and provide performance management for IT audit staff working on assigned engagements Knowledge of security measures and auditing practices within various operating systems, databases and applications. Experience in assessing risks across a variety of business processes. Experience of working on Financial Services sector clients. Experience in identifying control gaps and communicating audit findings and control redesign recommendations to Sr. Management and Clients. Hands on experience of working on IT General Controls, IT Application controls testing, IT Internal Audits, IT Risk Assessments, Third Party Risk Management. Knowledge of regulations impacting the privacy, integrity and availability of customer PII. Exposure of having led IT Audit engagements Exposure of working on Identity Access Management aspects like user management, authentication and authorization. Has team leading experience and has been a performance manager in current or last role Technical skills: Prior experience in evaluating the design and operating effectiveness of technology controls over varied IT platforms including ERP suites, Windows, Unix/Linux, iSeries, Oracle database, DB2 and SQL.