60 Soc 2 Jobs - Page 2

IT Audit planning & management, ISO27001 audits & implementation, corrective actions & follow-up, ITGC, Cyber Security, SOC 2. Experience in IT regulatory compliance (RBI, IRDA, SEBI), IT risk & controls review, app & infra security.

About Drip Capital We are a US-based fintech company revolutionizing global trade for SMEs. At Drip Capital, we're redefining the future of trade finance and facilitation, empowering small and medium-sized enterprises (SMEs) to scale internationally with ease. With the global SME trade market exceeding $5 trillion, our mission is to provide businesses in emerging markets with seamless access to capital-eliminating red tape and outdated processes. By leveraging cutting-edge technology, we make trade finance fast, efficient, and hassle-free. Beyond financing, we simplify trade and sourcing, helping SMEs navigate global markets effortlessly. Headquartered in Palo Alto, California, with offices in India, Drip Capital is strategically positioned to meet the evolving needs of SMEs in emerging markets. Backed by top investors-including Accel, Peak XV, Wing VC, Sequoia India, Y Combinator, GMO, SMBC Japan, Barclays, and IFC-Drip has facilitated over $7 billion in trade across 10,000+ buyers and sellers. As we continue to grow, we remain committed to transforming global trade for SMEs worldwide. Role Overview : We are looking for a highly motivated and detail-oriented Compliance Engineer with a strong focus on ISO/IEC 27001:2022 audit and implementation. The ideal candidate should also have hands-on experience in GRC, Cloud security, Vulnerability Assessment & Penetration Testing (VAPT), and general information security best practices. This role is essential in ensuring our compliance with security frameworks, maintaining our ISMS, and strengthening our overall security posture. Key Responsibilities: Lead ISO/IEC 27001:2022 compliance initiatives, including implementation, internal audits, surveillance, and recertification audits. Prepare and maintain documentation for audits, including evidence collection and audit logs. Conduct or support internal VAPT exercises work with external vendors for third-party assessments and ensure closure of findings. Evaluate and ensure security compliance in cloud environments (AWS), including configuration reviews and adherence to cloud security best practices. Perform security risk assessments, gap analyses, and impact assessments across systems, processes, and vendors. Collaborate cross-functionally with Engineering, IT, Legal, and HR to ensure compliance across business units. Develop and maintain security policies, procedures, standards, and guidelines aligned with ISO 27001 and other applicable frameworks. Monitor compliance with regulatory requirements (e.g., GDPR, SOC 2, NIST, HIPAA) and internal policies. Assist in developing security awareness training and conducting compliance onboarding for new employees. Stay updated on emerging threats, vulnerabilities, and evolving regulatory requirements. Requirements: 3-5 years of experience in a security compliance, security engineering, or audit-focused role. Strong experience with ISO/IEC 27001:2022 implementation, audits, and certification processes. Practical knowledge of VAPT tools and methodologies, including reporting and remediation tracking. Solid understanding of cloud security principles (preferably with hands-on experience in AWS). Familiarity with security controls, risk management, and audit frameworks (e.g., SOC 2, NIST, GDPR). Excellent documentation and communication skills, especially for audit readiness and stakeholder reporting. Ability to manage multiple security and compliance initiatives simultaneously.

Identifying, assessing, and mitigating potential risks across various areas of the organization, including IT security, business processes, and regulatory compliance. Developing, implementing, and maintaining GRC programs and processes to support compliance and risk management efforts. Assisting with internal and external audits, responding to audit findings, and ensuring corrective actions are implemented. User Access review Creating and maintaining policies and procedures related to governance, risk, and compliance. Conducting gap analysis and implementing frameworks and standards such as ISO 27001, GDPR, NIST, and SOX. Developing and revising policies, standards, processes, and guidelines for the organization. Conducting vendor risk assessments against organizational security requirements. Continually testing and monitoring the effectiveness of security controls. Conducting research to aid threat assessment or risk mitigation activities. Assist the department in responding to inquiries from the business units about ongoing operational compliance Working with various teams and departments to ensure GRC practices are integrated into business operations. Required Skills and Qualifications: Technical Skills & Experience: 5+ years of direct experience in information security, with a main emphasis on risk and compliance 3+ years of expertise conducting ISO 27001 and SOC 2 audits, as well as handling audit responses Thorough understanding of market structures, including relevant regulatory compliance requirements (ISO27001, SOC 2 , NIST, PCI, GDPR, etc.) Preferred Certification : CISA Knowledge of identity management standards, storage, and disaster recovery in the cloud and On-Premise Knowledge of GRC tool techniques and best practices Proven track record of organizing and carrying out several risk and compliance projects Ability to successfully manage third-party audits, compile evidence, and organize audit responses Effective written communication skills to develop & maintain the policies and procedures; the capability to communicate with cross-functional teams. Proven analytical and problem-solving abilities for managing initiatives that advance corporate goals Education Bachelors degree in computer science, information systems, or Cybersecurity

1. Consultant- 3-5 yrs experience- should be able to lead a team 2. Associate Consultant- 2-3 yrs experience. T.Exp: Rel.Exp: C.CTC: E.CTC: Notice Period: Current Location: Preferred work Location Bangalore or Mumbai: Any offer in hand? Please share your CV to Jacintha.j@ampcuscyber.com Location: Bangalore/Mumbai Qualifications: Masters degree in Cybersecurity, Information Technology, Computer Science, or related field. Industry certifications are highly desirable. Knowledge of cybersecurity principles, best practices, and regulatory requirements (e.g., PCI DSS, RBI Audits, GDPR, HIPAA, NIST, ISO 27001, ISO 27701, SOC 2). Strong understanding of network security, firewall management, intrusion detection/prevention systems, security assessment tools, cryptography etc. Experience with cloud security, mobile security, and endpoint protection. Proficiency in cybersecurity frameworks like the NIST Cybersecurity Framework and CIS Critical Security Controls. Excellent analytical and problem-solving skills. Effective communication and presentation abilities, both written and verbal. Strong client-facing skills with the ability to build and maintain relationships. Ability to work independently and collaboratively in a team. Ethical and professional behavior with a commitment to confidentiality. • Proficiency in Microsoft Office Suite

What You'll Do Avalara is looking for a security risk specialist to join our team reporting to the Senior Manager, Governance Risk & Compliance. We are looking for the ability to conduct risk analysis at a systemic level, working with engineers and architects as they develop Avalaras next-generation services. You understand technical controls and be able to analyze application product security within Avalara, including internal processes and reporting, and risks identified through code and design reviews of both internal and customer-facing software products and solutions. You will report to Senior Manager. What Your Responsibilities Will Be You will perform comprehensive risk assessments aligned with Avalaras risk management framework and develop applicable remediation plans. You will analyze and identify risks across technical environments, with a focus on application design, software architecture, and security tooling configurations. Guide the identification, management, and mitigation of risks within security infrastructure and technical control implementations. Collaborate with teams, including system owners, developers, and architects, to integrate risk management practices into the development lifecycle. Ensure risk and compliance controls are accomplished across teams and within defined Service level agreements. Coordinate the documentation and migration of control information into Avalaras GRC platform. What You'll Need to be Successful Bachelors degree in Information Technology, Computer Science, or equivalent experience. 3+ years of experience in IT Audit, IT Security, or IT Risk Management. Experience conducting systemic risk analysis in, including reviewing application design and architecture. Familiarity with standards and frameworks such as ISO 27001, SOC 1, SOC 2, SOX, NIST. Experience with application security principles, including the ability to assess risk through code and design review processes.

What You'll Do Avalara's Organizational Risk, Resilience, Compliance and Audit team (ORRCA) is responsible for managing various risk and compliance initiatives and is looking for someone to support a growing team to help build out the security compliance function. You will report to Senior Director, Security Operations. What Your Responsibilities Will Be You will be responsible for the overall coordination, execution, and quality control of assigned compliance controls such as access reviews, change reviews, terminated user analysis. You will ensure controls are appropriately performed by all stakeholders within defined SLAs. You will help implement compliance management in ServiceNow. You will perform compliance assessments against frameworks and develop remediation plans. You will work closely with system owners to ensure corrective action plans are in place to remediate gaps or deficiencies. You will identify areas for automation and/or business process improvements. You will assist in collecting and migrating control information into Avalara's GRC platform. You will work strategically and independently with internal and external groups on multiple simultaneous projects. You will apply compliance and security control knowledge within cloud environments such as AWS and GCP. You will identify opportunities to leverage AI and other automation technologies to streamline compliance processes. What You'll Need to be Successful Bachelor's degree in information technology, Computer Science, or equivalent experience 3+ years of work experience in IT Audit, IT Security, or IT Risk Management 3+ years of work experience working with ISO 27001, SOC 1, SOC 2, SOX, NIST etc. AI and automation experience. Basic understanding of risk concepts, including risk identification, evaluation, mitigation, and measurement

Technical Head of Cloud & DevOps Location: 100% Remote (India, Eastern Europe, UK, or U.S.-based candidates; occasional travel to company hubs or conferences as needed) Type: Full-time, Senior Technical Leadership Role Overview We are seeking a Head of Cloud & DevOps to lead the hands-on management, scaling, and continuous improvement of our decentralized compute infrastructure. This position will serve as the primary technical leader for cloud operations, Kubernetes orchestration, infrastructure management, and DevOps pipelines, ensuring platform reliability, performance, and scalability. You will work closely with the CTO, product management, and cross-functional engineering teams to operationalize our companys evolving platform, drive our migration to in-house Distributed Kubernetes Service (DKS), and ensure high uptime and SLA adherence for enterprise customers. This role requires deep technical expertise combined with strong leadership to guide and mentor teams, while remaining actively engaged in architecture reviews, troubleshooting, and hands-on problem solving. This role is designed for candidates who aspire to grow into a future CTOO position, taking on expanded enterprise leadership responsibilities as the platform scales globally. Mandatory Skills Kubernetes orchestration (multi-cluster, DKS, service mesh) Cloud infrastructure scaling (AWS, hybrid, AI workloads) DevOps & CI/CD leadership (Jenkins, GitOps, version control) Infrastructure as Code (IaC) (Terraform, Helm, Ansible) Incident response and uptime optimization (SRE, observability, 99.9%+ SLAs) Security & Compliance knowledge (SOC 2, ISO 27001, access control, encryption) Team leadership in DevOps/SRE/Cloud Ops Monitoring and alerting systems Platform reliability and SLA adherence 8+ years in Cloud Infrastructure, 4+ in Kubernetes/DevOps leadership Non Mandatory skills Experience with Distributed Kubernetes Service (DKS) migrations Passion for decentralized computing / Web3 / blockchain NXQ Token or similar token incentive familiarity Cloud-native architecture for AI workloads Experience with hybrid or bare-metal Kubernetes deployments Global infrastructure experience Knowledge of performance-based DevOps metrics (error budgets, SLOs) Key Responsibilities Infrastructure Ownership & Uptime Leadership Own the full operational lifecycle of our companys decentralized compute infrastructure, spanning Kubernetes, VMs, AI workloads, hybrid cloud integrations, and blockchain components. • Develop and execute infrastructure scaling plans to meet growth demands while maintaining enterprise-grade SLAs (99.9%+ uptime). • Build robust monitoring, observability, alerting, and incident response systems to proactively manage global NanoServer operations. • Maintain deep involvement in diagnosing and resolving performance, capacity, and stability issues. Kubernetes Platform Management & DKS Migration Lead the architecture, deployment, and ongoing optimization of our companys Distributed Kubernetes Service (DKS). • Manage the transition from AWS EKS to DKS with zero downtime, thorough testing, rollbacks, and security assurance. • Ensure DKS delivers parity or superiority to leading cloud providers' managed Kubernetes offerings. DevOps Leadership Drive maturity in CI/CD pipelines, infrastructure-as-code, configuration management, and automated testing practices. • Oversee deployment reliability, version control, rollbacks, and release management. • Lead incident response runbooks, playbooks, SRE error budgets, and continuous reliability improvements. Security & Compliance Implement strong security controls for Kubernetes clusters, network access, identity management, data privacy, and blockchain-related assets. • Collaborate with compliance teams on certifications (SOC 2, ISO 27001, etc.) as required by enterprise clients. • Maintain operational adherence to security standards and best practices. Team Leadership & Execution Lead, mentor, and grow cross-functional cloud operations teams: DevOps, SRE, infrastructure engineers, and backend developers. • Foster a culture of accountability, continuous improvement, operational excellence, and proactive ownership. • Set clear objectives, performance metrics, and technical execution roadmaps aligned to business goals. Collaboration & Stakeholder Alignment • Partner closely with the CTO, product management, and engineering leadership to translate platform objectives into actionable infrastructure projects. • Represent technical operations in cross-functional planning sessions and communicate platform health, SLAs, and operational risks. Qualifications & Experience 8+ years of experience managing complex cloud infrastructure, with at least 4+ years leading DevOps/SRE/Kubernetes operations at scale. • Strong hands-on expertise with Kubernetes orchestration, multi-cluster management, service mesh, container security, and high-scale distributed systems. • Proven success in infrastructure scaling, uptime optimization, incident response, and capacity planning. • In-depth knowledge of DevOps pipelines, CI/CD frameworks, Infrastructure-as-Code (Terraform, Helm), and automated deployments. • Demonstrated ability to lead migrations from managed cloud services to in-house infrastructure. • Strong understanding of cloud security, access controls, encryption, data privacy, and enterprise compliance . • Passion for decentralized cloud computing, Web3/blockchain concepts, or AI-driven infrastructure is a plus. • Excellent leadership, communication, and cross-functional collaboration skills. • Bachelors or Master’s degree in Computer Science, Engineering, or a related field; equivalent experience considered. Compensation & Benefits Competitive base salary depending on candidate location • Equity participation aligned to long-term growth of our company • Performance-based annual bonuses • NXQ token incentives aligned with ecosystem growth • Comprehensive healthcare coverage • Remote work flexibility with home office stipends • Opportunities for global collaboration and occasional travel • High-impact leadership role shaping the future of cloud technology • Structured career path to grow into CTOO based on organizational maturity and demonstrated leadership

Job description ** Immediate / 30 days Joiners** Work Mode: 5 days work form office Location: SLK Green Park, Devanahalli Bangalore Transport facility: Provided across Bangalore Job Description: 4+ years of experience in cybersecurity or IT risk/compliance Support the implementation and monitoring of security compliance programs across multiple client accounts and internal systems Conduct periodic internal assessments and audits to evaluate adherence to security standards such as ISO 27001, SOC 2, and client-specific requirements Maintain and update security documentation, including risk registers, audit reports, and compliance dashboards Perform risk assessments for new projects, vendors, or changes in business processes Good understanding of IT infrastructure, networks, and security controls Experience in conducting internal audits, compliance assessments, and evidence gathering Strong analytical and documentation skills. Excellent verbal and written communication skills Strong understanding of security frameworks (e.g., ISO 27001, SOC 2, Data Privacy etc.)

We have opening for Internal Audit Look for 5-15 years exp Good communication skill Should be comfortable for night shift until 5 AM in the morning Only for contractual roles Must have skills- ISO 27001, GRC, PCI DSS, HIPPA, SOC 2, GDPR Work mode: Remote Interview location: Chennai/ Bangalore Please fill below details along with updated resume babitha@configusa.com T.exp: R.exp: CTC: EX.CTC: N.P(Not more than 15days) Interested for contract to hire Available for F2F (14th June'25)(If not available than don't submit your profile with us)

** Immediate / 30 days Joiners** Work Mode: 5 days work form office Location : SLK Green Park, Devanahalli Bangalore Transport facility: Provided across Bangalore Job Description: 8+ years of experience in cybersecurity or IT risk/compliance, with at least 2-3 years in a lead or manager or senior consultant role Strong understanding of security frameworks (e.g., ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, etc.) Act as the primary point of contact for client-specific security compliance and governance requirements Interpret and implement client contractual security requirements across delivery, IT functions Conduct risk assessments, gap analyses, and ensure remediation plans are implemented as per client expectations Coordinate and oversee internal audits, client audits, and respond to client/ third-party security assessments Collaborate with cross-functional teams including IT, Legal, Facilities, HR, and Delivery to ensure end-to-end security compliance Good knowledge of security technologies for network security, access management, data protection, security event management, endpoint protection, email security, etc. Ability to work independently with minimal supervision Certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Auditor are preferred. Excellent verbal and written communication skills

What Your Responsibilities Will Be You will be responsible for the overall coordination, execution, and quality control of assigned compliance controls such as access reviews, change reviews, terminated user analysis. You will ensure controls are appropriately performed by all stakeholders within defined SLAs. You will help implement compliance management in ServiceNow. You will perform compliance assessments against frameworks and develop remediation plans. You will work closely with system owners to ensure corrective action plans are in place to remediate gaps or deficiencies. You will identify areas for automation and/or business process improvements. You will assist in collecting and migrating control information into Avalaras GRC platform. You will work strategically and independently with internal and external groups on multiple simultaneous projects. You will apply compliance and security control knowledge within cloud environments such as AWS and GCP. You will identify opportunities to leverage AI and other automation technologies to streamline compliance processes. What Youll Need to be Successful Bachelors degree in information technology, Computer Science, or equivalent experience 3+ years of work experience in IT Audit, IT Security, or IT Risk Management 3+ years of work experience working with ISO 27001, SOC 1, SOC 2, SOX, NIST etc. AI and automation experience. Basic understanding of risk concepts, including risk identification, evaluation, mitigation, and measurement

Ready to shape the future of work At Genpact, we don&rsquot just adapt to change&mdashwe drive it. AI and digital innovation are redefining industries, and we&rsquore leading the charge. Genpact&rsquos , our industry-first accelerator, is an example of how we&rsquore scaling advanced technology solutions to help global enterprises work smarter, grow faster, and transform at scale. From large-scale models to , our breakthrough solutions tackle companies most complex challenges. If you thrive in a fast-moving, tech-driven environment, love solving real-world problems, and want to be part of a team that&rsquos shaping the future, this is your moment. Genpact (NYSE: G) is an advanced technology services and solutions company that delivers lasting value for leading enterprises globally. Through our deep business knowledge, operational excellence, and cutting-edge solutions - we help companies across industries get ahead and stay ahead. Powered by curiosity, courage, and innovation , our teams implement data, technology, and AI to create tomorrow, today. Get to know us at and on , , , and . Inviting applications for the role of Manager- Information Security In this role we are looking for someone who has relevant years of relevant work experience in Information Security, Audit & assurance role with expertise in ITGC, network security and Application Security controls Responsibilities Experience in facilitating external & internal audits from inception to completion. Experience in drafting comprehensive risk-based control framework aligned to SOC 1, SOC 2 standard. Solutioning skills to resolve complicated IT, F&A and & application security issues. Working experience as an engagement lead for SOC 1 and SOC 2 audits at a Big 4/reputed IT organization Exposure to leadership connects on compliance posture, getting management commitment. Design and lead an internal monthly compliance monitoring framework with minimum manual touchpoints. Prepare & present an effective compliance dashboard for internal leaders and external stakeholders. Qualifications we seek in you! Minimum Qualifications Strong domain knowledge in ITGC testing, Application controls testing, SOC 1, SOC 2 reports, SaaS/PaaS/IaaS, Interface controls, Application Pre-Implementation and post Implementation reviews, Software Compliance reviews, IT & Network Security, Controls, Risk Frameworks, File Integrity Monitoring solutions, Cloud Security, Cyber security. Good performance rating in the current organization (verifiable) Any one audit certification: CISA/CISM/CRISC/CISSP Preferred Qualifications/ Skills Analytical skills, excellent problem-solving skills, ability to work within deadlines, excellent interpersonal and communication skills. Why join Genpact Be a transformation leader - Work at the cutting edge of AI, automation, and digital innovation Make an impact - Drive change for global enterprises and solve business challenges that matter Accelerate your career - Get hands-on experience, mentorship, and continuous learning opportunities Work with the best - Join 140,000+ bold thinkers and problem-solvers who push boundaries every day Thrive in a values-driven culture - Our courage, curiosity, and incisiveness - built on a foundation of integrity and inclusion - allow your ideas to fuel progress Come join the tech shapers and growth makers at Genpact and take your career in the only direction that matters: Up. Let&rsquos build tomorrow together. Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color , religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation. Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a %27starter kit,%27 paying to apply, or purchasing equipment or training.

Cloud Expertise: Google Cloud Platform (GCP) Mandatory, AWS Experience Required Key Responsibilities - Provision, manage, and support GCP sandbox environments for testing and development. - Ensure sandbox governance, security, and compliance with Citi policies. - Engage with Google Cloud & AWS support teams to troubleshoot and resolve issues. - Ensure sandbox isolation from production workloads and enforce resource lifecycle management (deletion/suspension of unused resources). - Onboard Citi teams and developers to new or existing AWS/GCP accounts. - Manage user access for single/multiple cloud accounts, ensuring least privilege access. - Assign and audit IAM roles and permissions for security and compliance. - Remove user access to specific accounts as needed. - Configure real-time alerts for sandbox activities and send to Citi Sandbox Email DL IDs. - Set up budget alerts (soft/hard limits) to prevent overspending. - Monitor security incidents, unauthorized access attempts, and anomalies. - Implement cost tracking mechanisms and automate resource cleanup to prevent cost overruns. - Implement GCP/AWS cost control measures (budgets, quotas, auto-scaling). - Track spending patterns and optimize resource allocation. - Ensure compliance with financial industry regulations (SOC 2, ISO 27001, GDPR). - Conduct periodic security and cost audits. - Automate cloud operations using Terraform, CloudFormation, or Deployment Manager. - Use Python/Bash scripting for process automation and cost/resource optimization.

Job Summary: We are looking for an experienced IT Audit Specialist with a proven track record in Big 4 consulting firms (Deloitte, PwC, EY, or KPMG). The ideal candidate must hold a valid CISA or CISSP certification and demonstrate deep expertise in IT general controls (ITGC), risk management, cybersecurity, and compliance. This role is focused solely on IT audits and advisory, not statutory or financial audits. Key Responsibilities: Lead and perform IT audits, including ITGC testing, automated controls reviews, and application audits across various environments. Evaluate cybersecurity controls, risk mitigation practices, and IT governance processes. Conduct assessments for SOX IT compliance, SOC 1/SOC 2, GDPR, and other regulatory frameworks. Work closely with internal stakeholders and client teams to identify control weaknesses and recommend remediation strategies. Participate in risk assessments, control design evaluations, and implementation of industry best practices. Document findings, prepare reports, and present results to senior leadership or client executives. Stay updated on emerging IT risks, technologies, and industry regulations to enhance audit effectiveness. Required Qualifications: 6+ years of IT audit experience with exclusive background in Big 4 firms (Deloitte, PwC, EY, KPMG). Professional certification: CISA (required); CISSP or other security certifications are a plus. Strong knowledge of ITGCs, application controls, and security frameworks (COBIT, NIST, ISO 27001). Experience in ERP systems audits (e.g., SAP, Oracle) and cloud environment assessments (AWS, Azure, GCP). Strong analytical, documentation, and communication skills. Ability to manage multiple projects and meet tight deadlines in a client-facing environment. Preferred Skills: Experience with SOC 1/SOC 2 reporting, vulnerability assessments, or data privacy audits. Familiarity with tools like Archer, ServiceNow GRC, or audit analytics platforms. Exposure to IT risk advisory or cybersecurity transformation projects.

Must have experience in dealing with NBFC/FinTech specific regulatory audit - ISO, RBI, SOC 2, PCI.AWS based application deployment, DevOps/DevSecops, technology stack and information security solutions Required Candidate profile Help develop practice for Risk Advisory, Transformation and Assurance under the Practice Leader. Provide consulting advisory to various customers around GRC advisory space Represent

Opportunity for a remote role. Experienced in GDPR, HIPAA, PCI-DSS, ISO 27001, SOC 2 compliance. Led implementation and maintenance of compliance programs including TPRA. Skilled in IT audit planning, ISO 27001 audits, and reporting.

Lead and support IT compliance audits and assessments aligned with ISO 27001 and SOC 2 standards.Understanding of regulatory compliance standards, such as GDPR, HIPAA,PCI-DSS,or ISO27001.Understanding of cloud platforms (AWS, Azure, or Google Cloud)

Role Overview We are looking for experienced DevOps Engineers (8+ years) with a strong background in cloud infrastructure, automation, and CI/CD processes. The ideal candidate will have hands-on experience in building, deploying, and maintaining cloud solutions using Infrastructure-as-Code (IaC) best practices. The role requires expertise in containerization, cloud security, networking, and monitoring tools to optimize and scale enterprise-level applications. Key Responsibilities Design, implement, and manage cloud infrastructure solutions on AWS, Azure, or GCP. Develop and maintain Infrastructure-as-Code (IaC) using Terraform, CloudFormation, or similar tools. Implement and manage CI/CD pipelines using tools like GitHub Actions, Jenkins, GitLab CI/CD, BitBucket Pipelines, or AWS CodePipeline. Manage and orchestrate containers using Kubernetes, OpenShift, AWS EKS, AWS ECS, and Docker. Work on cloud migrations, helping organizations transition from on-premises data centers to cloud-based infrastructure. Ensure system security and compliance with industry standards such as SOC 2, PCI, HIPAA, GDPR, and HITRUST. Set up and optimize monitoring, logging, and alerting using tools like Datadog, Dynatrace, AWS CloudWatch, Prometheus, ELK, or Splunk. Automate deployment, configuration, and management of cloud-native applications using Ansible, Chef, Puppet, or similar configuration management tools. Troubleshoot complex networking, Linux/Windows server issues, and cloud-related performance bottlenecks. Collaborate with development, security, and operations teams to streamline the DevSecOps process. Must-Have Skills 3+ years of experience in DevOps, cloud infrastructure, or platform engineering. Expertise in at least one major cloud provider: AWS, Azure, or GCP. Strong experience with Kubernetes, ECS, OpenShift, and container orchestration technologies. Hands-on experience in Infrastructure-as-Code (IaC) using Terraform, AWS CloudFormation, or similar tools. Proficiency in scripting/programming languages like Python, Bash, or PowerShell for automation. Strong knowledge of CI/CD tools such as Jenkins, GitHub Actions, GitLab CI/CD, or BitBucket Pipelines. Experience with Linux operating systems (RHEL, SUSE, Ubuntu, Amazon Linux) and Windows Server administration. Expertise in networking (VPCs, Subnets, Load Balancing, Security Groups, Firewalls). Experience in log management and monitoring tools like Datadog, CloudWatch, Prometheus, ELK, Dynatrace. Strong communication skills to work with cross-functional teams and external customers. Knowledge of Cloud Security best practices, including IAM, WAF, GuardDuty, CVE scanning, vulnerability management. Good-to-Have Skills Knowledge of cloud-native security solutions (AWS Security Hub, Azure Security Center, Google Security Command Center). Experience in compliance frameworks (SOC 2, PCI, HIPAA, GDPR, HITRUST). Exposure to Windows Server administration alongside Linux environments. Familiarity with centralized logging solutions (Splunk, Fluentd, AWS OpenSearch). GitOps experience with tools like ArgoCD or Flux. Background in penetration testing, intrusion detection, and vulnerability scanning. Experience in cost optimization strategies for cloud infrastructure. Passion for mentoring teams and sharing DevOps best practices.

Role Overview We are looking for experienced DevOps Engineers (8+ years) with a strong background in cloud infrastructure, automation, and CI/CD processes. The ideal candidate will have hands-on experience in building, deploying, and maintaining cloud solutions using Infrastructure-as-Code (IaC) best practices. The role requires expertise in containerization, cloud security, networking, and monitoring tools to optimize and scale enterprise-level applications. Key Responsibilities Design, implement, and manage cloud infrastructure solutions on AWS, Azure, or GCP. Develop and maintain Infrastructure-as-Code (IaC) using Terraform, CloudFormation, or similar tools. Implement and manage CI/CD pipelines using tools like GitHub Actions, Jenkins, GitLab CI/CD, BitBucket Pipelines, or AWS CodePipeline. Manage and orchestrate containers using Kubernetes, OpenShift, AWS EKS, AWS ECS, and Docker. Work on cloud migrations, helping organizations transition from on-premises data centers to cloud-based infrastructure. Ensure system security and compliance with industry standards such as SOC 2, PCI, HIPAA, GDPR, and HITRUST. Set up and optimize monitoring, logging, and alerting using tools like Datadog, Dynatrace, AWS CloudWatch, Prometheus, ELK, or Splunk. Automate deployment, configuration, and management of cloud-native applications using Ansible, Chef, Puppet, or similar configuration management tools. Troubleshoot complex networking, Linux/Windows server issues, and cloud-related performance bottlenecks. Collaborate with development, security, and operations teams to streamline the DevSecOps process. Must-Have Skills 3+ years of experience in DevOps, cloud infrastructure, or platform engineering. Expertise in at least one major cloud provider: AWS, Azure, or GCP. Strong experience with Kubernetes, ECS, OpenShift, and container orchestration technologies. Hands-on experience in Infrastructure-as-Code (IaC) using Terraform, AWS CloudFormation, or similar tools. Proficiency in scripting/programming languages like Python, Bash, or PowerShell for automation. Strong knowledge of CI/CD tools such as Jenkins, GitHub Actions, GitLab CI/CD, or BitBucket Pipelines. Experience with Linux operating systems (RHEL, SUSE, Ubuntu, Amazon Linux) and Windows Server administration. Expertise in networking (VPCs, Subnets, Load Balancing, Security Groups, Firewalls). Experience in log management and monitoring tools like Datadog, CloudWatch, Prometheus, ELK, Dynatrace. Strong communication skills to work with cross-functional teams and external customers. Knowledge of Cloud Security best practices, including IAM, WAF, GuardDuty, CVE scanning, vulnerability management. Good-to-Have Skills Knowledge of cloud-native security solutions (AWS Security Hub, Azure Security Center, Google Security Command Center). Experience in compliance frameworks (SOC 2, PCI, HIPAA, GDPR, HITRUST). Exposure to Windows Server administration alongside Linux environments. Familiarity with centralized logging solutions (Splunk, Fluentd, AWS OpenSearch). GitOps experience with tools like ArgoCD or Flux. Background in penetration testing, intrusion detection, and vulnerability scanning. Experience in cost optimization strategies for cloud infrastructure. Passion for mentoring teams and sharing DevOps best practices.

Roles and Responsibilities Greetings from GRM Technologies!!! Providing support in IT and Cyber Risk Advisory services offered by GRM Technologies to its clients in the following domains- Information regulatory compliance (ISO 27001, PCIDSS, RBI, SEBI, SOC1, SOC2, PCI DSS, HITRUST, GDPR) Information risk management Information security and information assurance Information technology controls for financial and other systems Identifying processes and technologies to maintain and enhance the security architecture Disaster recovery and business continuity management Information privacy Have a fair understanding of Business Continuity Planning and DR Drills Should have conducted Information Life Cycle management reviews in the past Conducting Infrastructure Vulnerability Assessment and Penetration Testing Conducting Web and Mobile Application Security Assessment Conducting Secure Code Review Conducting Architecture Review Should have minimum 2-5 yrs. of experience into Cyber Security, including IT Risk, Cyber Risk & Compliance, IT Audit, Vendor Audit, VAPT, Application Security, Fraud Risk & Security. Knowledge of information security standards, principles and practices required Perform risk assessment, controls and documentation with expected standards (information technology/ business process) Conduct Infrastructure Vulnerability Assessment and Penetration Testing Conduct Web Application Security Assessment Conduct Mobile Application Security Assessment Conduct Source Code Review Perform SOX compliance audits, SOC 1 and SOC 2 audits, as well as testing and reporting Perform control testing pertaining to operating systems, data base (Windows, Unix, Oracle, MSSQL, DB2) Should be able to test basic and automated ERP ITGC controls (SAP, Oracle, etc.) Ability to draft BCP/ DR policy and carry out testing of plan and procedures would be preferable Ability to adapt to new scope areas and technologies Bring in vertical expertise in at least two verticals like BFSI, manufacturing, or more Ability to manage client communication and escalation Ability to make all attempts to guide the peers and self to improve client satisfaction scores Participate in proposal preparation Understanding of risk Appreciation for technological innovation Strong organization skills Curiosity and eagerness to learn Initiative to seek out opportunities and add value Tolerance for ambiguity and shifting priorities; appreciation of change. Should have certification on CCNA / CCNP / ITIL Exposure into ISO 27001 is mandate

Lead GRC , risk assessment, and implementation. Strong in ISO 27001, PCI, PSS, SOC 2, IRDAI. Ensure compliance, audits, awareness. Design InfoSec strategies aligned with ISO, NIST, RBI, SEBI to enhance cybersecurity and meet regulations.

Information Security Assistant Manager Location: Remote. Apply at: ravi.kumar1@akmglobal.in | +91-7838872468 Seeking a highly skilled and experienced Information Security Assistant Manager to join our team. This role requires proficient experience in ISO 27001 and SOC 2 implementation and compliance , along with a strong understanding of global security standards. If you are passionate about information security and looking to advance your career in a dynamic, professional environment, we encourage you to apply. Total Experience: Relevant Experience in ISO 27001 Implementation: Relevant Experience in SOC 2: Current CTC: Expected CTC: Notice Period: Key Responsibilities Collaborate with the CISO to design, implement, and enhance the organizations cybersecurity framework. Maintain, update, and ensure adherence to information security policies in alignment with ISMS standards. Ensure compliance with ISO 27001, SOC 2, HIPAA, and related security and privacy regulations. Serve as the primary point of contact for internal and external audits related to information security. Work closely with technical teams and external clients to uphold robust security practices in all products and services. Develop and maintain comprehensive security documentation and reports. Monitor emerging threats, legal and regulatory changes, and adapt security practices accordingly. Lead and support company-wide security training, awareness initiatives, and best practice promotion. Play an active role in the end-to-end implementation and management of ISO 27001 controls and frameworks. Required Qualifications & Skills Hands-on experience in ISO 27001 implementation (mandatory). Strong familiarity with SOC 2 controls and reporting frameworks (mandatory). Working knowledge of HIPAA, GDPR (EU & UK), and U.S. data privacy laws. Prior experience in managing audits and ensuring regulatory compliance. Excellent written and verbal communication skills, with the ability to convey complex security concepts to diverse audiences. Ability to manage multiple projects and priorities under pressure. Proven leadership in executing information security projects. Experience working with international clients or in multicultural environments. Fluency in English (spoken and written) is essential.

The position will be primarily responsible for implementation and / or assessment of ISO 27001:2022, 27002, SOC 2 standard for clients. The position will work independently or with senior consultants for the implementation and management of information security compliance and/or other best practices. Key Performance Indicators Experience in ISO 27001/27002 controls verification and compliance: Assist Clients to get ISO 27001 certification by identification and implementation of appropriate controls in the Audit scope. Conduct Risk assessment of activities and coordinate with stakeholders till closure signoff / risk acceptance. Define, Develop and review information security policies, procedures, guidelines, forms and templates as per best practice Create and review baseline standards for OS, Database, webservers and applications and recommend improvements Support post implementation and continuous audits for ISO 27001:2013 and ensure compliance. Create organizational information security awareness program and conduct awareness. Assist and recommend measures to ensure compliance with Security standards (ISO, NIST, CIS, PCI DSS etc) or any best practices. Skills: Information Technology and/or Cybersecurity skills: Information Technology and/or Cybersecurity skills a solid IT foundation, ability to communicate technical information verbally and through written documentation, Knowledge of security areas such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, or web services is preferred Presales skills: Excellent communication, problem-solving, client-facing, ability to work as a team Competence: ISO 27001 / Cybersecurity Certifications. Willingness to obtain the Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) designations.

Information Security Engineer Experience: 2 - 6 Years Exp Salary : Competitive Preferred Notice Period : Within 30 Days Shift : 10:00AM to 7:00PM IST Opportunity Type: Onsite (Mumbai) Placement Type: Permanent (*Note: This is a requirement for one of Uplers' Clients) Must have skills required : ISO 27001, SOC 2, AWS, GCP, Azure, public cloud IDfy (One of Uplers' Clients) is Looking for: Infosec Engineer who is passionate about their work, eager to learn and grow, and who is committed to delivering exceptional results. If you are a team player, with a positive attitude and a desire to make a difference, then we want to hear from you. Role Overview Description Who are we? Trust isnt a given, it needs to be built. And in a world where fraud is evolving faster than ever, trust must be safeguarded at every step. At IDfy, we make trust scalable. As an Integrated Identity Platform, we help businesses verify identities, detect fraud, and stay compliantensuring every interaction starts with confidence. Our clients include HDFC Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. With more than 13+ years of experience and 2 million verifications per day, we are pioneers in this industry. We do this through three interconnected platforms: Onboarding Platform: Our IDfy360 and Video Solutions make KYC and identity verification seamless, turning compliance into a frictionless experience. Fraud & Risk Management Platform: We stay ahead with CrimeCheck, RiskAI, and our Transaction Intelligence Platform identifying synthetic identities, financial risks, and bad actors before they cause damage. Privacy & Data Governance Platform: With PRIVY, businesses can navigate evolving data protection laws with ease, ensuring security and transparency at every step. Infosec Engineer As an Information Security Engineer at IDfy, youll support the InfoSec team in ensuring that our systems, policies, and processes meet global compliance standards. From supporting audits to reviewing documentation and responding to customer requests, youll get hands-on experience in what it takes to keep a fast-paced tech company secure. This is the perfect role if youve dabbled in audits, are curious about security frameworks, and want to grow into a well-rounded InfoSec professional. We are the match if you... Have been part of audits (ISO 27001, SOC 2, Customer TPRA) either conducting or surviving them for 2-4 years Have good understanding of ISO 27001, SOC 2, or other security frameworks Experienced in handling ISMS management end to end independently/ as a part of a team Are organized, detail-oriented, and a bit obsessed with checklists Know your way around cloud basics (GCP preferred, others fine too) Can document policies and processes clearly Want to learn how security works in a product and SaaS environment Are eager to work with a team that takes compliance seriously (but not too seriously) Are open to earning certifications down the line (CISA, ISO 27001 LA, etc.) Heres what your day would look like... Assist in maintaining our ISMS for ISO 27001 and SOC 2 including policy review/updates, creating SOPs and executing ISMS activities Support internal and external audit prep and documentation Track and respond to client security questionnaires Face / assist customer third-party risk assessments Collaborate with legal, engineering, and product teams to ensure compliance Assist in monitoring compliance metrics and identifying improvement areas Learn, grow, and eventually take on more ownership within the InfoSec team Whats it like working at IDfy? We build products that detect and prevent fraud. With billions of transactions flowing through our pipes, InfoSec is not just important, its critical. Youll have the space to take ownership, challenge the status quo, and build security systems that scale with our growth. And yes, we love memes, chai, and debating compliance checklists over lunch. Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies. We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities. How to apply for this opportunity: Easy 3-Step Process: 1. Click On Apply! And Register or log in on our portal 2. Upload updated Resume & Complete the Screening Form 3. Increase your chances to get shortlisted & meet the client for the Interview! About Our Client: IDfy is an Integrated Identity Platform offering products and solutions for KYC, KYB, Background Verifications, Risk Assessment, and Digital Onboarding. We establish trust while delivering a frictionless experience for you, your employees, customers and partners. About Uplers: Our goal is to make hiring and getting hired reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant product and engineering job opportunities and progress in their career. (Note: There are many more opportunities apart from this on the portal.) So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

Infosec Engineer Experience: 2 - 6 Years Exp Salary : Competitive Preferred Notice Period : Within 30 Days Shift : 10:00AM to 7:00PM IST Opportunity Type: Onsite (Mumbai) Placement Type: Permanent (*Note: This is a requirement for one of Uplers' Clients) Must have skills required : ISO 27001, SOC 2, AWS, GCP, Azure, public cloud IDfy (One of Uplers' Clients) is Looking for: Infosec Engineer who is passionate about their work, eager to learn and grow, and who is committed to delivering exceptional results. If you are a team player, with a positive attitude and a desire to make a difference, then we want to hear from you. Role Overview Description Who are we? Trust isnt a given, it needs to be built. And in a world where fraud is evolving faster than ever, trust must be safeguarded at every step. At IDfy, we make trust scalable. As an Integrated Identity Platform, we help businesses verify identities, detect fraud, and stay compliantensuring every interaction starts with confidence. Our clients include HDFC Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. With more than 13+ years of experience and 2 million verifications per day, we are pioneers in this industry. We do this through three interconnected platforms: Onboarding Platform: Our IDfy360 and Video Solutions make KYC and identity verification seamless, turning compliance into a frictionless experience. Fraud & Risk Management Platform: We stay ahead with CrimeCheck, RiskAI, and our Transaction Intelligence Platform identifying synthetic identities, financial risks, and bad actors before they cause damage. Privacy & Data Governance Platform: With PRIVY, businesses can navigate evolving data protection laws with ease, ensuring security and transparency at every step. Infosec Engineer As an Information Security Engineer at IDfy, youll support the InfoSec team in ensuring that our systems, policies, and processes meet global compliance standards. From supporting audits to reviewing documentation and responding to customer requests, youll get hands-on experience in what it takes to keep a fast-paced tech company secure. This is the perfect role if youve dabbled in audits, are curious about security frameworks, and want to grow into a well-rounded InfoSec professional. We are the match if you... Have been part of audits (ISO 27001, SOC 2, Customer TPRA) either conducting or surviving them for 2-4 years Have good understanding of ISO 27001, SOC 2, or other security frameworks Experienced in handling ISMS management end to end independently/ as a part of a team Are organized, detail-oriented, and a bit obsessed with checklists Know your way around cloud basics (GCP preferred, others fine too) Can document policies and processes clearly Want to learn how security works in a product and SaaS environment Are eager to work with a team that takes compliance seriously (but not too seriously) Are open to earning certifications down the line (CISA, ISO 27001 LA, etc.) Heres what your day would look like... Assist in maintaining our ISMS for ISO 27001 and SOC 2 including policy review/updates, creating SOPs and executing ISMS activities Support internal and external audit prep and documentation Track and respond to client security questionnaires Face / assist customer third-party risk assessments Collaborate with legal, engineering, and product teams to ensure compliance Assist in monitoring compliance metrics and identifying improvement areas Learn, grow, and eventually take on more ownership within the InfoSec team Whats it like working at IDfy? We build products that detect and prevent fraud. With billions of transactions flowing through our pipes, InfoSec is not just important, its critical. Youll have the space to take ownership, challenge the status quo, and build security systems that scale with our growth. And yes, we love memes, chai, and debating compliance checklists over lunch. Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies. We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities. How to apply for this opportunity: Easy 3-Step Process: 1. Click On Apply! And Register or log in on our portal 2. Upload updated Resume & Complete the Screening Form 3. Increase your chances to get shortlisted & meet the client for the Interview! About Our Client: IDfy is an Integrated Identity Platform offering products and solutions for KYC, KYB, Background Verifications, Risk Assessment, and Digital Onboarding. We establish trust while delivering a frictionless experience for you, your employees, customers and partners. About Uplers: Our goal is to make hiring and getting hired reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant product and engineering job opportunities and progress in their career. (Note: There are many more opportunities apart from this on the portal.) So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!