35 Soc 2 Jobs - Page 2

The Role: Assistant Manager, Vendor Risk Continuous Monitoring Program We are looking for a proactive and experienced Lead who would lead Vendor Risk Continuous Monitoring & Affiliate program w ithin Vendor Risk Management (VRM) program. This role will be responsible for overseeing and managing the vendor risk monitoring program and the Team , managing affiliate risk assessments , and driving key governance initiatives such as Open Issue Governance , Risk Acceptance , and Adverse Event Management . The ideal candidate will have extensive experience in third-party risk management, strong leadership skills, and a deep understanding of industry regulations, risk frameworks, and governance processes. The Team: Vendor Risk Management is a critical function that organizations globally are increasingly focusing on. Our team ensures thorough reviews of each vendor engaged globally, supporting the business in making risk-informed and data-driven decisions. We collaborate closely with Business Units and Risk Domain Subject Matter Experts (SMEs), such as Cyber Risk, to conduct assessments and recertifications in compliance with regulatory requirements. When issues are identified, VRM team is responsible for ensuring risk mitigation and providing feedback to leadership before engaging with the vendor. Responsibilities and Impact: Working in Vendor Risk Management Team provides the opportunity to continuously improve processes in response to the evolving requirements of various regulators. This dynamic environment offers ample opportunities to expand your knowledge and expertise. In addition to conducting risk assessments, the vendor risk monitoring program , managing affiliate risk assessments , and driving key governance initiatives, you will have the chance to contribute to various projects, enabling you to showcase and further develop your skills and experience. Key responsibilities: Conduct comprehensive risk assessments of third-party vendors, ensuring alignment with organizational risk tolerance and standards. Evaluate financial, operational, cyber, compliance and privacy risks associated with each vendor relationship. Manage the continuous monitoring of vendor and affiliate risks, ensuring timely identification and assessment of any emerging risks. Oversee and manage the affiliate risk assessment program, ensuring that risks related to third-party affiliates are identified, evaluated, and mitigated. Manage open issues identified during Vendor and Affiliate assessments. Ensure that open issues are tracked, managed, and resolved within agreed timelines, and provide regular updates to leadership on the status of these issues. Manage the process for evaluating and documenting risk acceptance for vendors. Ensure that all risk acceptance decisions are properly documented, justified, and aligned with the organizations risk appetite and governance policies. Manage the identification, reporting, and resolution of adverse events related to vendor. Work with relevant teams to assess the impact of adverse events, ensure timely remediation, and minimize any negative consequences to the organization. Prepare and present detailed reports and dashboards on vendor and affiliate risk monitoring, open issue management, risk acceptance, and adverse events to senior leadership Work with vendors and internal teams to develop risk mitigation plans and track remediation efforts for any identified issues or non-compliance. Collaborate with Cyber Risk/Information Security, Business Continuity, Procurement, Compliance and other Domain SMEs to ensure correct risk level is documented in the Vendor Risk Assessment results and track the progress. Lead and support enhancement projects within Vendor Risk Management to meet various business and regulatory requirements. Identify opportunities to streamline risk assessment processes and improve the overall effectiveness of the Vendor Risk Management program. Assist the team members in balancing the load and managing Ad-hoc projects. What Were Looking For: Basic Required Qualifications: Professional with Vendor Risk Management background, having good experience in conducting vendor risk assessments, or related fields (e.g., compliance, audit, or risk management, GRC) with at least 6-10 years of experience after Degree/Masters Should have experience in understanding and managing the risk for IT and Cloud based vendors. Strong knowledge of risk management frameworks, compliance regulations (e.g., GDPR, ISO 27001, SOC 2), and cybersecurity principles. Experience with vendor management tools, risk monitoring platforms, and relevant reporting systems. Should have understanding on the roles and responsibilities of different risk functions like Third Party Risk Management, QA Function, IT Risk, Operational Risk, Financial Risk, Internal Control, Internal audit, Privacy and Compliance etc. Should have good understanding in conducting financial, compliance, and privacy assessments. Excellent leadership, communication, and collaboration skills, with the ability to engage with stakeholders at all levels. Amenable for 2pm-11pm India Time Additional Preferred Qualifications: This position is required to work in UK Shift; flexibility is a must, especially when it comes to vendor and internal meetings held during US business hours. Strong organizational skills with the ability to multitask and prioritize while maintaining close attention to detail. Ability to work in a fast-paced, evolving environment while maintaining attention to detail. Ability to build strategic partnerships with internal stakeholders. Must be a critical thinker with strong qualitative skills. Information Security/Risk Management certification would be an advantage.

Position : Principal Architect (Only Immediate Joiner) Experience: Ten plus years experience in software development with at least the last few years in a leadership role with progressively increasing responsibilities Location : Bangalore Mode of work : Hybrid Education : BS (or higher, MS / PhD) degree in Computer Science / related field, or equivalent technical experience. Job Type : On Role (Full Time) Salary : Negotiable Job Description Purpose As a Principal Architect you will be key member of platform engineering team focused on building core applications, help the organization meet the technical challenges of building applications to support a rapidly expanding business. You will also work with a globally distributed team of engineers to design and build cutting edge solutions that directly improve the healthcare industry. Youll contribute to our fast-paced, collaborative environment and bring your expertise to continue delivering innovative technology solutions. Duties and Responsibilities 1. Function as a key member of the platform engineering team, leading platform engineering development initiatives for internally developed applications 2. Provide decisive and effective technical leadership for all development efforts 3. Manage, mentor, and advise the platform engineering team. 4. Lead and contribute to the creation of a self-service platforms for software development, infrastructure, and data analytics. 5. Collaborate with engineers, product, and business leaders to ensure platforms are integrated with other systems and technologies. 6. Minimize schedule and technical risk by foreseeing and addressing obstacles proactively and aggressively 7. Participate in development process by identifying potential weak points. Lead solutions development using technical judgment, input from experts and the involvement of other systems development partners as appropriate 8. In cooperation with product management, prioritize and manage all engineering efforts related to Applications products 9. Clearly and consistently communicate product vision to the team. Guide the team to achieve this vision Qualifications To perform this job successfully, an individual must be able to perform each duty satisfactorily. The requirements listed below are representative of the knowledge, skills, and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities perform the duties. Education (Degrees, Certificates, Licenses, Etc.) BS (or higher, MS / PhD) degree in Computer Science / related field, or equivalent technical experience. Experience 1. Ten plus years experience in software development with at least the last few years in a leadership role with progressively increasing responsibilities 2. Extensive experience in the following areas a. C#, .Net b. Designing and building cloud-native solutions (Azure, AWS, Google Cloud Platform) c. Infrastructure as Code tools (Terraform, Pulumi, cloud-specific IaC tools) d. Configuration management tools (Ansible, Chef, Salt Stack) e. Containerization and orchestration technologies (Docker, Kubernetes) f. Native and third-party Databricks integrations (Delta Live Tables, Auto Loader, Databricks Workflows / Apache Airflow, Unity Catalog) 3. Extensive experience in Azure 4. Experience designing and implementing data security and governance platform adhering to compliance standards (HIPPA, SOC 2) preferred Specific Job Knowledge, Skill and Ability 1. Demonstrated success in effectively communicating at all levels of an organization 2. Deep understanding and knowledge on developing products using Microsoft Technologies 3. Ability to lead through influence rather than direct authority 4. Demonstrated successful time management and organization skills 5. Ability to manage and work with a culturally diverse population 6. Ability to work well and productively, always projecting a positive outlook in a fast-paced, deadline-driven environment 7. Ability to anticipate roadblocks, diagnose problems and generate effective solutions 8. Knows how to organize a software development team to maximize quality and output 9. Will promote and encourage opportunities for personal and professional growth in employees 10. Understands how to use metrics to drive process improvements. Interested candidates kindly share your CV and below details to usha.sundar@adecco.com 1) Present CTC (Fixed + VP) - 2) Expected CTC - 3) No. of years experience - 4) Notice Period - 5) Offer-in hand - 6) Reason of Change - 7) Present Location -

Position : Staff Data Engineer (Only Immediate Joiner) Experience: 8+ years data engineering experience Location : Bangalore Mode of work : Hybrid Education : BS (or higher, MS / PhD) degree in Computer Science / related field, or equivalent technical experience. Job Type : On Role (Full Time) Salary : Negotiable Purpose As a Staff Data Engineer, you will work with a globally distributed team of engineers to design and build cutting edge solutions that directly improve the healthcare industry. Youll contribute to our fast-paced, collaborative environment and bring your expertise to continue delivering innovative technology solutions, while mentoring others. Duties and Responsibilities 1. Lead and contribute to the creation of a self-service data platform for reporting and analytics 2. Design and build data solutions using Databricks, SQL, Python, Spark, and Delta Lake in the Azure ecosystem (Blob Storage, Data Factory, Event Hubs) 3. Ensure best practices for ETL / ELT processes (data quality management, data processing, data partitioning, maintainability and reusability) 4. Collaborate with engineers, product, and business leaders to ensure data platform is integrated with other systems and technologies (Tableau, Power BI, APIs, custom applications) 5. Establish CI/CD processes, test frameworks, infrastructure-as-code tools, and monitoring/alerting (Git, Terraform, Azure DevOps / GitHub Actions / Jenkins, Azure Monitor / Datadog) 6. Adhere to the Code of Conduct and be familiar with all compliance policies and procedures stored in LogixGarden relevant to this position Qualifications To perform this job successfully, an individual must be able to perform each duty satisfactorily. The requirements listed below are representative of the knowledge, skills, and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities perform the duties. Experience 1. Experience with native and third-party Databricks integrations (Delta Live Tables, Auto Loader, Databricks Workflows / Apache Airflow, Unity Catalog) 2. 8+ years data engineering experience 3. 3+ years in a senior, staff or principal engineer role 4. Experience designing scalable data pipelines 5. Experience leading projects within a team and across teams 6. Azure experience preferred 7. Azure Databricks implementation experience preferred 8. Experience designing and implementing data security and governance platform adhering to compliance standards (HIPPA, SOC 2) preferred Specific Job Knowledge, Skill and Ability 1. Strong programming skills in pySpark/Scala 2. Strong Dataframe programming skills, such as Spark, Pandas, NumPy 3. Passion for mentoring and guiding others 4. Strong written and verbal communication skills 5. Expert knowledge in architecting, designing and implementing data solutions to serve the needs of our business processes and software products 6. Ability to keep security, maintainability, and scalability in mind with the solutions built 7. Possess excellent interpersonal communication skills and an aptitude for continued learning Interested candidates kindly share your CV and below details to usha.sundar@adecco.com 1) Present CTC (Fixed + VP) - 2) Expected CTC - 3) No. of years experience - 4) Notice Period - 5) Offer-in hand - 6) Reason of Change - 7) Present Location -

Job Overview: We are seeking an experienced Project Manager to oversee the seamless coordination of project tasks and deliverables between onshore and offshore teams, ensuring efficient and timely execution. The ideal candidate will have strong technical expertise, specifically in the cybersecurity domain , and will be capable of effectively communicating with both senior leadership and technical teams. You will be responsible for managing resources, mitigating risks, and ensuring smooth transitions throughout the project lifecycle. Key Responsibilities: Project Coordination: Oversee the handoff of project initiatives between onshore and offshore teams to ensure smooth transitions and consistent execution of project tasks and deliverables. Resource Management: Allocate and manage technical resources effectively, ensuring the right people are in the right roles to meet project milestones and delivery expectations. Stakeholder Communication: Serve as the primary point of contact for technical team leads and senior leadership. Provide regular updates on project status, risks, challenges, and mitigation strategies. Technical Acumen (Cybersecurity): Maintain a strong technical understanding of ongoing initiatives, enabling you to engage in meaningful discussions with customers and stakeholders about the projects technical details and deliverables. Risk Management: Proactively identify risks and issues within the project, working closely with teams to develop and implement contingency plans to address them before they affect the project timeline. Performance Monitoring: Regularly monitor and evaluate the performance of both onshore and offshore teams, offering constructive feedback, coaching, and support to ensure optimal team productivity and quality. Documentation: Maintain comprehensive project documentation, including status reports, resource allocation plans, risk assessments, and project timelines to ensure transparency and alignment with project goals. Required Skills & Qualifications: Experience: 5+ years of experience in cybersecurity with a proven understanding of security initiatives, challenges, and best practices. Experience managing technical resources in both onshore and offshore teams. Proven ability to manage and coordinate projects in a distributed environment with a focus on delivering results on time. Educational Background: Bachelors degree in Computer Science , Information Technology , or a related field, OR equivalent combination of education, training, and work experience. Technical Expertise: Strong cybersecurity knowledge , with experience in the implementation and management of security measures across a variety of platforms. Familiarity with project management methodologies , particularly in a distributed team setting. Proficiency with Microsoft Azure DevOps (ADO) and other project management tools for resource allocation, tracking, and project monitoring. Communication Skills: Exceptional communication skills , with the ability to effectively interact with senior leadership, technical teams, and stakeholders. Strong interpersonal skills and the ability to work well with diverse teams across geographies and time zones. Project Management: Strong organizational skills and demonstrated ability to manage multiple projects simultaneously while balancing competing priorities. Experience in managing projects through all phases, from initiation to delivery, with a clear focus on timeliness, quality, and risk mitigation . Problem-Solving & Attention to Detail: Excellent problem-solving capabilities with a detail-oriented approach to managing complex projects and tasks. Ability to quickly assess issues and provide practical solutions to keep projects on track. Adaptability: Ability to thrive in a fast-paced, dynamic environment , managing shifting priorities and challenges effectively. Cybersecurity Certifications: Certifications such as CISSP , CISM , CompTIA Security+ , or equivalent are a plus.

Summary As a Cloud Security Engineer at Gainwell, you can contribute your skills as we harness the power of technology to help our clients improve the health and well-being of the members they serve a communitys most vulnerable. Connect your passion with purpose, teaming with people who thrive on finding innovative solutions to some of healthcares biggest challenges. Here are the details on this position. Your role in our mission Knowledge and experience with deploying and managing cloud solutions in AWS/Azure. Strong understanding of cloud security principles, best practices, and compliance requirements (e.g., GDPR, HIPAA, SOC 2, etc.). Design, implement, and maintain security controls and configurations for cloud-based infrastructure. Configure AWS CloudTrail to enable logging and monitoring of API activity in AWS, providing visibility into user and resource activity and aiding in incident response and forensic investigations. Manage AWS Identity and Access Management (IAM) policies to enforce least privilege access, regularly review and audit permissions, and ensure adherence to security best practices an Proficient in designing and supporting cloud environments, including IaaS and PaaS. Troubleshooting and supporting cloud infrastructure in AWS/Azure. Proficiency in scripting and automation tools (e.g., Python, PowerShell, Terraform, etc.). Coordinate with Infrastructure partners on test data backup and recovery tools. Design, implement, and maintain security controls and configurations for cloud-based infrastructure. Basic Qualification 6 or more years of technical experience in product design and support working with client enterprise products, services and requirements, with health and human services experience preferred Knowledge of technology architecture, the product development life cycle, cloud technologies, software as a service, and product and platform configurations Strong skills using and manipulating relational databases, event subscription-based communication and software development skills between modules Willingness to lead and take ownership over assigned work and to mentor more junior colleagues in-role Ability to anticipate problems, resolve ambiguous issues and take decisive action What you should expect in this role Opportunities to travel through your work (0-10%) Other Qualifications Knowledge and experience with deploying and managing cloud solutions in AWS/Azure. Strong understanding of cloud security principles, best practices, and compliance requirements (e.g., GDPR, HIPAA, SOC 2, etc.). Proficient in designing and supporting cloud environments, including IaaS and PaaS.Implement patching automation solutions to ensure timely and consistent patching of cloud resources, minimizing the risk of exploitation due to unpatched vulnerabilities. Configure and manage AWS Security Hub to centrally manage security and compliance checks across AWS accounts, automate security findings, and prioritize remediation actions. Utilize AWS Macie to automatically discover, classify, and protect sensitive data stored in AWS, ensuring compliance with regulatory requirements and minimizing the risk of data breaches. Configure AWS CloudTrail to enable logging and monitoring of API activity in AWS, providing visibility into user and resource activity and aiding in incident response and forensic investigations. Manage AWS Identity and Access Management (IAM) policies to enforce least privilege access, regularly review and audit permissions, and ensure adherence to security best practices and compliance requirements.

Leena AI is seeking a visionary and accomplished Director of Security & Privacy Engineering to lead our efforts in protecting sensitive data, ensuring compliance, and building a robust security posture. This is a pivotal role reporting directly to the CTO & CEO with the responsibility of ensuring data security, privacy, and compliance across all customers. You will play a critical role in defining and executing a forward-thinking security strategy to protect sensitive data, ensure regulatory compliance, and respond to an evolving threat landscape. Responsibilities: Develop and implement a comprehensive security and privacy program, encompassing policies, procedures, standards, and controls to safeguard data and systems. Incident Management & Risk Mitigation - Lead the charge on detecting, responding to, and mitigating security and privacy incidents. Ensure business continuity through proactive risk management and threat intelligence. Conduct regular risk assessments to identify vulnerabilities and prioritize security initiatives. Define and execute quarterly business goals (QBRs) specific to security and privacy, collaborating with cross-functional teams. Provide expert guidance and support to Sales, pre-sales, legal, and engineering teams on security and privacy matters. Build and lead a high-performing team of security engineers. Handle customer inquiries and concerns related to information security and privacy. Manage all security operations, including vulnerability management, risk management, SIEM, and internal SOC. Stay abreast of evolving global and regulatory requirements and proactively ensure Leena AI meets compliance standards. Foster relationships with external security partners, legal advisors, and regulators to advance Leena AIs security and privacy objectives. Qualifications: 10+ years of leadership experience in security, information security, privacy, or compliance roles in enterprise SaaS or cloud environments. Expertise in global compliance frameworks such as GDPR, HIPAA, CCPA, SOC 2, ISO 27001, and NIST. Strong cloud security knowledge, especially in AWS and multi-cloud environments.. Experience leading Security Operations Centers (SOC), incident response, and vulnerability management. Exceptional communication, problem-solving, and critical thinking skills. Exceptional leadership and communication skills to guide diverse teams, collaborate cross-functionally, and engage with customers and regulators. Bachelor's degree in a related field; Master's degree preferred. Workplace Type Hybrid Employment Type Full-time Experience Level director-vp Work Experience (years) 10 - 14 years Education Bachelor's Degree Skills security iso 27001 soc 2 compliance compliance risk risk management vulnerability management information security team leadership cloud security (aws, multi-cloud environments) gdpr compliance customer engagement security and privacy policies and procedures security operations center (soc) management compliance frameworks (gdpr, hipaa, ccpa, soc 2, iso 27001, nist) incident response regulatory compliance leadership and communication security and privacy program development

Job Summary: We are looking for a DevSecOps Engineer with 4-6 years of experience in Azure DevOps, Infrastructure Automation, and Security Operations (SecOps) to enhance the security, scalability, and compliance of our healthcare cloud platform. This role requires deep expertise in Azure DevOps, infrastructure automation, and compliance-driven security to support a regulated healthcare environment. Key Responsibilities: 1. DevOps Engineering & CI/CD Pipeline Automation Design, implement, and manage CI/CD pipelines using Azure DevOps for automated infrastructure provisioning and application deployments. Automate build, test, and deployment processes using Terraform, ARM Templates, or Bicep. Ensure version-controlled infrastructure as code (IaC) for consistent and repeatable deployments. Optimize CI/CD pipelines for faster, secure, and compliant releases. 2. Infrastructure Setup Using DevOps Platforms Design and deploy scalable Azure cloud infrastructure (VMs, Kubernetes, App Services, Networking, Storage). Implement network security best practices using NSGs, Azure Firewall, Private Link, and VPNs. Manage containerized deployments using Docker & Azure Kubernetes Service (AKS). Monitor and optimize cloud performance, cost, and security using Azure Monitor & Application Insights. 3. CI/CD Pipeline Implementation for Infrastructure & Application Deployment Infrastructure Setup Using CI/CD Pipelines: Automate cloud infrastructure provisioning (VMs, databases, networking) through Terraform, ARM, or Bicep. Implement role-based access control (RBAC) and enforce least privilege access in cloud environments. Application Deployment Using CI/CD Pipelines: Develop zero-downtime deployment strategies using Blue-Green & Canary Deployments. Automate code integration, security scanning, and artifact management. Secure deployments using container scanning and static code analysis. 4. Compliance & Security (HIPAA/SOC 2 Policy Implementation) Contribute to security & compliance policies ensuring adherence to HIPAA, SOC 2, and industry regulations. Implement audit logging, monitoring, and alerting using Microsoft Sentinel (SIEM). Implement data encryption, backup policies, and disaster recovery strategies. Assist in internal security audits and risk assessments. Required Skills & Qualifications: DevOps & Automation Azure DevOps (Pipelines, Artifacts, Release Management) Infrastructure as Code (IaC) Terraform, ARM, Bicep CI/CD Automation – YAML Pipelines, GitHub Actions, Jenkins Container Orchestration – Docker, Kubernetes (AKS) Monitoring & Logging – Azure Monitor, Application Insights Cloud Infrastructure & Security Azure Cloud Services – VMs, Networking, Storage, Azure SQL Identity & Access Management (IAM) – Entra ID, PIM, RBAC Cloud Security Best Practices – Defender for Cloud, SIEM (Microsoft Sentinel) Compliance & Governance Understanding of HIPAA, SOC 2, and cloud security frameworks Experience in policy implementation & security compliance audits

Role & responsibilities Perform testing of SOC controls including controls related to business processes, entity level, logical access, change management, and other IT technical areas. Attention to detail while executing work and mentoring/managing staff and interns. Manage project deadlines and ensure quality of work papers. Manage external and Internal stakeholders and client executives to manage escalations, resolve issues and deliver on project outcomes. Mentor and train junior staff on projects and review SOC work papers and reports. Manage assignments for multiple SOC projects Preferred candidate profile Bachelors degree or equivalent experience required; major in business, finance, accounting or information systems preferred. Minimum of 2 years of experience into IT Audit/SOC experience. CISA and/or CPA preferred.

Security standards creation (for cloud services; AWS, GCP) , cloud threat modelling, experience with working on Prisma Cloud RQL We are looking for a Cloud Security Compliance Analyst to ensure our cloud environments adhere to security best practices, industry regulations, and compliance frameworks. This role will involve security assessments, risk analysis, and collaboration with internal teams to maintain compliance across cloud platforms. Key Responsibilities: Monitor and assess cloud security compliance against industry standards (e.g., ISO 27001, NIST, SOC 2, GDPR). Conduct risk assessments and recommend security controls for cloud-based applications and infrastructure. Ensure adherence to AWS, Azure, or Google Cloud security compliance frameworks. Assist in audits and certifications by preparing documentation and evidence collection. Work with IT, DevOps, and security teams to remediate compliance gaps. Develop and maintain cloud security policies, procedures, and best practices. Keep up to date with evolving security threats and compliance requirements.

Position: Infosec Analyst Audit & Compliance Experience: 3 to 10 years Location: Pune Key Responsibility Areas (KRA): Regulatory Compliance & Governance: Ensure adherence to ISO 27001, NIST, SOC 2, GDPR, HIPAA, and enforce security policies. Audit & Risk Management: Lead internal/external audits, manage compliance assessments, and drive risk mitigation. Incident Response & Compliance Monitoring: Work with Security Operations to monitor incidents, ensure compliance, and support investigations. Security Awareness & Training: Develop and implement training programs to strengthen cybersecurity culture. Vendor & Third-Party Security: Assess vendor security risks, ensure contract compliance, and enforce security standards. Business Continuity & Disaster Recovery (BCDR): Support security-related aspects of BCDR, ensuring compliance with recovery objectives. Critical Coordination & Availability: Be available during US business hours for audits, compliance discussions, and security escalations. Roles & Responsibilities: Lead security audits, compliance initiatives, and regulatory assessments. Maintain security policies, documentation, and reporting for compliance readiness. Serve as the primary contact for auditors, legal teams, and regulatory bodies. Oversee remediation efforts for vulnerabilities and drive timely risk mitigation. Monitor security controls, drive continuous improvement, and align compliance with business objectives. Support security incidents and investigations related to compliance risks. Ensure availability for critical discussions, escalations, and audits during US hours.