60 Soc 2 Jobs - Page 3

Introduction We are looking for a detail-oriented Security Services Specialist with a strong focus on compliance, audits, and business continuity/disaster recovery (BCDR). This role is responsible for supporting internal and external security audits and maintaining continuous regulatory compliance. The ideal candidate will have experience aligning security and compliance programs with frameworks such as SOC 2, ISO 27001, and NIST, while also supporting the development and testing of BCDR plans. You will work closely with internal stakeholders and external auditors to ensure our security practices meet applicable requirements and support business goals. Your role and responsibilities Audit Management: Coordinate and support internal and external audits, including evidence collection, control testing, and remediation tracking. Serve as the secondary point of contact for auditors and third-party assessors. Maintain audit logs, findings, and corrective action plans. Compliance Oversight: Monitor and ensure compliance with industry regulations and internal security policies. Map controls and processes to multiple compliance frameworks (e.g., NIST, ISO, SOC 2, HIPAA). Track evolving compliance obligations and help update policies accordingly. Access Management: Support access management processes Coordinate and drive periodic user access reviews. Business Continuity & Disaster Recovery (BCDR) Collaborate with IT, operations, and business units to develop and maintain BCDR plans. Coordinate and conduct periodic BCDR tests, document results, and track corrective actions. Evaluate critical business processes to identify single points of failure and propose continuity strategies. Ensure BCDR plans align with compliance requirements and organizational risk appetite. Maintain an inventory of critical assets and dependencies required for continuity and recovery. Policy Development & Enforcement: Assist in developing, updating, and enforcing information security policies, procedures, and standards. Ensure policies align with compliance frameworks and are effectively communicated across the organization. Documentation & Reporting: Maintain detailed and organized documentation of security controls, evidence, and compliance artifacts. Create reports and dashboards for leadership on compliance status and audit readiness. Other assignments as required to support the security, compliance, and resilience goals of the organization. Required education Bachelors Degree Preferred education Bachelors Degree Required technical and professional expertise Bachelor degree in Cybersecurity, Information Systems, Risk Management, or related field. 3+ years of experience in information security, with a focus on compliance and audits. Hands-on experience supporting one or more compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, NIST). Strong understanding of security controls and risk management practices. Strong understanding of network, system, and application security principles. Strong knowledge of risk management principles and audit processes. Excellent analytical, problem-solving, and communication skills. Preferred technical and professional experience Strong attention to detail and organizational skills. Excellent written and verbal communication. Ability to manage multiple audits and compliance initiatives simultaneously. Comfortable working with technical and non-technical teams.

Professionally handle communications with internal and external stakeholders on compliance issues. Maintain up-to-date knowledge of IDfys products, environment, systems, and architecture. Educate control owners on compliance workflows and processes. Maintain IDfys security control framework and continuous control monitoring activities. Gather and report on established metrics within the security compliance programs. Conduct security control tests of design and tests of operating effectiveness activities. Identify observations and manage remediation tasks through to closure while adhering to strict deadlines. Support internal and external auditors or advisors as needed. Demonstrated experience with security control frameworks, e.g. SOC 2, ISO, etc. Execute end-to-end compliance initiatives in accordance with the compliance roadmap. Design high-quality test plans and direct security control test activities. Continuously improve IDfys security control framework Direct external audits. Build and maintain security controls that map to IDfy s security compliance requirements and provide implementation recommendations

In This Role, You Will: Support the sales process by participating in customer-initiated security due diligence and/or vendor security audits and helping to respond to security questionnaires and documentation requests from customers Participate in internal security assessments and security reviews Work with stakeholders to address and mitigate any open findings, and prepare customer communications against them, as required Support development of and monitor progress on security risk treatment plans by risk owners; support regular risk and progress reporting to leadership stakeholders Support development of technical solutions and processes to automate or streamline repeatable security risk assessment, audit, customer questionnaire response activities and workflows Assist with maintenance of information security program documentation consisting of information security policies, standards, and guidelines, and coordinating management ratification of policies and standards at regular intervals Participate in improving the overall Security culture across Cvent; contribute to employee security awareness campaigns and educational activities to address areas of potential risk and/or gaps in compliance Collaborate with internal stakeholders to maintain an up-to-date knowledge base of all Cvent's product functionalities, along with their respective security and compliance posture Measure, track and report KPIs to senior management Heres What You Need: 4-8 years of demonstrable experience in customer assurance, and good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies Good understanding of industry standards for compliance such as ISO 27001:2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards Basic understanding of risk assessment methodologies and best practices Ability and willingness to produce and maintain documentation and reports Proficiency with productivity and collaboration tools, such as Microsoft Office, Slack, Box, and Zoom Excellent presentation and written communications skills and a team-focused attitude Must be organized, detail-oriented, and possess the ability to multi-task in a dynamic, fast-changing, entrepreneurial environment

ou are an experienced and dynamic information security risk management leader able to support and manage the day-to-day operations of Cvent's regional Security Risk and Compliance team based in Gurgaon, India. In this role, you will be responsible for leading people and processes focused on internal technology and third-party security risk management as well as leading audit and compliance activities with numerous security standards and frameworks. In This Role, You Will: Team Leadership and Management Lead the regional Security Risk & Compliance team with an emphasis on developing sustainable, scalable programs and processes, efficiently and effectively allocating resources and responsibilities, coaching and developing staff, and driving results through overall performance management In consultation and partnership with global Information Security leadership, plan, design, and execute regional programs, projects, and processes related to the Security Risk & Compliance function, ensuring alignment and effectiveness with local and global business, technology, and security goals Serve as primary regional leadership representative for the Security Risk & Compliance function, engaging regularly with regional leadership stakeholders to align business and technology practices with company security strategy, policies and standards Actively promote and drive secure and compliant technology risk management practices and support achievement of strategic security objectives and key results Foster a high-performing team culture of ownership, collaboration, and continuous learning and improvement Security Risk Management & Compliance Collaborate with global Information Security leadership and functional peers to develop, maintain, communicate, and implement information security policies, standards, and procedures Lead and manage regional security risk assessments of internal technology projects as well as third-party solutions and vendors; collaborate with regional leadership and relevant stakeholders to prioritize, plan, resource, and implement risk treatment plans Lead regional certification audit activities scoped to a variety of security standards and regulatory frameworks relevant to Cvent's global SaaS operations, including but not limited to ISO 27001, ISO 27701, SOC 2, and PCI-DSS Support global information security metrics reporting and governance processes, including developing processes, tools, and reports that transform data into insights and information to drive achievement of security risk management objectives and key results Innovation and Continuous Improvement: Stay abreast of emerging security risks, compliance frameworks and regulatory requirements threats, technologies, compliance frameworks, and best practices, particularly those relevant to the global SaaS industry Foster and promote development of innovative security processes and solutions to enhance Cvent's security and compliance posture Continuously assess and improve the effectiveness of the Cvent India R&C Security team as well as the respective security programs, initiatives, and day-to-day activities Here's What You Need: Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field; Master's degree preferred Relevant industry certifications, such as CISSP, CISA, CISM, or CRISC Experience: 10+ years of experience in information security, with at least 6 years in an information security leadership role Demonstrable experience with various information security domains including, but not limited to, information security auditing and compliance, information security risk management, third-party technology risk management, technology vulnerability management, and cloud security Proven track record of implementing security risk management standards, frameworks, and methodologies, including regulatory security requirements related to global data privacy and protection laws relevant to cloud service providers Strong technical knowledge of cybersecurity and technology risk management principles, best practices, and solutions Soft Skills: Exceptional leadership and management abilities; proven ability to effectively allocate and delegate responsibility for, oversee, and drive successful execution of programs, projects, and tasks Strong, persuasive communications skills; ability to coach and develop staff, influence stakeholders, and drive positive change across an organization at all levels Excellent stakeholder management and negotiation skills; ability to effectively articulate complex cybersecurity risk management and compliance concepts to both technical and non-technical audiences to build consensus and achieve cross-functional alignment on security risk management and compliance as well as security assurance priorities Strong business acumen with the ability to align security initiatives with business objectives Ability to navigate and adapt to ambiguity as well as be personally resilient in a fast-paced, dynamic, multi-national company

Responsibilities: * Design, implement, and maintain secure solutions on AWS cloud platform using IAM and security architecture principles.

We want to shape the future with vision and innovation. Be part of it and develop your full potential! As part of the global NTT DATA Group, one of the most successful IT service providers in the world, we specialize in value-added SAP solutions as NTT DATA Business Solutions. With over 16,000 employees in more than 30 countries, we design, implement, and develop custom-fit SAP solutions for our global customers. Would you like to take the next step in your career and be part of our highly qualified team? Are you ready to break new ground? Job Title: Information Security Analyst Experience: 3 - 6 Years Job Location: Hyderabad Technical Experience Experience in managing security audits, such as, ISO 27001, SOC I / II including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors. In-depth knowledge of security controls, interpreting control requirements for ISO 27001 (Must) and SOC II (good to have), audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Experience planning and performing vendor security risk reviews including creation of templates and reporting for reviewing different types and categories of vendors such as cloud, vendors hosting sensitive data, and vendors with access to sensitive data. Experience reviewing ISO 27001, SOC 2, Pen Test , and other forms of security assessment reports. Manages and tracks the delivery of Security Training and Awareness campaigns. Assists in the development of content for Security Awareness campaigns. Actively contributes to the Security knowledgebase to enable internal knowledge sharing and facilitates efficient audits and questionnaire responses. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Manages and performs quarterly access reviews ensuring completeness and accuracy of results and consistent evidence collection. Supports the Risk Management function by reviewing and documenting Security exceptions and recommending appropriate actions. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Educational Qualification: Must be a graduate. Must be ISO27001:2022 Lead Auditor / Lead Implementer certified. Interested candidates share me your updated resume to Satyendra.TVNR@bs.nttdata.com

IT audit experience in Domain like ITGC, Cyber Security, SOC 2, Application and IT security Infrastructure and IT Regulatory compliance Familiarity with IT regulatory requirements related to IS of regulators such as RBI, SEBI and other IT Standards

Job Summary: We are seeking an experienced Cybersecurity Strategy & Security Engineer to develop and implement security policies, frameworks, and architectures that align with organizational goals. This role is critical for defining security roadmaps, evaluating current capabilities, and ensuring robust protection across networks and cloud environments. We are looking for immediate joiners or a notice period less then a month is preferrable. Work from office and will have rotational shifts. Key Responsibilities: Develop and maintain IT security policies and standards for infrastructure components (firewalls, routers, VPNs, etc.) Design and implement cybersecurity strategies and roadmaps aligned with business objectives Conduct risk and maturity assessments and recommend security improvements Evaluate and integrate new security technologies and authentication protocols Provide expertise in network security architecture and cloud security across AWS, Azure, or GCP Collaborate with stakeholders to identify critical business functions and ensure alignment of security initiatives Reference and implement industry-standard frameworks like NIST 800-53, CIS Controls, ISO 27001, SOC 2 Mandatory Skills: Proven experience in security policy & standards development Deep understanding of security frameworks : NIST, CIS Controls, ISO 27001, SOC 2 Expertise in security strategy and roadmap development Strong background in network security architecture Cloud security knowledge in AWS, Azure (preferred), or GCP Familiarity with tools like Firewalls, WAF, VPN, EDR/XDR , and cloud-native tools (e.g., Prisma, Microsoft Defender for Cloud Apps, Azure Firewall ) Strong grasp of security reference architectures across domains like application, network, and data security Preferred Qualifications: Experience with security risk assessments, cost analysis, and security maturity evaluations Knowledge of security standards and compliance requirements (e.g., PCI-DSS)

To act as the SPOC for all third-party audits, especially from BFSI clients & create Network Infrastructure. JD: https://www.pinnacle.in/career/security-manager JD:https://www.pinnacle.in/career/network-manager To work purely from HO Nagpur

Client interface for understanding the IT Governance, IT Risk & Compliance Management Controls as applicable to Infrastructure operations. Responsible and accountable for driving and maintaining the Compliance Program Which Includes: I. Defining and implementing controls as per Customer defined Security and Privacy policies II. Ensuring measurement and compliance to the policies. III. Drives Internal and External Audits IV. Participate and advise on Security Incident Investigation V. Training and awareness of Employees on Security Policies Well versed and hands-on experience for establishing processes, controls and audits of compliances like ISO 27001, ISO 15408. SOX ITGCs, SSAE 18 SOC 1 & SOC 2, PCIDSS,HIPAA, Data Privacy Standards (GDPR/Schrems) Frameworks. Documentation of IT & risk management Controls as they are currently being executed in client environment and ensuring that the same controls are followed and implemented in service delivery operations Work with the client & technical teams for change request on any risk or control implementation as well as governance process Participate in internal as well as external regulatory audits as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security Point of contact for the client compliance & IT audit team for provisioning audit evidences within the SLAs defined. Provide strategic guidance & consulting support on implementation of IT controls for Networks, Operating Systems, System Security, Backup & Recovery, Storage, BCP/DR Work with the client & team in identifying any process/ control gaps and suggesting the remediation plan& tracking the plan progress till closure. Liaison with Audit Firms and Client for all types of External audits like (ISO 27001, SSAE 16 SOC 1/ SOC 2 etc)