33 Soc2 Jobs

Lead and support IT compliance audits and assessments aligned with ISO 27001 and SOC 2 standards.Understanding of regulatory compliance standards, such as GDPR, HIPAA,PCI-DSS,or ISO27001.Understanding of cloud platforms (AWS, Azure, or Google Cloud)

Looking for a candidate with 5+ years of experience in IT Audit, Risk Management, and Compliance within Banking/NBFCs. Must have expertise in COBIT, NIST, RBI guidelines, ISO standards, IT systems and risk assessments. CISA certification is must.

Lead GRC , risk assessment, and implementation. Strong in ISO 27001, PCI, PSS, SOC 2, IRDAI. Ensure compliance, audits, awareness. Design InfoSec strategies aligned with ISO, NIST, RBI, SEBI to enhance cybersecurity and meet regulations.

Responsibilities: Design and implement secure frameworks and features (e.g., Passkeys). Collaborate with Security & Engineering to drive roadmap execution. Lead architecture decisions and participate in security-focused code reviews. Break down complex problems into agile deliverables. Mentor junior engineers and champion security best practices. Ensure secure, scalable solutions for internal tools and customer-facing products. Requirements: 5+ years in software engineering with leadership responsibilities. Proficient in Java (Spring), JavaScript/TypeScript, React, and CI/CD pipelines. Experience with Docker, Kubernetes, AWS, and IaC tools (Terraform, Ansible, etc.). Knowledge of authentication (SAML, JWT, OIDC), authorization, cryptography, and app security. Familiarity with security compliance (PCI DSS, SOC2, HIPAA, FedRAMP) is a plus. Strong communication and cross-functional collaboration skills.

Job Description: IT GRC Analyst I Department: Information Technology Reports To: Senior IT GRC Analyst Location: 100% Remote Experience: 10+ Years Job Summary: We are seeking a dedicated IT GRC (Governance, Risk, and Compliance) Analyst I to join our dynamic IT team. The primary responsibility of this entry-level role is to assist in ensuring that IT operations are in compliance with regulatory requirements and internal policies, with a particular emphasis on supporting Sarbanes-Oxley (SOX) audits. The IT GRC Analyst I will support risk assessments, policy development, compliance monitoring activities, and SOX audit preparations. Key Responsibilities:* Assist in the development, implementation, and maintenance of IT policies and procedures. Conduct regular risk assessments and audits to ensure compliance with regulatory standards and internal policies, with a focus on SOX controls. Support the IT team in identifying, evaluating, and mitigating IT risks. Monitor compliance with security policies and procedures to ensure a secure environment. Collaborate with different departments to ensure integrated risk management practices. Assist in preparing and executing SOX IT control reviews, documenting compliance efforts, and maintaining records of SOX controls. Provide support in responding to internal and external SOX audits and regulatory assessments. Recommend improvements to SOX controls and processes to enhance the overall security posture. Maintain up-to-date documentation of IT GRC activities, compliance reports, and SOX audit evidence. Qualifications: Bachelor's degree in Information Technology, Computer Science, or a related field. Basic understanding of IT GRC principles, regulatory requirements, risk management frameworks, and SOX compliance. Strong analytical and problem-solving skills. Excellent written and verbal communication skills. Ability to work collaboratively in a team environment. Basic knowledge of security standards (e.g., ISO 27001, NIST, GDPR, HIPAA) and SOX compliance requirements is a plus. Relevant certifications (e.g., CISA, CRISC, CISSP) are desirable but not required for entry-level applicants. Experience: Entry level; 0-2 years of experience in IT risk management, compliance, or a related field, preferably with exposure to SOX compliance activities.

Introduction About IBM IBM is a global technology and innovation company. It is the most extensive technology and consulting employer globally, with a presence in 170 countries. The diversity and breadth of the entire IBM portfolio of research, consulting, solutions, services, systems and software, distinguishes IBM from other companies in the Industry. Over the past 100 years, a lot has changed at IBM in this new era of Cognitive Business, IBM is helping to reshape industries as diverse as healthcare, retail, banking, travel, manufacturing, and many more, by bringing together our expertise in Cloud, Analytics, Security, Mobile, and the Internet of Things. We like to say, be essential. We are changing how we craft, how we collaborate, how we analyze, how we engage. Join the next generation of innovators, inventors, and entrepreneurs who are crafting the very way the world works. We want the brightest minds doing work that encourages an environment where growth is supported. IBMers get to discover their potential, so theyre inspired to build breakthroughs that help our clients succeed. Were building teams with dynamic strengths with people who want their ideas to matter. Join us - youll be proud to call yourself an IBMer. Our Culture : IBM is committed to crafting a diverse environment and is proud to be an equal opportunity employer. You will receive consideration for employment without regard to your race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Your role and responsibilities Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelors Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Role & responsibilities General description of the role: Minimum 8 years of experience in managing security audits, such as, ISO 27001, HIPAA, SOC 1, SOC2, PCIDSS Including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, or HIPAA, PCIDSS audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Assist in testing and verification of all controls and formulating reports documenting findings. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Work closely with internal business teams to assist in the identification and assessment of potential security risks, and establish risk owners, ratings, and management action plans. Ensure continuity of compliance with ISO27001 and ISO 22301, PCI DSS, HIPAA, GDPR Analyse potential impact of new threats and communicates risks to relevant business units Manage security operations, analyse security exceptions, gather necessary background information, document exceptions and ensure that the risk is recognized and managed with compensating controls Provide orientation to Business Units on Risk Assessment, Business Continuity Plan and Business Impact Analysis Facilitate in preparation of Business continuity plan for each project and functions Conduct internal ISMS and BCMS audits and identify potential gaps in the system Prepare detailed and summary reports of assessments, remediation plans as needed and advise internal stakeholders Report the audit findings on the potential weakness in the system and areas of improvement Preferred candidate profile Top 5 Skill Set Hands-on experience with security technologies Experience in Information security and business continuity internal audits Strong Knowledge in risk management, ISO 27001, ISO 22301 PCI DSS, HIPAA, GDPR, SOC 2 Knowledgeable in security concepts, techniques, tools, methods, and practices Good technical in cyber security products Individually to perform the technical audits

Looking for a candidate with 5–8 years of experience in IT Audit, Risk Management, and Compliance within Banking/NBFCs. Must have expertise in COBIT, NIST, RBI guidelines, ISO standards, IT systems and risk assessments. CISA certification is must.

The candidate will have a background in compliance frameworks such as SOC 2, GDPR, HIPAA, and GRC .You will play a role in conducting assessments, managing compliance programs, and ensuring our organization industry regulations and standards.

Overview The Cybersecurity Governance, Risk, Compliance (GRC) Senior Analyst position is responsible for managing risks related to information security, privacy, governance, vendor security assurance, policy, and compliance. Contributes to preserving the high standards of confidentiality, integrity, and availability of EagleView mission-critical information. Conducts Cybersecurity risk assessments, evaluates controls, and provides feedback to management and process owners on the design and effectiveness of control processes. Implements and maintains on-going programs and processes to test the design and operational effectiveness of security controls. Responsible for ensuring IT assurance and compliance related activities are completed in accordance with industry standards and regulatory requirements. The position reports to the Manager, GRC, and is responsible for executing the key functions of information risk management, security compliance, governance, and information security assurance. Primary Responsibilities In these roles, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC team. You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas, projects, or technologies for governance, risk and compliance purposes. You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management. You are expected to work independently while still asking for help on some areas. You are a bridge builder helping to coordinate and bring together various parts of the organization around a common process through the use of tools, and communications channels. Ensure compliance with laws, regulations, and industry standards, and compliance programs (e.g. SOC2, PCI, ISO 27001, NIST 800-X) Create processes to support effective risk identification, evaluation, communication, and remediation Participate in Risk Management Committee meetings Work with risk owners to develop plans of action to reduce or mitigate risks Analyzes security controls for effectiveness of design by evaluation of control documentation and process Analyzes security controls for operational effectiveness by evaluation of control evidence Contribute to corporate information risk management strategy, policies, standards, and tactical plans Contributes to a comprehensive internal security audit program that validates existing security controls Contribute to the company-wide security awareness program and compliance training Coordinate annual enterprise risk assessment and PCI-self assessment activities Ensure all systems, processes, and changes are formally documented Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure security compliance Maintains the Risk Register and support processes to define and measure risks, then plan risk responses with company leadership Ability to work collaboratively with internal and external departments, vendors, and other key stakeholders Skills/Requirements Required Knowledge, Skills and Experience: Bachelor's degree in a technology or business-related field (BSc or BBA preferred) 8 years overall experience in Information Security, Risk Management, or IT audit 5 years of hands-on experience supporting one or more of the following programs: Risk Management Vendor Risk Management Security Audits and Compliance (especially SOC2) Vulnerability Management Understanding of controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls Working knowledge of business and risk assessment methodologies/mitigation strategies using industry standards (e.g., COBIT, ITIL, ISO 27001:2013, NIST, OWASP, etc.) Very high attention to detail, with strong skills in managing/presenting data and information Very strong skills in documentation, including policies, standards, processes and procedures Ability to work independently and productively without constant supervision Critical thinking and analytical ability Excellent verbal and written communication skills Preferred Knowledge, Skills and Experience: Certification such as SANS GIAC, CISA, or CISSP preferred Previous experience in a software development company is preferred Experience using a GRC management platform (e.g. Archer, ZenGRC, etc.)

Manage IT audits (SOX, ITGC), ensure quality delivery, review testing docs, identify process gaps, prepare reports, handle clients, guide juniors, support proposals, and improve engagement productivity.. Required Candidate profile Looking for 3–5 yrs exp in IT audits (SOX, ITGC), risk assessment, SOC1/2, with strong MS Office skills, good communication, and CISA/BE/B.Tech/MBA/MCA background. Big 4 experience preferred.

Job Requirements Design and execute the day-to-day activities of Information Technology (IT) audit engagements, with a focus on strategic, operational and regulatory/compliance related risks Plan activities related to development of audit program, and execution of internal audits and IT control assessments in the following areas: cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third party risk, programs and projects, automation, General Information Technology Controls (GITCs) and application controls, and regulatory/compliance requirements Review clients' processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management Contribute to IT Audit knowledge base and internal practice development initiatives Supervise and provide performance management for IT audit staff working on assigned engagements Write and present clear and concise reports and presentations containing meaningful observations and recommendations to clients, and document procedures performed and conclusions reached related to projects Support proposal and business development activities by assisting in the identification of new target clients, building business relationships with key executives, and developing/presenting proposals Provide oversight and leadership to team members regarding deliverables, project plans, and performance management while contributing to industry and regulatory publications, writing professional and thought leadership articles, and speaking at related conferences and seminars Mandatory technical & functional skills Bachelor's degree in an appropriate field from an accredited college/university; Master's degree from an accredited college/university is preferred Prior knowledge leading and executing risk-based IT-related internal audits and/or risk and control assessments, leveraging IT governance and control frameworks such as COBIT, NIST CSF, NIST 800-53, and ITIL and proficiency in core requirements and methodologies for SOX internal control programs Experience with IT Risk Management and three lines of defense frameworks CISA, PMP, CISSP or CRISC certification is preferred Key behavioral attributes/requirements Ability to work well independently as well as part of a team Driven and enthusiastic with a can-do attitude and a strong sense of ownership to get the job done in a pragmatic fashion

8+ Years of exp in Database Technologies: AWS Aurora-PostgreSQL, NoSQL,DynamoDB, MongoDB,Erwin data modeling Exp in pg_stat_statements, Query Execution Plans Exp in Apache Kafka,AWS Kinesis,Airflow,Talend.AWS Exp in CloudWatch,Prometheus,Grafana, Required Candidate profile Exp in GDPR, SOC2, Role-Based Access Control (RBAC), Encryption Standards. Exp in AWS Multi-AZ, Read Replicas, Failover Strategies, Backup Automation. Exp in Erwin, Lucidchart, Confluence, JIRA.

Role- ITGC Location - Gurgaon, Kochi, Kolkata, Noida, Bengaluru, Chennai, Pune Exp - 1-3 Years To qualify for the role, you must have Preferably B.E/B.Tech (Computers, Electronics, Data Analytics), BCA/MCA, B.Sc/M.Sc. (computers major), MBA, CA. Must Have 1-3 years of hands-on internal/external IT Audits Atleast One - IT General Controls, IT Automated Controls, and Service Organization Controls Reporting (SOCR - SSAE 16 / ISAE 3402) SOC 1, 2, & 3 Reporting Able to perform independent security configuration review of common operating systems and databases - Windows, Unix, DB2, AS400, SAP R3ECC/HANA, Mainframe, SQL, Oracle. Knowledge of documentation and data analysis tools like Word, Excel, Access, Strong English verbal and written communication skills. Nice to have CISA, CISM, CRISC, ISO27001, Data privacy certifications IT audit knowledge for a financial audit - Control frameworks such as COSO, related regulations including SOX and J-SOX Data analytics/automation tool SQL, Monarch, BluePrism, Alteryx, PowerBI German/Dutch/French language is an added advantage.

Role- ITGC -Senior Location - Gurgaon, Kochi, Kolkata, Noida, Bengaluru, Chennai, Pune Exp- 3-6 Years To qualify for the role, you must have Preferably B.E/B.Tech (Computers, Electronics, Data Analytics), BCA/MCA, B.Sc/M.Sc. (computers major), MBA, CA. Must Have 3-6 years of hands-on internal/external IT Audits Atleast One - IT General Controls, IT Automated Controls, and Service Organization Controls Reporting (SOCR - SSAE 16 / ISAE 3402) SOC 1, 2, & 3 Reporting Able to perform independent security configuration review of common operating systems and databases - Windows, Unix, DB2, AS400, SAP R3ECC/HANA, Mainframe, SQL, Oracle. Knowledge of documentation and data analysis tools like Word, Excel, Access, Strong English verbal and written communication skills. Nice to have CISA, CISM, CRISC, ISO27001, Data privacy certifications IT audit knowledge for a financial audit - Control frameworks such as COSO, related regulations including SOX and J-SOX Data analytics/automation tool SQL, Monarch, BluePrism, Alteryx, PowerBI German/Dutch/French language is an added advantage.

Key Responsibilities Solid experience in AWS IaaS deployment Pipelines, IAM, VPCs, Security Groups, VPN, microservices, CloudTrail, etc. Knowledge of Amazon Web Services such as EC2, S3, SQS, Route53, Amplify, DynamoDB, Neptune. Experience in developing or administering the security of AWS cloud environments. Experience in cross-account deployment of resources using Pipelines, CodeCommit, CodeBuild. Practical knowledge of several security practices in SDLC and supporting IT security tools. Improve existing monitoring to provide end-to-end observability of our platform. Scale our platform and processes to continue serving our growing customer base Define and implement disaster recovery processes Automation scripting skills - Python or equivalent Build & support Site Reliability function & participate in building tools to report system KPIs Deliver tasks based on project objectives; technically support projects through to completion Must be able to work independently or with a team, under minimum supervision Articulate verbal and written communication Eagerness to share knowledge across engineering teams Has worked in a fast paced, dynamic environment Qualifications Bachelors or Master’s degree in Computer Science, a related field, or equivalent work experience Minimum of 4+ years of experience Prior experience working in an SRE/DevOps/Cloud Engineering role on a cross-functional agile team Experience working with industry standards or programs such as SOC2, ISO, HITRUST is a plus AWS Certification, CISSP, Security+ is a plus Ability to improve automation through the CI/CD pipeline through analysis of the current process using tools Experience developing deployment strategies for SaaS applications Additional Information At Privaini Software India Private Limited, we value diversity and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. onsibilities Preferred candidate profile Perks and benefits

Summary: The Sr. Executive Audit and Compliance is responsible for leading and managing the implementation of ISO 27001 and SOC2 Type2 across the organization. This includes developing and implementing an Information Security Management System (ISMS), conducting risk assessments, conducting internal audits, compliance monitoring, policy development, incident response and supporting and managing the certification process, BCP and DR activities Essential Duties and Responsibilities: Lead the implementation of Information and Cyber Security Framework and SOC2 Type2 compliance Conduct risk assessments to identify and prioritize information security risks and prepare gap analysis report Develop and implement security controls to mitigate identified risks Plan and execute internal audits Conduct vendor assessment audits Manage and support in internal / external audit for the certification process for information and Cybersecurity and SOC2 Type2 compliance Perform risk assessments, compliance monitoring, policy development, and incident response Monitor and maintain the cybersecurity compliance to ensure that it is effective and compliant Investigate and respond to information security incidents and plan mitigation actions Qualifications and Requirements: Bachelor's degree in computer science, information security, or a related field 2 - 4 years of experience in information security, with a focus on ISO 27001 and SOC2 Type2 Certified ISO 27001 Lead Implementer and/or Lead Auditor Experience in Information Security and SOC2 Type2 audits Strong understanding of information security best practices and standards Excellent communication and interpersonal skills Ability to work independently and as part of a team

Looking for a candidate with 5-8 years of experience in IT audit, risk management & compliance within banking/NBFCs. Must have expertise in COBIT,NIST,RBI guidelines,ISO standards, & strong skills in IT systems, risk assessments & control evaluations

Information Security and QA process compliance Experience: 5 to 8 Years` Hiring office: Chennai (Remote) Job Description The Information Security compliance function is responsible for evaluating security and compliance risks within the organization. They set up security benchmarks, verify adherence to international standards and frameworks and promote a culture of information security throughout the company. Candidates who have taken a break from career can also apply. Candidates who demonstrate strong intention and capability to learn this domain and have worked in Quality and Process development roles can apply. Excellent communication skills and documentation skills are very important. Key Responsibilities: Proficiency in Information Security domains, such as policies and procedures, risk management, compliance, and incident response; familiarity with security frameworks (ISO 27001, NIST, CIS, etc.). Creation and periodic revision of company policies and procedures to align with different compliance standards. Conduct regular security assessments and audits to ensure compliance with industry regulations and best practices. Ensure the organization follows best practices in cloud security, application security, and endpoint protection. Identify vulnerabilities and provide actionable recommendations to enhance security measures. Prepare audit reports detailing gaps, risks, and areas for improvement. Participate in compliance training sessions to educate employees on new policies and procedures. Collaborate with cross-functional teams to address security issues and improve overall security posture. Review and validate release documentation (e.g., release notes, rollback plans) for completeness and accuracy against defined acceptance criteria. Monitor and validate change management processes to guarantee compliance with SOC2, HITRUST, and industry-specific regulations. Identify gaps in the release management process and recommend corrective actions. Ensuring deployment approvals are properly documented. Work closely with Development, QA, NOC and Security teams to align release processes with compliance requirements. Communicate release compliance issues and risks to stakeholders. Track and Report on compliance metrics to senior management. Required Qualifications: Minimum 5+ years of experience and Strong knowledge of information security and cybersecurity, including network security and infrastructure assessments. Good knowledge of security frameworks, standards, and best practices (SOC2, ISO 27001, NIST and HITRUST). Proficiency in using security tools and technologies for auditing and vulnerability assessment. Certified ISO 27001 Lead Auditor Ability to work independently and manage multiple tasks effectively.

Supply Chain Risk Management - AM - BLR/GGN/ Pune - J48773 Key Responsibilities: Act as a trusted advisor to stakeholders, supporting the provision of accurate, appropriate, timely assurance information regarding the KPMG supply chain across capabilities and firmwide. Support the identification of emerging trends and issues with the KPMG supply chain to shape and inform the KPMG risk posture. Tactically deliver allocated activity from the annual service roadmap to defined standards and service levels. Support the delivery of the annualised audit schedule, with a strong understanding of a risk based approach. Be proactive in identification of continuous improvements to foster positive change within the Information Assurance team, seeking innovative solutions to enhance practices. Deliver the 2nd LoD Supply Chain audit activity to monitor supply chain compliance against regulatory, client, global and local policy & standard requirements, including ISO27001. Support the ongoing need to ensure that all supplier contracts include standardised Information Security and Data Privacy statements. Provide support to report on Supply Chain Assurance metrics, providing insights into compliance and risk, highlighting areas for improvement. Log all findings in the GRC tooling, track, review and monitor remediation results and associated evidence, supporting sign off where appropriate. Work with finding owners to ensure remediation actions plans are defined and delivered in a timely manner. Support the analysis and thematic reviews and consolidation of findings and to recommend risk treatment plans to reduce risk for the firm. Ensure audit work is documented in accordance with business standard and fully supports conclusions and overall opinion through 1st / 2nd level reviews Ensure that all work is delivered to a high standard Conduct other Information Security & Privacy audit activity on behalf of KPMG (i.e. SOC2) where appropriate. Skills and experience required: Strong stakeholder management skills, the ability to collaborate and develop relationships internally and externally Experience advising on supply chain matters, with appropriate background in developing and implementing supply chain risk and assurance frameworks Excellent ability to conduct audits in an effective and efficient manner y Working knowledge of ISO27001, Cyber Essentials/ Cyber Essentials Plus, NIST Cybersecurity Framework, CIS, SOC2, Data Protection (UK GDPR, DPA, PECR) and experience of operational implementation An understanding of ancillary frameworks (EU AI Act, UK AI Frameworks) Experience of developing processes to deliver service improvements Excellent analytical and reporting skills, using presentation tools to present complex information with exceptional attention to detail Excellent communication skills, both written and verbal Well organised and able to maintain a high workload efficiently at a consistently high standard Strong knowledge of information security controls Experience of working with GRC tools (ServiceNow) and supplier management tools (Coupa, Bitsight). Understanding of a 3 lines of defence model (risk & assurance) Be highly motivated and able to work on own initiative, ability to seek support when required. Additional Requirements: Significant experience in information security and supply chain risk and assurance. Certifications in information security, such as CISM, CISMP, CISSP. Auditor qualifications, CISA, ISO27001 Lead Auditor, GIAC or equivalent. ITIL foundation certificate or above desirable Required Candidate profile Candidate Experience Should Be : 7 To 10 Candidate Degree Should Be : BE-Comp/IT,BE-Other,BTech-Comp/IT,BTech-Other,MBA,MCA

The use of third parties is an essential element in AECOMs service delivery model and creates the need for management oversight and continuous monitoring of their security capabilities and performance. AECOM works with many third parties (e.g., vendors, partners, suppliers) each of which poses security, compliance and operational risks. AECOM is recruiting Third Party and Client Security Analysts to support the centralized Third Party and Client Risk Management Function. In this role, the analyst is expected to support the framework, operating model and supervise processes to ensure: (1) third parties are compliant with AECOMs security standards and (2) that AECOM provides the same type of assurance to our clients that its security program is compliant with regulatory requirements, standards and client expectations. Responsibilities & Duties Evaluate requests for third party engagements Conduct initial and periodic third-party risk assessments Collaborate with business requestors, procurement, legal and other teams to ensure questionnaires are completed timely Collaborate with security/IT team members to ensure a full understanding of security controls, technology and architecture Review responses to security questionnaires, SOC 1 and SOC 2 assessment reports received from third parties to identify potential risk to AECOM Identify gaps/issues based on third party and/or client standards relative to security postures Devise remediation plans and monitor to ensure adherence by third parties and AECOM security/IT Manage, enhance and implement the framework, policies, procedures and program governance to ensure alignment of TPRM with industry best practices and regulatory requirements (NIST, ISO27001, FedRamp, etc.) Develop tactical and strategic plans to evolve the third-party risk management program to ensure compliance with new regulations and alignment with industry best practices Triage/complete requests from AECOM clients regarding AECOMs control environment Manage AECOMs response to existing and potential business partners/clients/third parties security due diligence (questionnaires, site visits, etc.) Assistance with RFI/RFP processes and responses to client inquiries, ensuring comprehensive risk management throughout the process Review third party and client contracts to validate appropriate security requirements and commitments Qualifications Bachelors degree in information technology, Information Security, Risk Management or a related field 2-3 years of career experience related to information security, IT, audit, third party and/or risk Strong understanding of risk management principles and security frameworks (e.g., NIST, ISO 27001, SOC2, PCI-DSS) Extensive experience in evaluating vendor security and compliance in relation to regulatory and industry standards. Familiarity with industry GRC tools such as UpGuard, Audit Board, ServiceNow etc. is a plus/desirable Strong prioritization and organizational skills Ability to develop, document and maintain procedures Strong verbal communication with the ability to advise management regarding third party and client risk management Ability to work independently and collaborate with cross-functional teams Additional Information Ability to effectively communicate and collaborate within a specific group of internal and external customers. (Communication) Ability to maintain good customer relationship with the ability to proactively support customer needs and requirements. (Customer Service) Ability to be thorough and meticulous in completing assigned tasks and identifying errors, duplicates & discrepancies through defined methods. (Attention to Detail) Ability to identify, assess and resolve simple to moderate issues by following defined policies and procedures. (Problem Solving)

We are seeking an experienced Cloud Validation Testing Engineer to ensure the reliability, performance, and security of cloud-based applications and infrastructure. The ideal candidate should have strong expertise in cloud platforms (AWS, Azure, GCP), automation testing, performance validation, and security compliance. This role involves validating cloud-based solutions, conducting functional and non-functional testing, and ensuring adherence to cloud best practices. Key Responsibilities: Develop and execute Cloud Validation Test Plans to ensure the functionality, scalability, and security of cloud-based applications. Perform functional, performance, security, and compliance testing of cloud solutions. Automate cloud testing processes using tools like Selenium, JMeter, Postman, Robot Framework, and Terraform. Validate cloud infrastructure, networking, and data pipelines across AWS, Azure, or GCP. Conduct API testing for cloud services using Postman, REST Assured, or similar tools. Ensure adherence to cloud compliance standards (ISO, SOC2, HIPAA, PCI-DSS, etc.). Perform load, stress, and scalability testing using JMeter, Gatling, or K6. Implement CI/CD testing automation within DevOps pipelines using Jenkins, GitHub Actions, or Azure DevOps. Identify and troubleshoot cloud performance bottlenecks, latency issues, and service failures. Work closely with developers, cloud architects, and security teams to improve system reliability. Validate disaster recovery, backup, and failover mechanisms for cloud environments. Required Skills & Qualifications: 6+ years of experience in software testing and cloud validation. Strong expertise in AWS, Azure, or GCP cloud platforms. Hands-on experience with automation frameworks like Selenium, Robot Framework, or Cypress. Proficiency in Python, Java, or PowerShell for test automation. Experience with cloud monitoring tools (CloudWatch, Azure Monitor, Google Stackdriver). Knowledge of Kubernetes, Docker, and microservices testing. Strong understanding of API testing, performance testing, and cloud security validation. Experience working in Agile and DevOps environments.

We are seeking an experienced Cloud Validation Testing Engineer to ensure the reliability, performance, and security of cloud-based applications and infrastructure. The ideal candidate should have strong expertise in cloud platforms (AWS, Azure, GCP), automation testing, performance validation, and security compliance. This role involves validating cloud-based solutions, conducting functional and non-functional testing, and ensuring adherence to cloud best practices. Key Responsibilities: Develop and execute Cloud Validation Test Plans to ensure the functionality, scalability, and security of cloud-based applications. Perform functional, performance, security, and compliance testing of cloud solutions. Automate cloud testing processes using tools like Selenium, JMeter, Postman, Robot Framework, and Terraform. Validate cloud infrastructure, networking, and data pipelines across AWS, Azure, or GCP. Conduct API testing for cloud services using Postman, REST Assured, or similar tools. Ensure adherence to cloud compliance standards (ISO, SOC2, HIPAA, PCI-DSS, etc.). Perform load, stress, and scalability testing using JMeter, Gatling, or K6. Implement CI/CD testing automation within DevOps pipelines using Jenkins, GitHub Actions, or Azure DevOps. Identify and troubleshoot cloud performance bottlenecks, latency issues, and service failures. Work closely with developers, cloud architects, and security teams to improve system reliability. Validate disaster recovery, backup, and failover mechanisms for cloud environments. Required Skills & Qualifications: 6+ years of experience in software testing and cloud validation. Strong expertise in AWS, Azure, or GCP cloud platforms. Hands-on experience with automation frameworks like Selenium, Robot Framework, or Cypress. Proficiency in Python, Java, or PowerShell for test automation. Experience with cloud monitoring tools (CloudWatch, Azure Monitor, Google Stackdriver). Knowledge of Kubernetes, Docker, and microservices testing. Strong understanding of API testing, performance testing, and cloud security validation. Experience working in Agile and DevOps environments.

Job Title: DevOps/SRE Architect (On-Premises Infrastructure) Location: Bangalore Experience: 10+ years Positions: 2 Department: Engineering DevOps & IT Infrastructure Employment Type: Full-Time (Work from Office) About YSECIT YSECIT is driving innovation through cutting-edge software and hardware solutions. Our DevOps/SRE team is responsible for ensuring high availability, security, and scalability of on-premises infrastructure across multiple global data centers . As a DevOps/SRE Architect , you will be responsible for designing, implementing, and optimizing on-prem DevOps pipelines, Kubernetes clusters, and security frameworks in a multi-data center environment . Key Responsibilities 1. DevOps Strategy & On-Prem Infrastructure Design Architect, design, and implement DevOps frameworks for on-premises deployments . Ensure high availability, redundancy, and failover strategies across multiple global data centers . Standardize infrastructure as code (IaC) for on-prem data center automation . Define backup and disaster recovery (DR) strategies for global locations. 2. On-Premises Kubernetes & Network Architecture Design, configure, and optimize secure multi-node Kubernetes clusters (RHEL-based) . Implement TLS and HTTPS-based security for cluster communication. Manage on-prem load balancing, DNS, and reverse proxies (Nginx/Traefik) . Enforce RBAC, Network Policies, and Service Mesh (Istio/Linkerd) for enhanced security. 3. CI/CD Pipelines & Deployment Automation Architect fully automated CI/CD pipelines using GitLab CI/CD for on-prem deployments . Implement ArgoCD, Helm, and Kustomize for managing Kubernetes manifests. Optimize zero-downtime deployments using blue-green & canary releases . Automate infrastructure provisioning using Terraform & Ansible . 4. Security & Compliance in On-Prem Data Centers Implement Zero Trust Security models across DevOps infrastructure. Enforce container security scanning, vulnerability management, and RBAC policies . Integrate SAST, DAST, and compliance scanning tools into CI/CD. Ensure ISO 27001, SOC2, and internal compliance for data center security. 5. Observability & Incident Response Set up centralized logging for all on-prem infrastructure. Implement Prometheus & Grafana for real-time monitoring and alerting. Design highly available logging, monitoring, and backup solutions . Define incident response processes and playbooks to minimize downtime. 6. Collaboration & Mentorship Lead and mentor DevOps Engineers and SRE teams across multiple locations. Work closely with hardware, security, and software teams to optimize system performance. Establish best practices for DevOps, SRE, and automation across global teams. Key Skills & Technologies Must-Have: On-Prem Kubernetes (K8s) & RHEL-based Clusters GitLab CI/CD – Pipeline automation for on-prem infrastructure Terraform & Ansible – Infrastructure as Code (IaC) for bare-metal and VMs ArgoCD & Helm – GitOps and Kubernetes package management Prometheus & Grafana – Observability, alerting, and monitoring ELK/EFK Stack – Centralized logging and log analytics Network Security & Load Balancing – HAProxy, Nginx, Traefik Security Hardening & Compliance – RBAC, SAST, DAST, TLS/HTTPS Good-to-Have: Experience managing multi-data center infrastructure Familiarity with service mesh technologies (Istio/Linkerd) Knowledge of on-premises storage & backup solutions Experience with VM provisioning automation (Proxmox, VMware, Bare Metal) Qualifications Bachelor’s or Master’s degree in Computer Science, IT, or related fields. 10+ years of experience in on-prem DevOps/SRE roles . Proven expertise in designing high-availability Kubernetes clusters for on-premises. Experience in setting up DevOps pipelines in multi-data center environments. Strong understanding of network security, system performance, and automation . Excellent troubleshooting, problem-solving, and stakeholder communication skills . Why Join YSECIT? Opportunity to architect large-scale on-premises DevOps infrastructure Work with cutting-edge technologies in a high-security environment Lead global DevOps strategies across multiple data centers Competitive salary, growth opportunities, and mission-critical projects How to Apply? Send your resume to manushree.raju@ysecit.com with the subject line: Application for DevOps/SRE Architect (On-Prem) – YSECIT

Greetings From Bahwan CyberTek (BCT), Job Title: Senior Associate \ Assistant Manager Location: Bangalore, Chennai, Coimbatore Position Summary: This position is primarily responsible for execution of various engagement objectives within assigned areas and assists where necessary to complete the overall engagement. The individual may be responsible for day-to-day execution of engagement objectives on smaller engagements. This role requires the ability to supervise teams of 1 3 Associate staff members to ensure they receive direction and resources in the event engagement issues arise. This requires a basic understanding of the clients industry (e.g. inventory / distribution, oil & gas, financial institutions) and pertinent regulations, and the ability to learn unfamiliar industries and regulations. The individual should have a solid understanding of the role that information technology plays in financial reporting and other critical business cycles. This position should have a solid understanding of IT general controls including security administration, program change management, program development and computer operations, and should develop a better than basic understanding of the interaction of systems and financial processes. Skills: Experience in ITGC, SOC 1, SOC 2 Audit and SOX 404 preferred. CISA or CISA candidate, CISSP or CISSP candidate, CIA or CIA candidate, and/or CPA or CPA candidate. 2- 3 + years or more equivalent experience (public accounting / external audit, internal audit, information technology and/or staff accountant responsibilities). Excellent written and oral communications skills. Team orientation and strong interpersonal skills. Basic familiarity with GAAP, GAAS and IIA standards. Proficient at Microsoft Office product suite. Knowledge of IT controls and how they affect the control environment. COBIT, COSO, and related standards preferred. Greater than basic understanding of Sarbanes Oxley Section 404, and the role that information technology plays in compliance. Greater than basic understanding of systems infrastructure and security, connectivity, remote access, and data mining. Greater than basic understanding of financial reporting, transaction cycles and business processes. Greater than basic understanding of fundamental layers of information systems including network infrastructure, computer operating systems, database management systems, and computer applications. Experience supervising 1 to 3 or more individuals.