92 Soc2 Jobs

JD Exp : 1-3 Looking for candidates to join with 15-30 days *Track and ensure adequate and timely resolution to all audit and risk assessment findings or issues relating to information security and never miss a deadline. * Effectively and appropriately communicate audit engagement reports and recommendations to client management and resolve any client concerns or questions. * Ensure 100% certification success rate on ISMS projects. * Grow into a role with increasing responsibility. * Significant experience leading information security audits with a preference for IS0 27001 and SOC 2 audits or assessments. * Experience in leading or knowledge with implementations. * Experience authoring policies and procedures. * Significant experience working as a consultant working in a consulting firm * Significant knowledge of ISO 27001/2 and its derivatives (e.g., HITRUST, Shared Assessment) as much of our consulting and collaboration is around an ISO 27001 Information Security Management System. * Solid knowledge of the NIST 800-171/FISMA framework and is derivatives (e.g., Fed RAMP, CMS Information Security Program) as many of our clients serve government customers. * Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable. * Experience and knowledge with Governance, Risk Management and Compliance. * Experience with the my riad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP). * Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP). * Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001). * Familiar & have experience working in RBI & SEBI Guidelines. If interested kindly share your resume at [HIDDEN TEXT] Show more Show less

As a Product Security Specialist at Capgemini, you will have the opportunity to play a critical role in embedding security into the product development lifecycle and driving strategic risk management across platforms. Your responsibilities will include: - Evaluating software/product architecture to ensure security is embedded from the design phase. - Developing cybersecurity artifacts such as threat models and leading mitigation discussions. - Supporting engineering teams in triaging and resolving product vulnerabilities. - Coordinating internal and external security assessments, including VAPT. - Assisting in implementing product security and privacy policies, standards, and procedures. - Ensuring compliance with security and privacy requirements and verifying protection measures. - Guiding resolution of audit findings and ensuring timely closure. - Providing strategic advisory support for product and information security. - Participating in incident response and assessing risk and impact of breaches. - Reviewing engineering changes and feature requests for security implications. - Collaborating with tech leads and architects to ensure secure product development. Qualifications required for this role: - Strong experience in application, mobile, network, OS, and cloud security. - Proficiency in AWS security, including AWS Solution Architect Associate and Security Specialty certifications. - Hands-on expertise in static/dynamic code analysis, container security, and Kubernetes. - Familiarity with security frameworks and standards like NIST 800-53, CIS/STIG, HI-TRUST, and SOC2. - Knowledge of cryptography, PKI, OAUTH, 2FA, and secure software development lifecycle (SDLC). Capgemini offers you the opportunity to shape cutting-edge projects in tech and engineering with industry leaders or create a more sustainable and inclusive world. Join us in unlocking the value of technology and making a difference.,

Role Overview: As an IT Security Compliance Associate in the Project Management Office (PMO), your main responsibility will be to support the execution and tracking of IT security testing activities. You will be coordinating and tracking IT security testing activities to ensure timely completion and documentation. Key Responsibilities: - Support the scheduling and tracking of security testing activities in coordination with internal teams and external security vendors - Assist in maintaining security testing calendars and logs - Coordinate with teams and vendors to ensure timely execution and closure of security testing tasks - Track and follow up on open items or observations from security tests - Prepare basic reports and updates on the status of ongoing testing activities for review by senior team members - Maintain documentation and records related to security testing and compliance activities Qualifications Required: - Education: B. Tech/B. E. in Computer Science or IT, or similar related field, from an institute of repute; or BSC - Certifications (If any): IT or Information Security (like CompTIA Security+, CEH) - Experience: 1 to 2 years - Preferred Knowledge, Skill & Ability: - 1-2 years of experience in IT or Information Security support or coordination roles - Good organizational and coordination skills - Basic understanding of IT security concepts is an advantage - Proficient in MS Office (Excel, Word, PowerPoint) for documentation and reporting - Good communication skills to work with internal teams and external vendors - Ability to follow processes, checklists, and timelines - Interest in developing a career in cybersecurity and compliance Additionally, the company details were not provided in the job description.,

As a member of the IT Audit Group at CohnReznick, you will be specialized in conducting SOC1, SOC2, and SOC3 audits for third-party service providers, internal control assessments, attestations, penetration tests, and firewall assessments. **Key Responsibilities:** - Participate in planning and scoping of IT audits for SOC engagements and ICFR audits. - Lead technology walkthroughs in IT general controls and application control. - Develop test procedures for execution and prepare relevant documentation. - Execute testing of IT general controls and application controls according to internal and industry standards. - Problem solve to meet critical deadlines, conduct root cause analysis, compensating and mitigating controls, and impact analysis. - Communicate engagement status to clients and engagement team management. - Possess knowledge in ITGCs, IT application controls, cybersecurity, and IT infrastructure. - Lead interviews with IT personnel to understand and document the design of IT General Controls (ITGCs). - Design and execute testing for ITGCs, focusing on Access Management and Change Management. - Supervise, guide, and coach activities of other department staff with varying skill sets. - Work independently or in small teams, multitask effectively, and manage client and manager/partner expectations. - Demonstrate effective planning, coordination, time management, and organization skills. - Prioritize and complete assignments on time and within budget with attention to detail and adaptability. - Interact with clients across different levels of seniority and present with good working knowledge of Microsoft Office applications. **Qualifications Required:** - 2-4 years of relevant work experience. - Bachelor's Degree in computer science or accounting information systems. - Experience in IT external audit, IT internal audit, Technology Risk, and ITGC assessment for compliance with SOX. - Knowledge of ERP systems (Oracle, SAP, JDE) and Cloud security (Azure, AWS, Google Cloud security) is a plus. - Must be willing to travel if required and work overtime during busy seasons. - Certified Information Systems Auditor (CISA) and/or CPA or working towards certification. Please note that the above job description is for a position at CohnReznick specializing in IT audits for SOC engagements and ICFR audits.,

Role Overview: XenonStack is looking for a Senior Quality Engineer with 4-7 years of experience in test automation, QA strategy, and quality engineering for enterprise platforms. As a Senior Quality Engineer, you will play a crucial role in defining, implementing, and optimizing QA frameworks for XenonStack's Agentic AI, Vision AI, and Cloud-native platforms to ensure the highest standards of accuracy, reliability, security, and compliance. Key Responsibilities: - Define and implement end-to-end QA strategies for enterprise-grade AI systems. - Identify test requirements, critical areas, and automation opportunities. - Design, build, and maintain test automation frameworks (Selenium, Cypress, Playwright, or similar). - Automate functional, regression, integration, and API tests across platforms. - Conduct system, performance, and security testing for AI/ML-powered platforms. - Collaborate with DevOps teams to integrate tests into CI/CD pipelines. - Monitor production environments for bugs, anomalies, and quality regressions. - Work closely with developers, product managers, and AI engineers to ensure requirements are clear, testable, and aligned with enterprise needs. - Partner with security engineers to test for compliance, resilience, and robustness. - Analyze test results, track metrics (defect density, test coverage, automation rate), and recommend improvements. - Drive a culture of shift-left testing and embed QA early in the SDLC. - Mentor junior QA engineers and help scale best practices across squads. - Champion quality-first principles across engineering teams. Qualifications Required: Must-Have: - 4-7 years in QA, test automation, or quality engineering. - Strong knowledge of QA methodologies, tools, and best practices. - Hands-on experience with automation frameworks such as Selenium, Cypress, Playwright, TestNG, JUnit. - Proficiency in scripting languages like Python, Java, or JavaScript. - Experience with CI/CD pipelines and version control tools like Git, Jenkins, GitLab CI. - Familiarity with cloud platforms such as AWS, Azure, GCP and microservices testing. Good-to-Have: - Exposure to AI/ML system testing, containerized testing, and compliance/security testing frameworks. - Background in BFSI, GRC, or large-scale enterprise systems. Join XenonStack to be part of a fast-growing Data and AI Foundry that is accelerating the world's transition to AI + Human Intelligence. Be a part of a culture of excellence that values autonomy, accountability, and responsible AI-first practices.,

As a VP/AVP AV/ADAS Delivery at iMerit, you will be leading the delivery organization supporting autonomous vehicle and ADAS clients. Your role will involve ensuring delivery excellence across a portfolio of enterprise clients by maintaining consistent quality, scalability, and efficiency of operations. Here is a breakdown of your key responsibilities: - **Delivery Leadership & Client Management:** - Own delivery for a portfolio of enterprise clients in AV/ADAS programs. - Drive robust delivery governance including QBRs, client health reviews, RCA/CPA, and CSAT improvement plans. - Establish SLA frameworks and ensure adherence across clusters. - Act as a strategic escalation point and lead issue resolution. - **Multi-Account Oversight:** - Supervise concurrent delivery across 36 large enterprise accounts. - Ensure optimization of resource allocation, schedule adherence, productivity, and profitability across all accounts. - Maintain a balance between portfolio-wide visibility and periodic account-level immersion. - **Operational Excellence:** - Define and drive KPIs for quality, turnaround time, throughput, and cost of delivery. - Collaborate with WFM, L&D, Tech, and QA for integrated delivery planning and optimization. - Cultivate a culture of continuous improvement, automation, and reuse of delivery accelerators. - **Team Leadership & Talent Development:** - Lead a matrixed team of 300-800 labelers, reviewers, specialists, and managers through Cluster/Sub-cluster heads. - Identify high-potential leaders, enable succession planning, and career progression. - Align team structure with business demand cycles and client commitments. - **Solutioning and Innovation Enablement:** - Work with Solutions and Pre-sales teams on client RFPs, PoCs, and pilots. - Stay updated on trends in multi-sensor data annotation, synthetic data, and ML-assisted labeling. - Drive pilot-to-production transitions and institutionalize best practices. In terms of qualifications, the key requirements for this role include: - 15+ years in AI/ML Data Services/Digital Operations, with 5+ years in AV/ADAS delivery. - Previous experience managing multiple concurrent enterprise accounts. - Deep understanding of annotation workflows, tools, and quality frameworks. - Proven experience in managing large-scale teams with a cluster or business unit structure. - Strong client-facing presence with stakeholder management experience. Additionally, exposure to Generative AI applications in AV/ADAS, experience with automation-led delivery transformation, and familiarity with security standards like ISO27001 and SOC2 would be advantageous. Your success in this role will be measured by metrics such as Client Satisfaction (CSAT > 95%), Delivery Quality (Accuracy %, Rework %, SLA Adherence), Financial Metrics (Utilization %, Margin %, Revenue per FTE), People Metrics (Attrition %, Internal Mobility %, Bench %), and Operational Efficiency (Automation %, Productivity Index).,

About the Team At Navi, the InfoSec team safeguards our digital ecosystem - ensuring the confidentiality, integrity, and availability of critical systems and data. We lead the charge on cyber risk management, regulatory compliance, and data protection, while championing a security-first culture across all teams. Our mission: Protect what powers Navi - securely, compliantly, and confidently. About the Role Navi is looking for an Associate Manager II Information Security to pilot key aspects of its group-wide information security and regulatory compliance program. This role involves interpreting and implementing information security and technology risks mandates from regulators such as RBI, IRDAI, SEBI, and NPCI, ensuring continuous tech compliance across all business units. You will collaborate closely with engineering, infrastructure, legal, and IT teams to establish and maintain robust security policies, frameworks, and controls. Additionally, the role includes conducting risk assessments, enabling audit readiness, managing third party/vendor security audits, and driving awareness initiatives across the organization, while also representing Navi in internal and external forums when needed. What We Expect From You Compliance & Risk Management Interpret and implement regulations related to cybersecurity issued by RBI, IRDAI, SEBI , NPCI. Ensure ongoing monitoring and tech compliance with regulatory expectations. Conduct and review Technology Risk Assessments , and recommend mitigation strategies. Maintain tech audit readiness with appropriate documentation and evidence. Represent Navi in Board meetings and regulatory discussions, if needed. Security Governance Define, uplift and implement information security policies, frameworks, standards, and controls . Solution Architect mind set for regulatory cybersecurity compliance . Review security controls at data centers, the cloud environment, and ensure BCP/DR controls. Review and conduct Third Party Risk & Vendor Assessments pre-onboarding and post onboarding . Manage cyber/information security incidents and drive timely resolution. Operations & Enablement Run security awareness programs and train teams/employees on data security and privacy. Identify, define and manage Security KPIs , publish weekly/monthly dashboards. Project manage Information Security initiatives with measurable outcomes. Must Haves Experience & Technical Skills 5+ years of experience in Information Security or tech Compliance roles. Prior experience in Fintech/Startup environments (preferred). Familiarity with regulatory compliance frameworks like , RBI Master Directions, IRDA, SEBI, and NPCI guidelines. Experience with frameworks such as ISO27001 , PCI DSS , SOC2 etc. Working knowledge of cloud environments like AWS, Oracle Cloud, GCP. Exposure to Agile methodologies , DevOps , and Cloud-native tech . Soft Skills Hands-on problem-solver for complex security issues. Strong ability to multitask, prioritize, and meet deadlines in a fast-paced environment. Ability to balance risk, impact, business priorities, and timelines. Excellent communication skills (verbal and written). Qualifications Bachelors degree or diploma in Technology, or Engineering. Relevant certifications like ISO 27001 Lead Auditor/Implementer , CISA , CISM , CISSP , etc. Inside Navi We are shaping the future of financial services for a billion Indians through products that are simple, accessible, and affordable. From Personal & Home Loans to UPI, Insurance, Mutual Funds, and Gold were building tech-first solutions that work at scale, with a strong customer first approach. Founded by Sachin Bansal & Ankit Agarwal in 2018, we are one of Indias fastest-growing financial services organisations. But were just getting started! Our Culture The Navi DNA Ambition. Perseverance. Self-awareness. Ownership. Integrity. Were looking for people who dream big when it comes to innovation. At Navi, youll be empowered with the right mechanisms to work in a dynamic team that builds and improves innovative solutions. If youre driven to deliver real value to customers, no matter the challenge, this is the place for you. We chase excellence by uplifting each otherand that starts with every one of us. Why You&aposll Thrive at Navi At Navi, its about how you think, build, and grow. Youll thrive here if: Youre impact-driven : You take ownership, build boldly, and care about making a real difference. You strive for excellence : Good isnt good enough. You bring focus, precision, and a passion for quality. You embrace change : You adapt quickly, move fast, and always put the customer first. Show more Show less

As a Senior Consultant in the TMT (Technology, Media & Entertainment, and Telecommunications) Assurance team at EY, your role involves helping TMT companies navigate industry convergence challenges and develop agile corporate strategies for growth. You will assist clients in creating compelling employee and customer experiences, ensuring data security, and enabling successful M&A strategies. Your work will contribute to building a better working world for all. **Key Responsibilities:** - Demonstrate technical excellence in areas such as SOCR, SOC1, SOC2 - Provide assurance services to clients, ensuring compliance with audit standards - Offer clear perspectives to audit committees and stakeholders - Contribute to service offerings including External Audit, FAAS, IFRS & US GAAP conversion, and more **Qualifications Required:** - B Tech, MBA, or CA degree - Minimum 4 years of relevant experience **What We Look For:** We seek individuals who can collaborate effectively across client departments, adhere to commercial and legal requirements, and solve complex problems with practical solutions. Ideal candidates should be agile, curious, and creative, with a positive energy and a proactive mindset. At EY, you will be part of a global organization with a strong brand presence and a commitment to employee development. With a focus on inclusivity and work-life balance, EY offers a personalized Career Journey and access to resources for continuous learning and growth. If you meet the criteria and are eager to contribute to building a better working world, we encourage you to apply and join us at EY.,

The Job in short - As an IT Governance, Risk and Compliance (GRC) Manager, you enable Backbase in conducting its business in full compliance with all relevant national and international laws and regulations. This also includes professional standards, accepted business practices, internal policy standards and IT Security frameworks such as SOC2, ISO27001 and PCI-DSS etc. requirements. There is both an ethical component and a pragmatic approach to compliance that this role would require in helping the organization manage risk and build trust with its Customers. IT GRC Manager must present a good understanding of the highly innovative and dynamic environment of a FinTech organisation. Meet the job Functional/ Technical Skills Support design, implementation and management of IT Controls & Compliance Frameworks for an international organisation. Ensure compliance with the industry best security practices within SaaS environments. Manage and coordinate customer and independent third-party attestations as part of the contractual obligations and certification requirements. Support Third-Party Risk assessments and regular assurance program Prior experience working with GRC tools and platforms Ability to analyse and translate laws, regulations and technical requirements into commercially focussed business processes Ability to execute and report status on Risk Assessment and Risk Mitigation Program metrics. Proficient at maintaining policies and procedures as part of the Policy Governance Framework and coordinating that with other departments. Business, product and industry knowledge Ability to integrate in an Agile/Scrum working environment to drive teams. Knowledge of Secure-SDLC tooling and Application Security Knowledge of Open Banking / PSD2 is an added advantage Knowlege of multiple security and privacy frameworks, Third-party risk, outsourcing and banking regulations, etc. Knowledge of modern cloud technologies (AWS, Azure) and risks associated with Software-as-a-Service model. Knowledge of the requirements of ethics & compliance programs in international business Complexity & Problem Solving Proven ability to lead tactical compliance setup and operations SME with the ability to give concise and to-the-point compliance advice Proactive & analytical program management approach. Strategic problem solver who can take issues and find practical business solutions Collaborations and Interactions Internal & external stakeholder management Collaboration and interaction with colleagues from all relevant departments, vendors, partners and customers. How about you - Minimum of 6-8 years of relevant working experience in the practical implementation of Compliance programs in an international environment Bachelors degree required; - Acedemic degree desired in the area of IT Security, Risk Management, Cyber Security, Information Security. Fluent English - written and spoken required (mandatory) Professional certifications (e.g. ISC2 or CompTIA certifications) desired or willingness to obtain them Experience with managing in a functional way (not hierarchical)

Job Description: Cloud Architect Job Summary We are seeking a highly skilled and visionary Cloud Architect with expertise in designing, implementing, and optimizing cloud-native solutions, with a strong emphasis on Amazon Web Services (AWS) . The ideal candidate will serve as a trusted advisor and technical leader, guiding cloud strategy, architecture, and execution. While AWS expertise is essential, familiarity with Google Cloud Platform (GCP) and Microsoft Azure is considered a strong plus. The Cloud Architect will play a critical role in enabling digital transformation, modernizing applications, ensuring compliance, and driving innovation across multiple cloud platforms. This role requires a balance of hands-on technical skills , strategic thinking , and the ability to collaborate with business stakeholders, developers, DevOps, and security teams. Key Responsibilities Cloud Strategy & Architecture Lead the design and development of cloud architectures (IaaS, PaaS, SaaS) with a strong focus on AWS cloud services . Develop and maintain cloud adoption frameworks , roadmaps, and best practices for scalable and cost-optimized solutions. Advise leadership on emerging cloud technologies, trends, and architectural patterns. Ensure architectures support business objectives, scalability, high availability, resilience, and security. AWS Cloud Expertise Architect solutions using AWS core services, including: Compute : EC2, ECS, EKS, Lambda. Storage : S3, EFS, FSx, Glacier. Networking : VPC, Transit Gateway, Direct Connect, Route 53. Databases : RDS, DynamoDB, Aurora, Redshift. Security & IAM : KMS, IAM, Secrets Manager, Security Hub. Management & Monitoring : CloudWatch, CloudTrail, Config. Design multi-account AWS environments using AWS Control Tower and Organizations. Implement cost governance strategies using AWS Cost Explorer, Budgets, and Trusted Advisor. Provide technical leadership in cloud migrations, modernization, and hybrid-cloud deployments . Multi-Cloud Enablement (Good-to-Have: GCP & Azure) Support interoperability between AWS, GCP, and Azure for hybrid and multi-cloud strategies. Familiarity with: Azure : Virtual Machines, App Services, AKS, Azure Functions, Blob Storage. GCP : Compute Engine, GKE, Cloud Functions, BigQuery, Cloud Storage. Offer guidance for portability and vendor lock-in mitigation. DevOps & Automation Integrate cloud architecture with CI/CD pipelines (Jenkins, GitHub Actions, GitLab CI, Azure DevOps). Automate infrastructure provisioning using IaC tools : Terraform, AWS CloudFormation, Pulumi. Champion DevSecOps practices with automated security checks and compliance scanning. Design observability solutions with Prometheus, Grafana, Datadog, or AWS-native tools . Security & Compliance Design architectures that adhere to compliance frameworks (SOC2, ISO 27001, GDPR, HIPAA, PCI DSS). Implement Zero Trust and cloud-native security controls (WAF, GuardDuty, Shield). Establish identity federation and SSO with AWS IAM Identity Center (SSO), Azure AD, or Okta. Define key management policies , encryption standards, and secure networking patterns. Collaboration & Stakeholder Engagement Partner with business leaders to translate requirements into cloud strategies . Mentor cloud engineers, developers, and operations teams. Conduct technical workshops, proof of concepts (POCs), and architecture reviews . Collaborate with vendors, consultants, and internal security/compliance teams. Required Skills & Qualifications Bachelor's or Master's degree in Computer Science, Information Technology, Engineering, or related field . 10+ years of IT experience , with 5+ years in cloud architecture (AWS priority) . Deep knowledge of AWS cloud services, well-architected framework, and enterprise patterns . Strong experience with Infrastructure as Code (Terraform, CloudFormation) . Proficiency in container orchestration (Kubernetes, EKS, AKS, GKE). Hands-on expertise in network architecture (VPC peering, hybrid connectivity, VPN, Direct Connect). Strong understanding of cloud-native security, compliance, and cost governance . Experience with cloud migration strategies : re-hosting, re-platforming, re-architecting. Familiarity with multi-cloud solutions (GCP & Azure) . Excellent communication, documentation, and leadership skills. Preferred Skills & Certifications AWS Certified Solutions Architect - Professional (highly preferred). AWS Advanced Networking, Security, or DevOps certifications. Azure Solutions Architect Expert or Google Professional Cloud Architect (good to have). Knowledge of FinOps practices and cloud cost optimization. Familiarity with AI/ML workloads in the cloud (SageMaker, Vertex AI, Azure ML). Experience with disaster recovery (DR) and business continuity planning (BCP) . Why Join Us Work with a forward-thinking digital enterprise that values innovation and agility. Lead large-scale AWS-first cloud programs , with exposure to multi-cloud. Collaborative culture with cross-functional teams across DevOps, Security, AI/ML, and Product . Competitive compensation, training support, and continuous learning opportunities .

Job Description Principal/Lead Cloud Infrastructure Architect Location: Bangalore (Onsite; Face-to-Face Interviews Only) Experience: 11--17 years What You Will Do Architect resilient and observable infrastructure on Azure using Infrastructure as Code (IaC) , balancing cost, performance, and reliability. Lead the design and implementation of organization-wide monitoring, alerting, and dashboarding strategy. Drive incident management and lead post-incident analysis at the org level. Define and execute the DevSecOps strategy , ensuring secure automation across engineering teams. Implement FinOps practices by optimizing cloud spend and forecasting usage trends. Collaborate with global stakeholders to establish and document best practices, governance, and engineering standards. Required Qualifications Bachelors/Master’s in Computer Science, Software Engineering, or related discipline. 12+ years of professional experience with deep expertise in infrastructure automation and operations. Strong expertise with IaC tools ( Terraform, Helm, Ansible ). Hands-on experience in CI/CD platforms (GitLab, GitHub, Azure DevOps) and containerization technologies (Docker, Kubernetes). Proven expertise in observability tools such as Grafana, Prometheus, and ELK stack. Experience with FinOps and compliance frameworks: SOC 2, ISO 27001, GDPR, HIPAA, NIST 800-53. Preferred Qualifications Strong technical leadership skills , with the ability to mentor, guide, and influence cross-functional teams. Excellent communication and stakeholder management skills across global teams. Why Join Us? Opportunity to architect and scale next-generation cloud platforms impacting global businesses. Lead strategy and execution across observability, DevSecOps, and FinOps. Collaborate with a high-performing global engineering organization . Competitive compensation and leadership visibility in a fast-scaling environment.

Amazing Oppurtunity for candidates wo can join us by 1st week of OCT !! About the Vacancy: IT Advisory Risk Consulting IT Audit & Assurance KPMGs IT Advisory Risk Consulting team is looking for Managers to join their IT Audit & Assurance team. Team provides Independent assurance on controls in place across clients IT environment and ways to mitigate Technology risks. Following are some of our key solution offerings Skill set for IT Audit - IT Audit with knowledge of IT governance practices Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Prior IT Audit experience in areas of ITGC, SOX 404, SOC-1 and SOC-2 Audits and Application Controls Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases Position: Associate Consultants/ Consultants/ Assistant Managers Responsibilities Additional Responsibilities for Assistant Managers: Supervise associates and interns on engagements Serve as a liaison between financial services clients and upper management Qualifications Bachelor's degree in an appropriate field from an accredited college/university Project or team lead experience, specifically within a consulting firm is preferred Excellent written and verbal communication, facilitation, and presentation skills with the ability to gain the confidence and respect of senior level executives Strong analytical and problem solving skills Ability to work well in teams Ability to work under pressure stringent deadlines and tough client conditions which may demand extended working hours Willingness to travel within India or abroad for continuous long periods of time Demonstrate integrity, values, principles, and work ethic and lead by example

As a Senior Security Risk Analyst at Snowflake, you will play a crucial role in managing and enhancing the existing program for assessing the risk associated with third party tools and services utilized by Snowflake. Your responsibilities will include overseeing the intake process, collaborating with stakeholders to gather necessary information, comprehensively understanding the use case for each tool or service, and reviewing documentation to ensure compliance with security controls. Your expertise will be instrumental in identifying and mitigating third party security risks to safeguard Snowflake assets. In this role, you will independently conduct ongoing third party security risk assessments to help Snowflake in identifying and evaluating security risks. By providing detailed evaluations and actionable recommendations based on security and compliance best practices, you will contribute to enhancing the overall security posture of the organization. Moreover, you will support and monitor remediation efforts, review evidence to align vendor security controls with Snowflake data protection requirements, and manage security findings from various vendor security monitoring systems. The ideal candidate for this position will possess at least 6 years of experience in a security compliance role, with a minimum of 3 years focused on third party security risk management. You should be highly motivated, adept at working in fast-paced environments, and have a deep understanding of security best practices and technologies. Additionally, exceptional communication skills, proficiency in security documentation, and knowledge of industry regulations and standards such as PCI-DSS, HIPAA, SOC1, SOC2, GDPR, and ISO frameworks are essential. Experience in working with JIRA, Confluence, and ServiceNow, negotiating security agreements, and holding security certifications like CISSP, CCSP, or CISA will be considered advantageous. Snowflake values individuals who challenge conventional thinking, drive innovation, and contribute to the company's growth. If you are a self-motivated problem solver with a keen eye for detail and a strong commitment to excellence, we invite you to join our dynamic team and make a meaningful impact in the field of security risk management.,

This position as a Senior IT Internal Auditor is a vital role within the Internal Audit Team, requiring you to take the lead in executing high-impact, risk-based IT audit engagements that are in alignment with regulatory frameworks such as SOX, FFIEC, and NIST, as well as organizational priorities. The ideal candidate for this role will possess experience in auditing intricate IT environments and a profound expertise in cybersecurity, IT governance, and technology risk. Your primary responsibilities will involve contributing to the annual IT audit plan by assessing risk, planning and scoping audits, and providing assurance and advisory services across various areas including financial reporting, cloud computing, data protection, third-party risk, and IT operations. Collaboration with stakeholders from departments such as Accounting, Technology, Information Security, Risk, and Compliance will be crucial in driving efforts towards risk mitigation and control enhancement. Your duties will include executing the SOX IT and information systems testing program, conducting walkthroughs, analyzing audit evidence, executing controls testing, identifying issues, defining issues, and documenting business processes and procedures. You will also be involved in supporting the creation of status reports and planning materials, collaborating closely with internal and external stakeholders, and performing end-to-end planning, execution, and reporting of risk-based IT audit engagements across various domains such as Information Security Program, Network & System Security, Business Continuity and Disaster Recovery (BC/DR), Change Management and Software Development Lifecycle (SDLC), Third-Party Risk Management (TPRM), Identity & Access Management (I&AM), IT Operations and Asset Management, Privacy and Data Protection, and Cloud and Outsourced Services. Additionally, you will evaluate IT risks, control maturity, and alignment with regulatory expectations, provide risk advisory and control consultation to IT and business leadership, collaborate closely with cross-functional stakeholders to understand business processes and evaluate control effectiveness, develop and deliver clear, concise, risk-focused audit reports, partner with internal and external audit teams, monitor and validate the implementation of management action plans, support new system implementations, conduct risk assessments, contribute to the development and evolution of the IT audit program, act as a key liaison to internal and external auditors, and suggest alternatives for process improvements. To be successful in this role, you are required to have a Bachelor's degree in Information Technology, Accounting, Finance, or a related field, along with five or more years of experience in IT audit, internal audit, cybersecurity, financial services, or a related business function. A thorough understanding of internal controls, IT risk, and regulatory requirements including SOX, FFIEC, and financial compliance frameworks is essential, as well as strong knowledge of internal audit methodologies, project management skills, proficiency in Microsoft Excel, Word, Outlook, and data analysis tools, and excellent communication and interpersonal skills. Holding an active CIA, CISA, or CPA designation or having plans to pursue one is also preferred.,

Role Purpose: Support the wider team with Information Security controls assurance activities (testing of Design and Operational Effectiveness) and Governance of Information Security Standards & Guidelines. Job Role: Maintain and update the cyber security control library ensuring controls and other key attributes of the library are aligned to industry best practice (NIST Cyber Risk Institute Profile). Conduct the assurance of controls with control owners and operators. Support the wider team with testing of controls, ensuring evidences and metrics are reviewed to demonstrate controls are designed and operated effectively (DE & OE testing). Report gaps in control effectiveness to control owners and track remediation activities through to completion. Support the annual review of Cyber Security Standards with standard owners and key SME&aposs. Handle internal feedback from SME&aposs. Support gap assessments of cyber controls and standards to industry recognised best practice. Work closely with other GRC teams and respond to queries raised on cyber controls and standards. Liaise with multiple customers across business units e.g. BISO&aposs, LSEG legal entities, second and third line of defence ensuring GRC related queries are addressed in a timely manner. Knowledge: Have an understanding of one of the following frameworks : NIST, ISO27001, SOC2 and/or ISF Standard of Good Practice. Experience of conducting Risk and Controls Assessment or knowledge of testing controls to ensure if they are designed and operating effectively (DE & OE). Be able to challenge control owners, identify control gaps and propose suitable remediation plans. Experience in reviewing Cyber Security Standards, understanding the hierarchy of policies, standards and guidelines. Understanding the level of detail required in Policies, Standards and Procedures. Although this is not a technical role, demonstrate technical competences in Identity & Access Management, Vulnerability Management, Security Engineering, Security Architecture, Security Operations Centre and Cloud Security where controls are deployed. Proficient in Microsoft Office, in particular Excel and PowerPoint. Analyse data and produce reports and metrics. Key Relationships: Support Business Information Security Officers across different LSEG divisions. Maintain key relationships with Cyber Security stakeholders and second line of defence. About us: LSEG (London Stock Exchange Group) is more than a diversified global financial markets infrastructure and data business. We are dedicated, open-access partners with a dedication to excellence in delivering the services our customers expect from us. With extensive experience, deep knowledge and worldwide presence across financial markets, we enable businesses and economies around the world to fund innovation, manage risk and create jobs. It&aposs how we&aposve contributed to supporting the financial stability and growth of communities and economies globally for more than 300 years. Through a comprehensive suite of trusted financial market infrastructure services - and our open-access model - we provide the flexibility, stability and trust that enable our customers to pursue their ambitions with confidence and clarity. LSEG is headquartered in the United Kingdom, with significant operations in 70 countries across EMEA, North America, Latin America and Asia Pacific. We employ 25,000 people globally, more than half located in Asia Pacific. LSEG&aposs ticker symbol is LSEG. Our People: People are at the heart of what we do and drive the success of our business. Our culture of connecting, creating opportunity and delivering excellence shape how we think, how we do things and how we help our people fulfil their potential. We embrace diversity and actively seek to attract individuals with unique backgrounds and perspectives. We break down barriers and encourage teamwork, enabling innovation and rapid development of solutions that make a difference. Our workplace generates an enriching and rewarding experience for our people and customers alike. Our vision is to build an inclusive culture in which everyone feels encouraged to fulfil their potential. We know that real personal growth cannot be achieved by simply climbing a career ladder - which is why we encourage and enable a wealth of avenues and interesting opportunities for everyone to broaden and deepen their skills and expertise. As a global organisation spanning 70 countries and one rooted in a culture of growth, opportunity, diversity and innovation, LSEG is a place where everyone can grow, develop and fulfil your potential with meaningful careers!! LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth. Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership , Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions. Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity. LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives. We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone&aposs race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it&aposs used for, and how it&aposs obtained, your rights and how to contact us as a data subject . If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice. Show more Show less

As a DevOps Engineer with 4-6 years of experience, you will be responsible for managing scalable cloud infrastructure, optimizing CI/CD pipelines, and ensuring high system reliability in a fast-paced fintech environment based in Gujarat (GIFT City). Your role will encompass full ownership of DevOps processes, from infrastructure automation to production monitoring. Your key responsibilities will include designing and managing cloud infrastructure using tools like AWS, Terraform, or CloudFormation, as well as building, maintaining, and optimizing CI/CD pipelines with tools like Jenkins, GitLab CI/CD, or GitHub Actions. You will deploy and manage containerized applications using Docker and Kubernetes, implement and maintain system monitoring solutions (Prometheus, Grafana, CloudWatch) for high availability, and ensure security best practices and compliance with industry standards (e.g., SOC2, GDPR). Collaboration with cross-functional teams to troubleshoot and enhance system performance, as well as mentoring junior engineers to foster a DevOps culture, will be essential in this role. Required skills and qualifications include extensive experience with cloud platforms such as AWS, Azure, or GCP, proficiency in IaC tools like Terraform, CloudFormation, or Ansible, and hands-on expertise in building CI/CD pipelines with tools like Jenkins, GitLab, or similar. Strong experience with Docker and Kubernetes (EKS/GKE), managing production systems for high availability, resolving critical incidents, and knowledge of monitoring tools like Prometheus, Grafana, and Datadog are also essential. Familiarity with security protocols and compliance (IAM, encryption, VPC isolation) is required. Preferred skills include experience with distributed systems and message queues (Kafka, RabbitMQ), familiarity with cost optimization strategies in cloud environments, and knowledge of disaster recovery and scaling in production environments.,

MTX Group Inc. is looking for a dedicated Senior Consultant - IT Support to become a valuable part of our team. As a global technology consulting firm, MTX specializes in facilitating digital transformation for organizations worldwide. Our focus is on leveraging data as the new currency to drive strategic outcomes related to happiness, health, and the economy. By collaborating with leading cloud technologies, MTX empowers clients to enhance decision-making processes with speed and precision. We offer expertise in a wide range of platforms and technologies, including Google Cloud, Salesforce, artificial intelligence/machine learning, data integration, data governance, data quality, analytics, visualization, and mobile technology. Your responsibilities will include configuring network devices, firewalls, access points, routers, and switches for system and network monitoring. You will also be involved in deploying, installing, configuring, and administering Linux Systems and Servers, providing end-user support, managing IT assets and devices, administering G-Suite, configuring Biometric and HID access, and maintaining licenses for MTX Applications. Additionally, you will engage with employees globally at a technical level, conduct regular audits of IT assets and applications, assist in scaling IT systems and networks for growth, address hardware and software issues, and contribute to defining best practices and support procedures. To excel in this role, you should possess 6-9 years of experience in IT support and system administration, with a strong background in network administration, Linux server deployment, Ubuntu, tools like Jenkins and Docker, as well as proficiency in Windows and macOS. Holding a Cisco CCNA Certification and having experience in cybersecurity, G-Suite Administration, Biometric and HID access, and knowledge of leading Infrastructure platforms such as GCP, Azure, and AWS will be advantageous. Familiarity with IT audit processes and standards like HIPAA, SOC-2, SSAE18, and ISO-27001 is also desirable. In addition to technical skills, key soft skills such as flexibility with tasks, teamwork, problem-solving abilities, analytical thinking, interpersonal skills, and effective communication are essential for success in this role. We offer a comprehensive benefits package that includes group medical insurance, maternity cover, personal accident policy, food wallet option, internet reimbursement, and professional development opportunities through MTX-sponsored certifications across various technology stacks like Salesforce and Google Cloud. If you are ready to contribute your expertise to a dynamic and innovative team, we invite you to apply for the Senior Consultant - IT Support position at MTX Group Inc.,

Key Responsibilities: Manage and optimize AWS/Azure cloud infrastructure. Build and maintain CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI/CD). Deploy and manage Kubernetes (EKS/AKS), Docker, and Helm. Implement monitoring & logging (Prometheus, Grafana, ELK, CloudWatch). Ensure compliance (SOC 2, ISO27001) and conduct VAPT security checks. Automate infrastructure with Terraform/CloudFormation. Support MLOps workflows for ML model deployment. Requirements: 8+ years in DevOps/Cloud Engineering. Strong expertise in Kubernetes, Docker, Terraform, and CI/CD tools. Hands-on with SOC 2, VAPT, and cloud security best practices. Experience with MLOps and MongoDB performance optimization.

HMH is a learning technology company committed to delivering connected solutions that engage learners, empower educators and improve student outcomes. As a leading provider of K12 core curriculum, supplemental and intervention solutions, and professional learning services, HMH partners with educators and school districts to uncover solutions that unlock students" potential and extend teachers" capabilities. HMH serves more than 50 million students and 4 million educators in 150 countries. HMH Technology India Pvt. Ltd. is our technology and innovation arm in India focused on developing novel products and solutions using cutting-edge technology to better serve our clients globally. HMH aims to help employees grow as people, and not just as professionals. For more information, visit www.hmhco.com. The Senior Manager of Information Security (External Role Description Application/Product Security Architect) will report to the Chief Information Security Officer. As a leader in the Information Security organization, this role will lead the task of refining, managing, and executing a strategic product/application security roadmap based on industry-standard software security frameworks. The responsibilities include planning, implementing, and tracking key initiatives focused on product/application security strategy, metrics, compliance, policy, developer awareness, training, and stakeholder engagement, collaborating closely with multiple teams including Information Security, Product Management, Engineering, Legal, Risk, and Compliance. The aim is to improve product/application security controls and drive impactful change within the team and its members. Responsibilities: - Bring a deep background and broad experience in Information Security, Application Security, & Application Development or related business areas. - Lead a team of high-performing individuals creating remediation plans, performing security reviews, and recommending security solutions to meet current and future needs for HMH products and applications. - Drive the development and implementation of product and application standard security review processes to reduce security risks before product releases effectively. - Influence project and portfolio stakeholders, communicate relevant security information to executive leaders and individual contributors. - Provide input into the Information Security strategy aligning future security investments with business requirements, industry threat landscape, and risk appetite of HMH. - Collaborate closely with the Architecture teams to ensure alignment. - Track policy exceptions and remediation dates through active engagement with development and operations teams. - Stay updated on the latest cyber security threats internally and externally. - Oversee projects, program delivery, daily monitoring, response, review cloud and physical infrastructure, alerts through incident response, and threat landscape for ongoing security controls maturity. - Drive operational efficiency and excellence leveraging tools, processes, and automation with appropriate visibility and metrics meeting SLAs/SLOs. - Support and implement controls and visibility to meet third-party attestations (SOC2, ISO27001, GDPR, SOX). - Balance collaboration with being firm on security policies and facilitating progress and compromise. What You Should Have: - 5 to 6+ years hands-on experience in application security utilizing SAST, DAST, IAST, RASP, and WAF. - 5+ years of application engineering, architecture, or development management experience. - Proficient in analyzing problems, compelling communicator, translating security risk to business risk, and driving actionable decisions. - Experience in leading application security remediation work and mitigation initiatives. - Proficient experience with common web application attack vectors and mitigation strategies. - Highly organized with strong organizational skills for yourself and the team in a fast-moving company.,

As a highly skilled resource proficient in the Information Security domain, you will be a valuable addition to our Vendor and Client Security team within the Information Security Department. Your primary responsibilities will include: - Completing client security questionnaires, answering follow-up questions, and participating in client audits as requested by the business. - Conducting vendor security due diligence assessments to verify vendors" information security and privacy capabilities through risk assessment questionnaires, response analysis, and final assessment report creation. - Monitoring critical vendors continuously and collaborating with them on the remediation of identified vulnerabilities. - Partnering with business stakeholders to articulate risks clearly to both business and technology audiences. - Tracking remediation progress to address vulnerabilities identified by clients effectively. - Reviewing contracts and master service agreements to ensure the presence of appropriate security language. - Supporting the development, implementation, and maintenance of the Information Security program. - Participating in internal and external audits related to SOC2, ISO 27001/27701, etc. - Maintaining familiarity with Information Security policies to facilitate annual reviews and updates. - Performing general administrative duties as required to support Information Security operations. Key Requirements: - Minimum 3-5 years of experience in Information Security roles. - Bachelor's degree in a related field from an accredited college or university. - Proficient in English written and verbal communication. - Strong understanding and experience in Information Security program development, maintenance, and governance. - Excellent research skills. - Ability to plan and execute tasks with minimal oversight. - Proficient in multitasking and prioritizing tasks across various projects. - Strong time management and organizational skills. - Demonstrated personal integrity and commitment to delivering outstanding results. - Willingness to work flexible hours to support global business users. - Prior experience with ProcessUnity Vendor Risk Management Tool and Bitsight cybersecurity ratings practice is a plus. About Kroll: Kroll is a global valuation and corporate finance advisor specializing in complex valuation, disputes, investigations, M&A, restructuring, compliance, and regulatory consulting. Our professionals combine analytical skills, market insight, and independence to assist clients in making informed decisions. We value diversity, global thinking, and a collaborative work environment that fosters excellence. Kroll is an equal opportunity employer that recruits based on merit. To be considered for a position, please apply formally via careers.kroll.com.,

HMH is a learning technology company committed to delivering connected solutions that engage learners, empower educators, and improve student outcomes. As a leading provider of K12 core curriculum, supplemental and intervention solutions, and professional learning services, HMH partners with educators and school districts to uncover solutions that unlock students" potential and extend teachers" capabilities. HMH serves more than 50 million students and 4 million educators in 150 countries. HMH Technology India Pvt. Ltd. is our technology and innovation arm in India focused on developing novel products and solutions using cutting-edge technology to better serve our clients globally. HMH aims to help employees grow as people, and not just as professionals. The Senior Manager of Information Security (External Role Description Application / Product Security Architect) will report to the Chief Information Security Officer. As a leader in the Information Security organization, this role will lead the task of refining, managing, and executing a strategic product/application security roadmap that is based on industry-standard software security frameworks. You will plan, implement, and track key initiatives focused on product/application security strategy, metrics, compliance, policy, developer awareness, training, and stakeholder engagement. You will work closely with multiple teams that make up Information Security, Product Management, Engineering, Legal, Risk, and Compliance to improve product/application security controls and drive impactful change to the team and its members. Responsibilities: - Bring a deep background and broad experience in Information Security, Application Security, & Application Development or related business areas. - Lead a team of high-performing individuals who create remediation plans, perform security reviews, and recommend security solutions to meet current and future needs for HMH products and applications. - Drive the development and implementation of product and application standard security review processes that result in effective methods for reducing security risks before product releases. - Demonstrate an ability to influence all project and portfolio stakeholders; communicate relevant security information to both executive leaders and individual contributors in an effective manner. - Provide input into the Information Security strategy to ensure that future security investments are aligned appropriately when considering key priorities such as business requirements, industry threat landscape, and risk appetite of HMH. - Collaborate closely with the Architecture teams. - Demonstrated experience handling the demand/supply of project and program resources and tracking allocation. - Track policy exceptions and remediation dates through active engagement with development teams and operations teams. Partner with Audit teams to periodically audit controls and secure coding practices being followed by development teams. - Staying abreast of the latest cybersecurity threats both internal and external. - Oversee projects, program delivery, daily monitoring, response; review of cloud infrastructure, physical infrastructure, and the full life cycle of alerts through incident response; and the threat landscape to ensure ongoing and continued maturity of the organization's security controls in addition to service support. - Drive operational efficiency and excellence leveraging tools, process, and automation with appropriate and transparent visibility and metrics that can meet SLAs/SLOs. - Support and implement controls and visibility to meet third-party attestations (SOC2, ISO27001, GDPR, SOX). - Balance being collaborative, open, and approachable while still being firm on security policies and in facilitating progress and compromise. What you should have: - 5 to 6+ years hands-on experience in application security utilizing SAST, DAST, IAST, RASP, and WAF. - 5+ years of application engineering, architecture, or development management experience. - Proficient in analyzing ambiguous problems, compelling communicator with the ability to receive and analyze information, translating security risk to business risk to driving actionable decisions across multiple levels and departments. - Experience in leading application security remediation work, leading the mitigation initiative to accommodate the developer community priority. - Proficient experience with common web application attack vectors and related mitigation strategies that translate to controls within the organization. - Highly organized. With many people doing many things in a fast-moving company, strong organizational skills both for yourself and for the team will be required.,

HMH is a learning technology company dedicated to providing connected solutions that engage learners, empower educators, and enhance student outcomes. With a focus on K12 core curriculum, supplemental and intervention solutions, as well as professional learning services, HMH collaborates with educators and school districts to discover solutions that unlock students" potential and extend teachers" capabilities. Serving over 50 million students and 4 million educators in 150 countries, HMH Technology India Pvt. Ltd. is the technology and innovation arm in India, striving to develop innovative products and solutions using cutting-edge technology to better serve clients globally. HMH values the personal growth of employees alongside their professional development. The Senior Manager of Information Security (External Role Description Application / Product Security Architect) will report to the Chief Information Security Officer. In this leadership position within the Information Security organization, you will be responsible for refining, managing, and executing a strategic product/application security roadmap based on industry-standard software security frameworks. Your role will involve planning, implementing, and monitoring key initiatives focused on product/application security strategy, metrics, compliance, policy, developer awareness, training, and stakeholder engagement. Collaboration with various teams, including Information Security, Product Management, Engineering, Legal, Risk, and Compliance, is essential to enhance product/application security controls and drive impactful changes within the team and its members. **Responsibilities:** - Bring a deep background and broad experience in Information Security, Application Security, & Application Development or related business areas. - Lead a team in creating remediation plans, conducting security reviews, and recommending security solutions for HMH products and applications. - Develop and implement product and application standard security review processes to reduce security risks before product releases effectively. - Influence project and portfolio stakeholders by effectively communicating relevant security information to executive leaders and individual contributors. - Provide insights into the Information Security strategy to align future security investments with key priorities such as business requirements and the industry threat landscape. - Collaborate closely with Architecture teams and manage project and program resources effectively. - Monitor policy exceptions and remediation dates by engaging with development and operations teams actively. - Stay updated on the latest cyber security threats and oversee projects, program delivery, incident response, and overall security controls maturity. - Drive operational efficiency leveraging tools, processes, and automation while ensuring transparency and visibility through appropriate metrics. - Support and implement controls to meet third-party attestations such as SOC2, ISO27001, GDPR, and SOX. **What You Should Have:** - 5 to 6+ years of hands-on experience in application security using SAST, DAST, IAST, RASP, and WAF. - 5+ years of experience in application engineering, architecture, or development management. - Strong analytical and communication skills to translate security risks into actionable decisions across different levels and departments. - Proficiency in leading application security remediation work and implementing mitigation initiatives. - Familiarity with common web application attack vectors and related mitigation strategies. - Highly organized with strong organizational skills required for both personal and team efficiency in a fast-paced environment.,

About GoKwik GoKwik is a growth operating system designed to power D2C and eCommerce brands from checkout optimisation and reducing return-to-origin (RTO), to payments, retention, and post-purchase engagement. Today, GoKwik enables over 12,000 merchants worldwide, processes around $2 billion in GMV, and is strengthening its AI-powered infrastructure. Backed by RTP Global, Z47, Peak XV, and Think Investments and bolstered by a $13 million growth round in June 2025 (total funding: $68 million), GoKwik is scaling aggressively across India and the UK. Why This Role Matters At GoKwik, security isnt a bolt-on, its a core part of how we build, ship, and scale. As a Senior DevSecOps Engineer, youll ensure every layer of our infrastructure and development lifecycle is secure, compliant, and resilient. Youll work end-to-end with engineering teams, from design and deployment to operations and optimisation, embedding security guardrails into CI/CD pipelines, automating IAM and compliance checks, and reducing human error to near zero. Youll also shape a culture where security is a shared responsibility, not a last-minute review, while staying battle-ready to lead incident response and drive blameless learning. In short, youll own the frameworks and practices that let GoKwik grow fast without ever compromising trust, directly protecting $2B+ GMV and thousands of merchants who rely on us every day. What You&aposll Own Build secure CI/CD pipelines by embedding vulnerability scanning, SAST, and DAST, ensuring every release ships fast and safe Partner with engineering and security teams to design cloud-native architectures that are secure by default and resilient at scale Automate the boring stuff, from secrets management and IAM policy enforcement to compliance validation checks, cutting down human error and accelerating delivery Integrate best-in-class security tools (Vault, Prisma, Aqua, Trivy, etc.) into every layer of our infrastructure Take the lead during security incidents, coordinating response across teams and ensuring issues are remediated quickly and effectively Drive a proactive DevSecOps culture by running training, awareness programs, and blameless postmortems that turn incidents into learnings Own compliance readiness (SOC2, ISO 27001, PCI-DSS), working closely with governance and legal to keep us always audit-prepared without slowing down engineering Who You Are 3 - 7 years of hands-on experience in DevSecOps or Cloud Security Engineering within fast-scaling SaaS or eCommerce environments Strong grasp of AppSec and Cloud Security fundamentals, from IAM, WAF, and KMS to CSPM best practices Practical experience with Kubernetes security (RBAC, PodSecurity, NetworkPolicies) and keeping clusters production-hardened Comfortable with threat modelling, incident response, and security compliance frameworks (ISO, SOC2, PCI-DSS) Solid coding/scripting skills (Python, Go, Bash, etc.) to automate controls and eliminate repetitive manual work Someone who doesnt just know the theory but has battle-tested experience in securing systems at scale How You&aposll Thrive At GoKwik You embed security into velocity, helping teams move fast without cutting corners You believe in a blameless, learning-first culture, where issues are fixed, not hidden You take uptime and compliance seriously, 99.99999% is the bar, and you love building guardrails that make it possible You stay proactive, spotting and solving risks before they become incidents You thrive in a high-trust environment, where ownership is real and security is an enabler, not a blocker Why GoKwik At GoKwik, we arent just building tools, were rewriting the playbook for eCommerce in India. We exist to solve some of the most complex challenges faced by digital-first brands: low conversion rates, high RTO, and poor post-purchase experience. Our checkout and conversion stack powers 500+ leading D2C brands and marketplaces and were just getting started. Show more Show less

Join Us as a Cybersecurity Architect! Are you ready to make a significant impact in an innovative environment At ORBCOMM, were on the hunt for a passionate Cyber Security Architect who thrives in a fast-paced, agile setting. We want you to transform your ideas into action and drive our mission forward! As a key member of our cybersecurity team, youll collaborate closely with engineering and corporate IT functions, lead risk assessments, and ensure our products comply with global security standards. Your work will directly impact ORBCOMMs mission to deliver secure, scalable, and innovative IoT solutions worldwide. Why Youll Love Working Here As a Cyber Security Architect, you will focus on supporting our engineering teams with driving security by design principles into our product development lifecycle. You will also be responsible for leading security risk assessments and assisting teams with formulating remediation plans for discovered vulnerabilities. In this pivotal role you ensure that our products are secure by design and remain resilient against evolving cybersecurity threats. With a flexible hybrid work schedule, you can enjoy the best of both worldscollaborating onsite at our Hyderabad office while also benefiting from the flexibility of remote work. What Youll Do Lead security risk assessments and vulnerability analyses for SaaS platforms, IoT devices, and embedded software/firmware. Design and implement product-level security controls and countermeasures to defend against evolving cyber threats. Support security incident response and remediation efforts across the product landscape. Collaborate with engineering teams to integrate cybersecurity best practices throughout the product design and development lifecycle. Work with cross-functional teams to ensure product compliance with ORBCOMMs corporate security and IT policies. Drive alignment with industry cybersecurity standards and support compliance certifications such as SOC2, ISA/IEC 62443, etc. Partner with the Data Privacy Officer to ensure product alignment with privacy standards and policies. Monitor and stay informed of emerging cybersecurity technologies, threats, and trends within the IoT domain. Who You Are You are a security-focused technical leader with deep experience in embedded systems or cloud platforms, especially if you have: Bachelors or Masters degree in Engineering, Computer Science, Cybersecurity, or a related field. ISC2 Certified Secure Software Lifecycle Professional (CSSLP) certification is required. Demonstrated experience in embedded hardware/software development; experience in IoT systems is a strong plus. Familiarity with cloud platform security (AWS, OCI, or equivalent). Proficiency in industry standards such as ISA/IEC 62443, SOC2 Type I/II, or similar frameworks. Strong understanding of encryption protocols, authentication mechanisms, and modern security tools. Knowledge of industrial cybersecurity frameworks and secure product development best practices. Clear and effective communicator, comfortable interfacing with both technical and business stakeholders. Excellent problem-solving, risk assessment, and analytical skills.. Then we want to meet you! About Us At ORBCOMM, were pioneers in IoT technology, that drives innovation and empowers our clients to make data-driven decisions. Our industry-leading solutions enable customers to boost productivity, streamline operations and increase their bottom line. With over 30 years of experience and the most comprehensive solution portfolio in the industry, we enable the management of millions of assets worldwide across diverse sectors including transportation, heavy industries, satellite, and maritime. Discover how ORBCOMM is transforming industries and unlocking the potential of data to drive meaningful change by visiting us at www.orbcomm.com ! Ready to Join Us We believe that our people are our greatest asset. Your skills and passion can help us achieve remarkable things! If youre seeking a thrilling career opportunity in a vibrant, growth-oriented environment, ORBCOMM is the perfect fit for you. We are committed to building a diverse and inclusive workplace and appreciate all applicants for their interest in joining our team. Only candidates selected for an interview will be contacted. At ORBCOMM, we are also dedicated to ensuring accessibility and are pleased to offer accommodations for individuals with disabilities upon request throughout all aspects of the selection process. Show more Show less

The primary responsibility of this role is to lead and execute IT and Information Security Audits across various industries in India such as Telecom, Technology, Banking, Energy, and Healthcare. As a candidate, you will be expected to lead IT Audit engagements, develop professional relationships through client interaction, and ensure exceptional client service. You should have a minimum of 1.5 - 4 years of experience in IT SOX/ITGC, SOC1/SOC2, ITACs, IPEs, and Information Security Audits. Strong knowledge of IT infrastructure, Risk & Control Matrix preparation, leading walkthroughs, and control testing is essential. Preferred knowledge of Emerging Technologies like Cloud infrastructure, Regulatory compliance requirements for Financial Services/Fintech companies, and Data Privacy compliance audits would be advantageous. Team management skills, report writing, audit documentation, and presentation skills are crucial for this role. Desired skills include expertise in IT SOX/ITGC, SOC1/SOC2, and Information Security Audits. Relevant certifications such as CISA, CISM, ISO 27001 LA/LI, CCSK, and Data Privacy certifications are preferred. Experience in project and team management is required. As a project manager, you will be responsible for planning, directing, coordinating, and implementing specific projects. You will lead project planning and implementation, manage workflow activities for team members, and maintain productive relationships with key engagement team contacts. Quality assurance is a key aspect of this role. You should have a strong understanding of performing quality assurance of Audit workpapers and reports to identify gaps, suggest remedial measures, and ensure high-quality delivery to clients. Root cause analysis and implementation of action points are essential for maintaining quality standards. This is a full-time, permanent position with benefits including health insurance and Provident Fund. The work schedule is in the morning shift, and a yearly bonus is provided. The ideal candidate should have at least 1 year of experience in IT auditing and be able to work in person at the specified location.,