697 Cisa Jobs - Page 7

Basic/ Essential Qualifications: Chartered Accountant / Graduate / Masters in Business Administration with experience in risk-based auditing. Relevant professional qualifications (e.g. CIA, MIIA, ACCA, ACA, CISA) The candidate must demonstrate reasonable understanding in risk-based auditing (Internal or External) or risk/control activities in Retail and/or Wholesale Banking and knowledge of associated regulations. Strong communication skills with the ability to communicate effectively to business stakeholders. Practical understanding of relevant regulatory environment. Proven track record of high performance in previous roles. The candidate should demonstrate good understanding of ITGC domains. Proven track record of high performance in previous roles to include senior Auditee management. Desirable skillsets/ good to have: Financial services industry knowledge on Corporate Banking, Private Banking and Wealth Management Knowledge or experience of identifying opportunities for using data to enhance audit testing. This role will be based out of Pune. Purpose of the role To support the development of audits aligned to the bank s standards and objectives by working collaboratively with colleagues, providing accurate information and recommendations, and complying with policies and procedures. Accountabilities Audit development and delivery support, including financial statements, accounting practices, operational processes, IT systems and risk management. Identification of operational risks to support the delivery of the Barclays Internal Audit (BIA) Audit Plan through risk assessments. Assessment of internal control effectiveness and their capability to identify and mitigate risk aligned to regulatory requirements. Communication of key findings and recommendations to stakeholders, including the Audit Owner, senior managers and directors. Identification of regulatory news and industry trends/developments to provide timely insight and recommendations for best practice. Assistant Vice President Expectations To advise and influence decision making, contribute to policy development and take responsibility for operational effectiveness. Collaborate closely with other functions/ business divisions. Lead a team performing complex tasks, using well developed professional knowledge and skills to deliver on work that impacts the whole business function. Set objectives and coach employees in pursuit of those objectives, appraisal of performance relative to objectives and determination of reward outcomes If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L - Listen and be authentic, E - Energise and inspire, A - Align across the enterprise, D - Develop others. OR for an individual contributor, they will lead collaborative assignments and guide team members through structured assignments, identify the need for the inclusion of other areas of specialisation to complete assignments. They will identify new directions for assignments and/ or projects, identifying a combination of cross functional methodologies or practices to meet required outcomes. Consult on complex issues; providing advice to People Leaders to support the resolution of escalated issues. Identify ways to mitigate risk and developing new policies/procedures in support of the control and governance agenda. Take ownership for managing risk and strengthening controls in relation to the work done. Perform work that is closely related to that of other areas, which requires understanding of how areas coordinate and contribute to the achievement of the objectives of the organisation sub-function. Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategy. Engage in complex analysis of data from multiple sources of information, internal and external sources such as procedures and practises (in other areas, teams, companies, etc).to solve problems creatively and effectively. Communicate complex information. Complex information could include sensitive information or information that is difficult to communicate because of its content or its audience. Influence or convince stakeholders to achieve outcomes.

Job Title Sr. Information Security Manager Job Description #L1PHILIN Senior Information Security Manager Job Location: Bangalore The Integrated Supply Chain (ISC) Information Security Manager will be responsible for developing, implementing and monitoring a strategic and comprehensive IT security plans across multiple geographies and driving security in manufacturing sites, Distribution Centers, and warehouses across Philips. Your role: Develop and implement robust OT (Operational Technology), Cloud, Network, IoT (Internet of Things) security strategies on ISC (Integrated Supply Chain) manufacturing process aligned with industry standards, such as establishing security architecture compliance with regulations (e.g., HIPAA, FDA) and deploy technologies like firewalls and OT IDS (Operational Tech. Intrusion Detection System) solutions for system segmentation and protection. Leverage experience with OT technologies (e.g., Nozomi Guardian, Armis, Claroty) and perform vulnerability assessments by applying frameworks like MITRE ATT&CK and STRIDE for threat modeling and attack simulations, driving solutions to address security threats. Identify, assess, and mitigate: Operational Tachnology (OT) Cloud, Network, IoT (Internet of Things) risk and/or threats on Integraged Supply Chain (ISC) manufacturing security through cross-functional collaboration, develop incident response plans, lead investigations, and implement corrective actions to address root causes of security breaches. Secure supply chain systems by collaborating with vendors, conducting assessments, and enforcing compliance with security standards. Build a culture of security through targeted training programs and stakeholder education. Youre the right fit if: You have 10+ years of experience with Bachelors OR 3+ years of experience with Masters in areas such as Security Architecture, Network Security, Cybersecurity Technology, Information Security or equivalent You possess a Bachelors or Masters Degree in Computer Science, Information Technology, Cybersecurity or equivalent. You are knowledge on MITRE Framework, IEC 62443/NIST 800:23. Preferred to have a CISSP, CISM, CISA, CIPP certification. Your skills include thorough understanding of Security Management and Governance principles, along being able to deliver cross-cultural etiquette, customer-centric and collaborative mindset. You must be able to successfully perform the following minimum Physical, Cognitive and Environmental job requirements with or without accommodation for this position. How we work together We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company s facilities. Field roles are most effectively done outside of the company s main facilities, generally at the customers or suppliers locations. This is an in-office role. About Philips We are a health technology company. We built our entire company around the belief that every human matters, and we wont stop until everybody, everywhere, has access to the quality of healthcare that we all deserve. Do the work of your life to help improve the lives of others. Learn more about our business . Discover our rich and exciting history. Learn more about our purpose. Learn more about our culture. Our commitment to inclusion and diversity At Philips, we provide equal opportunities to all our employees and to all eligible applicants for employment in our company, irrespective of age, color, disability, nationality, race, religion, gender, sexual orientation (LGBTQ +), and all aspects that make individuals unique. Encouraging diversity and fostering inclusion are key to our mission of improving the lives of 2.5 billion people a year by 2030 through meaningful innovation. We have fair, transparent, and clear employee policies which promote diversity and equality, in accordance with currently applicable law. For, we believe that life is better when #youareyou. Why should you join Philips? Working at Philips is more than a job. It s a calling to create a healthier society through meaningful work, focused on improving 2.5 billion lives a year by delivering innovative solutions across the health continuum. Our people experience a variety of unexpected moments when their lives and careers come together in meaningful ways. Learn more by watching this video. To find out more about what it s like working for Philips at a personal level, visit the Working at Philips page on our career website, where you can read stories from our employee blog. Once there,you can also learn about our recruitment process, or find answers to some of the frequently asked questions. If you re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here .

Roles and Responsibilities Assist the IT Audit manager in audit engagement planning activities for IT SOX Assessment. Lead a team of 2-3 IT auditors for executing tests of design and operating effectiveness. Monitor audit task assignments and drive completion. Lead conversations with stakeholders and auditees during process walkthroughs. Identify control gaps and accordingly provide recommendations in areas requiring improvement based on tests conducted. Conduct reviews of audit workpapers and provide constructive feedback to team members. Monitor status of audit documentation requests and perform timely escalations, as needed. Work closely with stakeholders to communicate audit status, follow-up requests and audit findings. Provide necessary support to external auditors. Qualifications: Bachelor's degree in Accounting, Computer Science, Information Systems or related field. 5+ years of strong experience in testing IT General Controls, preferably from Big4 account firms. Sound understanding of IT processes such as access management, change management, SDLC, Computer operations. Demonstrated technical knowledge of SAP security. Experience in auditing various infrastructure platforms such as Unix, Linux, Windows, SQL. Sound knowledge and understanding of audit methodologies and tools that support audit processes. Excellent verbal, written, and interpersonal communication skills. Demonstrated ability to prioritize work, meet deadlines, and effectively manage multiple priorities. Works well in a team environment, fostering inclusion and building effective relationships with both team members and stakeholders. Desire to stay current on new and changing technologies. Enthusiastic, self-motivated, willing to be challenged. CISA, CISSP, CIA, CPA, or other certifications technology driven certifications.

Job Description The Internal Audit team at Freshworks is looking for a passionate and self-driven professional to join their team. This position is an exciting and challenging opportunity for an audit professional who is eager to learn and understand end to end business processes and seeks to challenge themselves in complex situations. The Internal Audit team at Freshworks is an advisor to the Business - performing risk and control assessment, and providing recommendations in bringing efficiencies and enhancing processes, bringing overall value to the organization as it grows. This role will be integral in the successful execution of SOX, Internal audits and various other initiatives in support of Freshworks internal processes and controls. Core Responsibilities Partner with the business team to understand and document processes, identify risks or gaps. Stay up to date with changes in business and assess impact to controls framework. Execute on SOX testing as assigned, ensuring testing timelines are met and quality of testing is as per training provided. Coordinate with external auditors for walkthroughs, testing and answering queries. Perform other operational audits as assigned. Assist in providing regular updates to executive management on testing status. Manage and prioritize tasks assigned to meet audit deadlines. Demonstrate leadership by asking insightful questions, provide solutions-oriented perspective, and communicating effectively. Build and maintain effective and collaborative relationships with internal stakeholders and colleagues within the team. Qualifications Bachelor s degree in accounting or higher in a relevant field (Accounting, Finance, Business, Audit) Must be qualified or pursuing CA, CPA, CMA, CIA, CISA, or similar. Minimum 2+ years o

The Security Operation Specialist has the end-to-end responsibility for the physical and logical security of the Network/Services, OSS/SQM, and Infrastructure in accordance with the security policy technically manage and operate components of security services provided to end users of Nokia customers, within service levels agreed with those customers. You have: 10+ years of extensive relevant experience and a graduate / postgraduate equivalent degree. Exposure to telecom technologies Security analytics and working knowledge of SOC technologies like SIEM, SOAR, etc. Scripting capabilities Industry certifications like CISSP/CEH/CISM/CISA It would be nice if you also had: Understanding of hacking techniques Understanding of 3GPP security requirements, ITU-T x.805, ISO27001, NIST, Mitre attack framework Build and maintain a library of threat hunting or analytics use cases for non-signature-based threat detection Build and maintain a library of pre-developed connectors to integrate leading SIEMs with diverse network elements Build and maintain a customizable library of remediation workflows or cyber playbooks Use cases should cover the entire kill chain, starting from reconnaissance, weaponization, delivery, exploitation, installation, C2, exfiltration, remediation, etc. Provide SME support to the delivery organization Testing and PoC of use cases in a lab environment Support in building use case demos. Work with different product lines to validate and test the feasibility of security use cases Build risk-driven cyber attack scenarios by clearly identifying threats, vulnerabilities, business impact, likelihood, approach, use case, scenarios, rules, remediation workflows, or a cyber playbook.

Team Manager SOX ITGC 5+ Years – [Bangalore] Are you a certified IT audit professional with extensive experience in SOX ITGC and team management? Location: Bangalore Your Future Employer Join a global organization committed to strong internal controls, compliance excellence, and a collaborative work environment. Responsibilities: Lead planning, fieldwork, and reporting phases for assigned SOX ITGC audit engagements. Design and execute detailed testing for IT General Controls and Automated Controls. Validate Test of Design (ToD) and Test of Effectiveness (ToE) for key control areas including Logical Access, Change Management, Backup & Restoration, and Incident Management. Manage and mentor a team, taking full responsibility for performance reviews, appraisals, and goal setting. Ensure audit documentation meets professional standards and internal quality benchmarks. Collaborate with stakeholders and effectively communicate findings and recommendations. Participate in internal initiatives and support continuous process improvements. Maintain updated knowledge on IT auditing best practices, COSO, and SOX regulations. Requirements: CISA certification is a must. Bachelor’s or advanced degree in Information Technology or a related field. Minimum 5 years of experience in SOX ITGC audits. At least 2 years of hands-on team management experience, including appraisal and performance management. Strong knowledge of IT General and Automated Controls. Proficiency in validating ToD/ToE documentation. Excellent interpersonal and stakeholder communication skills. Strong analytical thinking and attention to detail. Proficient in Microsoft Office Suite. Ability to manage multiple priorities in a fast-paced environment. What’s in it for you: Competitive salary and perks. Hybrid working model (1 week/quarter from office). Opportunity to lead high-impact IT compliance audits. Work in a growth-driven and evolving audit environment. Reach us: If you feel this opportunity is well aligned with your career progression plans, please feel free to reach me with your updated profile at sonaly.sharma@crescendogroup.in Crescendo Global specializes in Senior to C-level niche recruitment. We are passionate about empowering job seekers and employers with an engaging, memorable job search and leadership hiring experience. Crescendo Global does not discriminate on the basis of race, religion, color, origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Note: We receive a lot of applications on a daily basis so it becomes a bit difficult for us to get back to each candidate. Please assume that your profile has not been shortlisted in case you don't hear back from us in 1 week. Your patience is highly appreciated. Keywords: SOX ITGC, CISA, IT General Controls, Audit Manager, Team Management, Risk Assessment, Change Management, Logical Access, IT Audit

Work experience longevity history must include at least a 2-year period with same firm or company. 1-year minimum actual audit practitioner experience with in areas such as the following: USA - SOC2, SOC1, SOX section 404 USA - Fed Ramp, State Ramp ISO NIST USA HITRUST IT General Controls and Application Plus 1-4+ years working with a company supporting audits or compliance work. Certifications completed or in progress for any of the following CISA, CPA, CIA, CFE, PMP, Indian CA. Education area of studies from areas such as: Accounting, Computer Science, Business Administration, or equivalents. Ability to articulate and conduct professional meetings with audit firm resources in the areas of planning, audit criteria, control requirements, rules of evidence and audit report delivery. Ability to work 40 hours a week aligned with USA end of day workday hours 1pm during Daylight Savings Time (November, December, January, February, March) and 2 pm USA Standard Time (March, April, May, June, July, August, September, October). Motivation and drive for continuous learning, understanding company required knowledge and training growth requirements. Seeks opportunities and commitment to develop leadership experience and knowledge over 2+ years with renewing 6-month contracts and/or potential conversion to employee hire. Strong listening skills followed by timely measurable productivity outcome reporting.

Design and implement controls and mitigation plans, and lead aspects of their implementation Facilitate reporting on findings, mitigation plans, and controls performance Work with senior management to create their compliance strategy and improve their controls portfolio Identify areas of improvement in facilitating audits with customers to refine the process and respond to customer inquiries promptly Formalise and lead improvements of GRC function operations - processes, metrics, reporting, and analytics Provide regular status updates ensuring everyone is aware of progress and road-blockers Work with product and functional teams to understand and respond to their compliance and assurance needs and concerns Manage compliance related programs including the performance of gap assessments for new compliance frameworks Promote effective teamwork, collaboration, and commitment across the Product Compliance team and the broader organisation Seek opportunities to improve processes and collaboration to increase team output and team health Perform regular risk assessments for your business function Prepare annual audit plans, develop audit direction, and align with stakeholders on audit timetables Develop timeline for internal readiness assessment activities and obtain alignment from all stakeholders Maintain comprehensive documentation of controls, testing procedures, and evidence to support compliance efforts Work closely with internal stakeholders, including product and functional teams, to address architectural, infrastructure, or new services that impact compliance Identify opportunities for process improvements and implement best practices to enhance the efficiency and effectiveness of the readiness testing process Develop controls and mitigation plans, and lead aspects of their implementation Work with senior management to improve their controls portfolio Provide regular status updates ensuring everyone is aware of progress and road-blockers Promote effective teamwork, collaboration, and commitment across the Product Compliance team and the broader organisation Seek opportunities to improve processes and collaboration to increase team output and team health Qualifications Your background Minimum 8+ years of management experience in IT audit, compliance, or a related field Experience with SOC 2, ISO 27001/27018, HIPAA, PCI, C5 and GDPR frameworks and requirements Familiarity with compliance frameworks and standards such as NIST 800-53 Experience with the software development business for cloud service providers Experience with Technology Risk Management, Compliance and Information Security Experience with control and risk frameworks, performing compliance and risk assessments, creating controls and overseeing mitigation projects Experience with translating compliance requirements to engineering and product teams Experience with determining scope, timeline creation, complex project tracking, risk management, and process improvement Familiarity with Jira and Confluence Relevant certifications such as CISM, CISA, CISSP, or ISO 27001 Lead Auditor are highly desirable

Job Description The Cybersecurity Risk Compliance function is responsible for evaluating security and compliance risks within the organization. They set up security benchmarks, verify adherence to these standards across all internal sectors, and promote a culture of information security throughout the company. As a Lead in our Cybersecurity Risk and Compliance team, youll play a pivotal role in fortifying our security measures, leveraging your expertise in various technologies and frameworks. This position demands a proactive approach to risk management, security, automation, and strategic collaboration with diverse stakeholders to elevate our security standards. Role Expectation Drive the day-to-day activities about policy governance, control governance, risk, and compliance initiatives. Enumerate cyber security and compliance risks and ensure they are managed appropriately across the products and business functions; Ensure the Product/ Functional team takes prudent risk ownership through active partnership and collaboration. Design and oversee the enforcement of policies and procedures based on industry-standard best practices. Provide contextual guidance to various internal teams in terms of processes and controls to improve the information security and compliance posture. Certify the readiness of the identified security frameworks and certifications by identifying operationalizing the control requirements. Responsible for reviewing and reporting the operating effectiveness of the controls and risk/loss exposure. Drive continuous monitoring initiatives for the developed controls and develop reporting metrics, dashboards, and evidence artifacts periodically to be presented to the Leadership. Drive security awareness program throughout the year to effectively motivate desired behaviors conduct regular training on security policy and standard requirements through training, communication, and workshops. Be a role model for the team and provide a healthy platform for the team to learn and grow. Stay abreast of the developing regulatory concerns and changing information security trends Qualifications 8-10 years of experience in the Risk & Compliance space, viz. Risk enumeration, defining security standards, and managing information security processes. Work experience or conceptual understanding of the AWS cloud platform to define controls for the cloud environment and suggest best practices. Working experience or conceptual understanding of the FAIR methodology risk assessments or Quantified risk assessments. Have a deep understanding of security control frameworks such as ISO27001, PCI DSS, HIPAA, SOC 1/2, NIST Cyber Security Framework, NIST800-171, and the Cloud Compliance Framework. Security certifications like CISA, CISSP, CRISC, and cloud security certifications will be highly desired. Ability to gather, analyze, and evaluate facts and to prepare and present concise, detailed, and clear oral and written reports. Ability to build relationships, influence others, instill accountability, and achieve results. Ability to thrive in a dynamic, fast-paced environment taking up multiple responsibilities. Excellent problem-solving, interpersonal, and communication skills. Be a team player and a go-getter and thrive for success.

Overview Job Title : Lead and Audit Compliance Specialist Location : Bangalore Aptean is changing. Our bespoke ERP solutions are transforming a huge range of global businesses, from food producers to manufacturers. In a world of generic enterprise software, we provide targeted solutions that bring together the very best technology and drive greater results. With over 3000 employees, 50 different products and a global client base, there s no better time to advance your career at Aptean. APTEAN JOB LEVEL: D APTEAN JOB TITLE:Lead Audit and Compliance Specialist 2. GENERAL JOB SUMMARY About the Role: We are seeking a highly motivated and experienced Audit and Compliance Specialist to join our growing team in Bangalore, India. Identified SME will play a key role in maintaining our compliance posture with industry standards like SOC 2 and ISO 27001, focusing on cloud infrastructure from a Governance, Risk, and Compliance (GRC) perspective. 5. PRINCIPAL DUTIES AND RESPONSIBILITIES Conduct internal audits of security controls and processes related to SOC 2 and ISO 27001 compliance. Assist with the development, implementation, and maintenance of security policies and procedures. Analyze and evaluate the effectiveness of existing security controls and identify areas for improvement. Participate in the design and execution of penetration testing and vulnerability assessments. Work collaboratively with various teams (Security, IT Operations, Cloud Engineering) to remediate identified security risks and control gaps. Maintain and update GRC documentation related to security controls and compliance requirements. Stay up-to-date on industry best practices and regulatory changes related to cloud security and compliance. Assist with the preparation and execution of SOC 2 and ISO 27001 audits. Support the development and implementation of a cloud security GRC program. 6. JOB SPECIFICATIONS Education (Indicate the minimum level of education necessary for this position. Check all that apply and indicate specific degree as applicable to the side (e.g., Bachelor s in Computer Science) Required Preferred Degree/Certification Bachelor s degree Master s degree Ph.D. J.D. (law) Certification: Registration: Licensure: Other: Work Experience 4-6 years of experience in a similar role within a security-conscious organization. Knowledge, Skills and Abilities Experience conducting internal audits of security controls and processes. Strong understanding of SOC 2 and ISO 27001 compliance requirements. Working knowledge of cloud security concepts and best practices (e.g., AWS Security, Azure Security, GCP Security). Proficiency in GRC frameworks and methodologies (e.g., COBIT, COSO). Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to collaborate effectively across different teams. Ability to prioritize tasks, manage multiple deadlines, and work independently. Experience with GRC tools (e.g., MetricStream, RSA Archer) is a plus. Strong understanding of internal security audit and policy review processes. CISA, CRISC, or other relevant security certifications are a plus. Shift details: UK Shift Required to work in shift:Yes If Yes Shift Timing- UK DISCLAIMER The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. If you share our mindset, you can share in our success. To find out more about joining Aptean, get in touch today. Learn from our differences. Celebrate our diversity. Grow and succeed together. Aptean pledges to promote a company culture where diversity, equity and inclusion are central. We are committed to applying this principle as we interact with our customers, build our teams, cultivate our leaders and shape a company in which any employee can succeed, regardless of race, color, sex, national origin, sexuality and gender identity, religion, disability or age. Celebrating our diverse experiences, opinions and beliefs allows us to embrace what makes us unique and to use this as an asset in bringing innovative solutions to our customer base. At Aptean, our global and diverse employee base is our greatest asset. It is through embracing and understanding our differences that we are able to harness our individual power to maximize the success of our customers, our employees and our company. - TVN Reddy

Job Title Sr. Information Security Manager Job Description Job title: Sr. Information Security Manager Your role: As a Senior Information Security Manager, you will be responsible for developing, implementing and monitoring a strategic, comprehensive IT security program while ensuring compliance with regulatory requirements, and mitigating risks to the organizations information assets. Information Security Manager will provide the vision and leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective governance, system and infrastructure availability, integrity and confidentiality. Youre the right fit if: Bachelor s or Master s degree in Information Technology and or commensurate experience in delivering security solutions. Overall Enterprise IT Security experience of 15+ yrs or more. Security Certifications such as CISSP, CISM, CISA, CIPP etc. are preferred. Should have a senior level in the domain of Security & operations management Absolutely trustworthy with high standards of personal integrity (demonstrated by an unblemished career history, lack of criminal convictions etc.), willing to undergo vetting and/or personality assessments to verify this if necessary Typically a background in technical security roles or operations, with a clear and abiding interest in security How we work together We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company s facilities. Field roles are most effectively done outside of the company s main facilities, generally at the customers or suppliers locations. This role is an office role. If you re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here .

Working at Atlassian Atlassians can choose where they work - whether in an office, from home, or a combination of the two. That way, Atlassians have more control over supporting their family, personal goals, and other priorities. We can hire people in any country where we have a legal entity. Interviews and onboarding are conducted virtually, a part of being a distributed-first company. ","responsibilities":" This position will report to the Head of Compliance Risk for the India team and join our growing team within Governance, Risk and Compliance. The team is responsible for compliance, enterprise risk management and business resilience. The Product Compliance team coordinates and guides efforts related to Atlassian cloud compliance (SOC 2, ISO 27001/27018, HIPAA, PCI and C5) and sits within the Trust organisation. You will collaborate with technical leads and subject matter experts to analyse processes, business models, and controls to discover and translate risks, and provide mitigating recommendations to the leadership team. You will drive continuous process improvement, and collaborate with business and technology teams, both internally and externally to implement new solutions. What youll do Design and implement controls and mitigation plans, and lead aspects of their implementation Facilitate reporting on findings, mitigation plans, and controls performance Work with senior management to create their compliance strategy and improve their controls portfolio Identify areas of improvement in facilitating audits with customers to refine the process and respond to customer inquiries promptly Formalise and lead improvements of GRC function operations - processes, metrics, reporting, and analytics Provide regular status updates ensuring everyone is aware of progress and road-blockers Work with product and functional teams to understand and respond to their compliance and assurance needs and concerns Manage compliance related programs including the performance of gap assessments for new compliance frameworks Promote effective teamwork, collaboration, and commitment across the Product Compliance team and the broader organisation Seek opportunities to improve processes and collaboration to increase team output and team health Perform regular risk assessments for your business function Prepare annual audit plans, develop audit direction, and align with stakeholders on audit timetables Develop timeline for internal readiness assessment activities and obtain alignment from all stakeholders Maintain comprehensive documentation of controls, testing procedures, and evidence to support compliance efforts Work closely with internal stakeholders, including product and functional teams, to address architectural, infrastructure, or new services that impact compliance Identify opportunities for process improvements and implement best practices to enhance the efficiency and effectiveness of the readiness testing process Develop controls and mitigation plans, and lead aspects of their implementation Work with senior management to improve their controls portfolio Provide regular status updates ensuring everyone is aware of progress and road-blockers Promote effective teamwork, collaboration, and commitment across the Product Compliance team and the broader organisation Seek opportunities to improve processes and collaboration to increase team output and team health ","qualifications":" Your background Minimum 8+ years of management experience in IT audit, compliance, or a related field Experience with SOC 2, ISO 27001/27018, HIPAA, PCI, C5 and GDPR frameworks and requirements Familiarity with compliance frameworks and standards such as NIST 800-53 Experience with the software development business for cloud service providers Experience with Technology Risk Management, Compliance and Information Security Experience with control and risk frameworks, performing compliance and risk assessments, creating controls and overseeing mitigation projects Experience with translating compliance requirements to engineering and product teams Experience with determining scope, timeline creation, complex project tracking, risk management, and process improvement Familiarity with Jira and Confluence Relevant certifications such as CISM, CISA, CISSP, or ISO 27001 Lead Auditor are highly desirable Benefits & Perks Atlassian offers a wide range of perks and benefits designed to support you, your family and to help you engage with your local community. Our offerings include health and wellbeing resources, paid volunteer days, and so much more. To learn more, visit

Role: Engineer II, Cybersecurity Governance Standard Title: Engineer II, Security Engineering Location: Bangalore, India Founded in 2014, Circles is a global technology company reimagining the telco industry with its innovative SaaS platform, empowering telco operators worldwide to effortlessly launch innovative digital brands or refresh existing ones, accelerating their transformation into techcos. Today, Circles partners with leading telco operators across multiple countries and continents, including KDDI Corporation, Etisalat Group (e&), AT&T, and Telkomsel, creating blueprints for future telco and digital experiences enjoyed by millions of consumers globally. Besides its SaaS business, Circles operates three other distinct businesses: Circles.Life : A wholly-owned digital lifestyle telco brand based in Singapore, Circles.Life is powered by Circles SaaS platform and pioneering go-to-market strategies. It is the digital market leader in Singapore and has won numerous awards for marketing, customer service, and innovative product offerings beyond connectivity. Circles Aspire : A global provider of Communications Platform-as-a-Service (CPaaS) solutions. Its cloud-based Experience Cloud platform enables enterprises, service providers and developers to deliver and scale mobile, messaging, IoT, and connectivity services worldwide. Jetpac : Specializing in travel tech solutions, Jetpac provides seamless eSIM roaming for over 200 destinations and innovative travel lifestyle products, redefining connectivity for digital travelers. Jetpac was awarded Travel eSIM of the Year. Circles is backed by renowned global investors, including Peak XV Partners (formerly Sequoia), Warburg Pincus, Founders Fund, and EDBI (the investment arm of the Singapore Economic Development Board), with a track record of backing industry challengers. Mission Our mission in Circles is to become a world-class cybersecurity function by cultivating security as job zero across the organisation. This means security is enforced as an integral component across every facet of our business globally, whereby: Security is second nature; Security is in the DNA of everything we do; and Cultivating and maintaining a Security conscious culture The Role As a team member of Cyber Governance & Assurance vertical within Information & Cybersecurity Function, primarily responsible to ensure that Circles & its global offices are always maintaining robust, sustainable and adequate governance practices and compliance as follows. Develop, mature and operationalize cybersecurity framework, policies, procedures, guidelines and baseline standards within the Group. Ensure cybersecurity best practices are embedded within new initiatives, ongoing change management and evaluate the security impact of the initiatives. Ensure organizational crown jewels are adequately protected in accordance with regulatory and data protection regulations such as ISO27701, PCI-DSS, Market specific Data Protection regulations including PDPA, GDPR. Develop data privacy and protection framework, enhance existing policies and work programs to align with expectation of relevant data privacy laws. Identify, risk assess and prioritize various information, data assets across the Enterprise. Support the day-to-day functioning of the Data Privacy Office by: o Serving as a point of contact within group on issues related to data privacy; o Performing privacy impact assessments, maintain records of processing activities; Serving as subject matter expert to stakeholders on privacy matters o Participate in investigation of data privacy incidents; Drive internal Risk Assessment including 3rd Party Due Diligence (3PDD) reviews, cybersecurity assurance activities, as well as audit readiness reviews and drive timely resolution of potential gaps. Provide advisory services on information, privacy and cybersecurity matters for internal stakeholders as laid out in subsequent sections. Drive cybersecurity and privacy awareness within the Group, formulating learning curriculum, rolling out training modules ensuring completion remains above agreed metrics. Devise focused training across staff who are involved in data handling and processing. Promote a culture of Security, data privacy and compliance across group Proactively support in organizational roadmap towards maintaining relevant credentials including ISO27001 compliance, DPTM, APEC CBPR and establishing SOC2 compliance report. You Hold a Degree in Information Technology, Cyber Security or comparable qualification. To have 2+ years of professional experience in Audit, Assurance, Governance, Management Consulting or ability to port skills across these functional responsibilities. Assist in cybersecurity, data governance and assurance initiatives in relation to SaaS based Telco platform delivering B2B and B2C products. Excellent written and oral communication skills, confident in having meaningful conversation with stakeholders at multiple levels within the Group. Prior experience, knowledge in the following is a certain plus: o Big 4, Tier 2 Consulting Firms, Telco industry. o Cloud Infrastructure and Security, DevSecOps, Microservices architecture, Container security. o Industry Standards such as ISO 27001, ISO 27701, NIST, COBIT, PCI-DSS, MTCS. o Global, Regional data privacy regulations such as GDPR, PDPA, PDPO. Cherish continuous learning and demonstrate it with one or more professional certifications such as CRISC, CISA, CGEIT, CDPSE, CDPSE, CSX-P, CISSP, Diploma in Data Protection or equivalent. Key Stakeholders Verticals within Information & Cybersecurity Engineering Growth and Marketing Customer Happiness Operations Government Affairs and Public Policy Finance and Legal People & Culture To all recruitment agencies: Circles will only acknowledge resumes shared by recruitment agencies if selected in our preferred supplier partnership program. Please do not forward resumes to our jobs alias, Circles employees or any other company location. Circles will not be held accountable for any fees related to unsolicited resumes not uploaded via our ATS. Circles is committed to a diverse and inclusive workplace. We are an equal opportunity employer and do not discriminate on the basis of race, national origin, gender, disability or age.

Business Unit Overview Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Audit & Control Monitoring mitigates audit, regulatory, and regional issues to maintain a proper channel between local regulators and the firm. We are a team of program and project managers that align the firm with government entities through audit oversight, controls tracking and documentation, and data risk reporting and reviews. Role In this role, you will support Technology Risk Advisory in delivering best in class advisory support and technology solutions across the Information Security risk domains, including scalable uplifts of common core security solutions for use across Goldman Sachs and conducting cyber risk assessments. The ideal candidate should have a good understanding of regulations that govern this space, be well versed in risk assessments and a demonstrated ability in helping counterparts manage risk RESPONSIBILITIES AND QUALIFICATIONS Job Responsibilities: Support the Technology Risk Advisory function by helping to shape the Vendor Technology Risk strategy, leading a team that assesses risk and working with Business Units to manage risk portfolios. As the Vendor Risk Program Associate, you will be part of or oversee a team that is responsible for assessing and managing the portfolio vendor Information Security Risk across the firm. Your team will be responsible for all Vendor Technology Risk related initiatives and assessments, including; core assessments of a vendor s logical security controls, Cloud assessments, Mobile assessments and Application assessments. Basic Qualifications: Be well versed in risk assessments and a demonstrated ability in helping counterparts manage risk Have in the past worked with Legal to develop and on an ongoing basis, review Information Security contractual requirements Understanding of well recognized risk management frameworks and a proven track record of implementation Working knowledge of the regulatory landscape and its applicability to the vendor ecosystem Good understanding of Information Security controls, along with preferred and alternative implementations Working knowledge of Cloud computing and understanding of how to assess Cloud related risks Working knowledge of the overall Procurement process and a clear understanding of Technology Risk s role in that process At least 3 4 years of relevant work experience Preferred qualifications: Proficient verbal and written communication skills Bachelor of Science in Computer Science, System/Computer Engineering, Cyber-Security, Information Security, Information Technology or Risk Management is preferred Prior experience conducting IT/cyber security audits One or more of the following Certificates; CISA, CRISC, CISM, CISSP

Role: Engineer II, Cybersecurity Governance Standard Title: Engineer II, Security Engineering Location: Bangalore, India About Us Founded in 2014, Circles is a global technology company reimagining the telco industry with its innovative SaaS platform, empowering telco operators worldwide to effortlessly launch innovative digital brands or refresh existing ones, accelerating their transformation into techcos. Today, Circles partners with leading telco operators across multiple countries and continents, including KDDI Corporation, Etisalat Group (e&), AT&T, and Telkomsel, creating blueprints for future telco and digital experiences enjoyed by millions of consumers globally. Besides its SaaS business, Circles operates three other distinct businesses: Circles.Life : A wholly-owned digital lifestyle telco brand based in Singapore, Circles.Life is powered by Circles SaaS platform and pioneering go-to-market strategies. It is the digital market leader in Singapore and has won numerous awards for marketing, customer service, and innovative product offerings beyond connectivity. Circles Aspire : A global provider of Communications Platform-as-a-Service (CPaaS) solutions. Its cloud-based Experience Cloud platform enables enterprises, service providers and developers to deliver and scale mobile, messaging, IoT, and connectivity services worldwide. Jetpac : Specializing in travel tech solutions, Jetpac provides seamless eSIM roaming for over 200 destinations and innovative travel lifestyle products, redefining connectivity for digital travelers. Jetpac was awarded Travel eSIM of the Year. Circles is backed by renowned global investors, including Peak XV Partners (formerly Sequoia), Warburg Pincus, Founders Fund, and EDBI (the investment arm of the Singapore Economic Development Board), with a track record of backing industry challengers. Mission Our mission in Circles is to become a world-class cybersecurity function by cultivating security as job zero across the organisation. This means security is enforced as an integral component across every facet of our business globally, whereby: Security is second nature; Security is in the DNA of everything we do; and Cultivating and maintaining a Security conscious culture The Role As a team member of Cyber Governance & Assurance vertical within Information & Cybersecurity Function, primarily responsible to ensure that Circles & its global offices are always maintaining robust, sustainable and adequate governance practices and compliance as follows. Develop, mature and operationalize cybersecurity framework, policies, procedures, guidelines and baseline standards within the Group. Ensure cybersecurity best practices are embedded within new initiatives, ongoing change management and evaluate the security impact of the initiatives. Ensure organizational crown jewels are adequately protected in accordance with regulatory and data protection regulations such as ISO27701, PCI-DSS, Market specific Data Protection regulations including PDPA, GDPR. Develop data privacy and protection framework, enhance existing policies and work programs to align with expectation of relevant data privacy laws. Identify, risk assess and prioritize various information, data assets across the Enterprise. Support the day-to-day functioning of the Data Privacy Office by: o Serving as a point of contact within group on issues related to data privacy; o Performing privacy impact assessments, maintain records of processing activities; Serving as subject matter expert to stakeholders on privacy matters o Participate in investigation of data privacy incidents; Drive internal Risk Assessment including 3rd Party Due Diligence (3PDD) reviews, cybersecurity assurance activities, as well as audit readiness reviews and drive timely resolution of potential gaps. Provide advisory services on information, privacy and cybersecurity matters for internal stakeholders as laid out in subsequent sections. Drive cybersecurity and privacy awareness within the Group, formulating learning curriculum, rolling out training modules ensuring completion remains above agreed metrics. Devise focused training across staff who are involved in data handling and processing. Promote a culture of Security, data privacy and compliance across group Proactively support in organizational roadmap towards maintaining relevant credentials including ISO27001 compliance, DPTM, APEC CBPR and establishing SOC2 compliance report. You Hold a Degree in Information Technology, Cyber Security or comparable qualification. To have 2+ years of professional experience in Audit, Assurance, Governance, Management Consulting or ability to port skills across these functional responsibilities. Assist in cybersecurity, data governance and assurance initiatives in relation to SaaS based Telco platform delivering B2B and B2C products. Excellent written and oral communication skills, confident in having meaningful conversation with stakeholders at multiple levels within the Group. Prior experience, knowledge in the following is a certain plus: o Big 4, Tier 2 Consulting Firms, Telco industry. o Cloud Infrastructure and Security, DevSecOps, Microservices architecture, Container security. o Industry Standards such as ISO 27001, ISO 27701, NIST, COBIT, PCI-DSS, MTCS. o Global, Regional data privacy regulations such as GDPR, PDPA, PDPO. Cherish continuous learning and demonstrate it with one or more professional certifications such as CRISC, CISA, CGEIT, CDPSE, CDPSE, CSX-P, CISSP, Diploma in Data Protection or equivalent. Key Stakeholders Verticals within Information & Cybersecurity Engineering Growth and Marketing Customer Happiness Operations Government Affairs and Public Policy Finance and Legal People & Culture To all recruitment agencies: Circles will only acknowledge resumes shared by recruitment agencies if selected in our preferred supplier partnership program. Please do not forward resumes to our jobs alias, Circles employees or any other company location. Circles will not be held accountable for any fees related to unsolicited resumes not uploaded via our ATS. Circles is committed to a diverse and inclusive workplace. We are an equal opportunity employer and do not discriminate on the basis of race, national origin, gender, disability or age.

Key Responsibilities: This role serves as the primary IT contact for internal and external audits, ensuring compliance with policies and procedures including... Roles and Responsibilities Be the main point of contact for IT and assist on all internal and external audit teams where IT inquiry is required. Monitor activities of assigned IT areas to ensure compliance with internal policies and procedures including monthly, quarterly, and annual account and activity reviews. Assist in supporting current and future compliance related responsibilities (SOX, SOC2, ISO, SEC, etc.) Gather evidence required for internal and external audits. Develop IT General Control procedures and policies. Provide guidance in implementing ITGC controls. Reviews analyze and interpret controls for design and operational effectiveness to determine adherence to regulatory, contractual, and corporate policies and standards. Ability to manage Sarbanes-Oxley IT General Control testing and certification requests from Internal and External Auditors. Identifies, quantifies, tracks, and leads mitigation of risks and control exceptions and communicates results to department leadership. Supports and interprets information provided by Internal/External Audit for relevant compliance concerns. Make broad recommendations on improving compliance related processes and/or procedures as it pertains to the IT department. Partner with management, business teams, and/or data team to implement solutions. Requirements BA/BS in a business related field and/or equivalent years of education and experience working in a related field. 3-5 years experience in Information Technology or Information Security experience. Big 4 auditing experience is a plus. Identity Access Management tool/RBAC experience a plus. Experience testing controls and the documentation of those tests as it relates to frameworks such as COSO, COBIT, NIST Cyber Security Framework, and/or ISO 27001. Familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR etcCOSO, COBIT, NIST Cyber Security Framework, and/or ISO 27001.) and experience working directly with internal or external auditors for at least one of the listed standards. (previous external audit experience a plus). Excellent interpersonal, verbal, and written communication skills with the ability to communicate compliance related concepts to a broad range of technical and non-technical staff. Successful experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues, and clients. Demonstrated success working with internal audit, external auditors, outside consultants, and legal affairs. Certified Information Systems Auditor (CISA) and/or Certified Information Systems Security Professional (CISSP) preferred.

We are looking for Role: Consultant (Hitrust) Experience: 2-6 yrs Company Location: Bavdhan, Pune Work Mode: Remote RESPONSIBILITIES Lead the client audits/assessments and Interface with clients to review and analyze complex systems (Applications, Operating systems, Databases, and Networking devices), or Cloud technologies (AWS, Azure, GCP) to identify security gaps and missing security controls within the client environments as per the requirements defined in the security standards and regulations. Work with client to understand their business processes, analyze sensitive data flows (business and application data flows), network architecture, and define the proper audit/assessment scope. Perform reviews for client organizations information security policies and procedures against various industry standards and regulations, including HITRUST, HIPAA, and ISO 27001 Work on drafting information security policies and procedure documentation for clients as part of the consulting engagement Perform detailed risk assessment for the client environment, including their business processes and infrastructure, using risk management frameworks (ISO, NIST) Wherever possible, provide the audit/assessment scope reduction guidance to the client. Work independently with the client to perform audit interviews, collect, consolidate, and analyze evidence for the compliance assessment, and meet the internal quality assurance requirements throughout the assessment. Provide consulting guidance and recommendations to clients to help them meet the compliance requirements and improve their security posture in accordance with applicable security controls. Establish and maintain positive collaborative relationships with clients and stakeholders. Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations. Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue. Collaborates with project managers, internal quality assurance group, sales, and other delivery team members to drive customer satisfaction and meet project deliverables. Work on continuous professional development in maintaining industry-specific certifications and strong depth of knowledge in the practice area. Travel to client sites as needed. DESIRED SKILLS Bachelors degree. A specialization in information assurance is preferred. At least 2-6 years of information security assessment experience, including for HITRUST, HIPAA, and ISO 27001 Ability to analyse network architectures and review the network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) and Servers/ Virtualization Devices configurations. Good understanding and audit experience for cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform) In-depth knowledge in IT Security Policies and Procedures that govern clients Information Security and Privacy programs. In-depth knowledge and experience in IT Security, including access controls, network security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption, and key management best practices etc. In-depth knowledge and experience with the HITRUST framework, HIPAA law, and Risk Management Standards (NIST/ISO) At least one certification from each group is preferred: Group 1- CISSP, CISA, CISM Group 2- ISO27001 Lead Implementer, ISO27001 Lead Auditor Good knowledge of common office tools Strong written and verbal communication skills Demonstrated ability to structure and lead projects successfully. Good project management and time management skills Strong technical research skills -- Muugddha Vanjarii 7822804824 mugdha.vanjari@sunbrilotechnologies.com

Job Description : Job Title: Enterprise Architect - Identity Management About us : With over 200 brands sold in nearly 180 countries, we re the world s leading premium drinks company. Bring your passion and use your curiosity as you explore, collaborate, and innovate to build brands consumers love. Together with passionate people from all over the world, you ll test new ideas, learn and grow, and unlock a brighter, more exciting future. Join us to create a career worth celebrating. About the Function: Our Digital and Technology (D&T) team are innovators, delivering ground-breaking solutions that will help shape the future of our iconic brands. Technology touches every part of our business, from the sourcing of sustainable ingredients to marketing and development of our online platforms. We utilise data insights to build competitive advantage, supporting our people to deliver value faster. Our D&T team includes some of the most talented digital professionals in the industry. Every day, we come together to push boundaries and innovate, shaping the digital solutions of tomorrow. Whatever your passion, we ll help you become the best you can be, creating career-defining work and delivering breakthrough thinking. About the team: (TE) About the role: (TE) Role Responsibilities: Role Title: Enterprise Architect - Identity Organizational Context With over 200 brands sold in more than 180 countries, we re the world s leading premium drinks company. Every day, over 27,000 talented people come together at Diageo to create the magic behind our much-loved brands. From iconic names to innovative newcomers - the brands we re building are rooted in culture and local communities. Our ambition is to be one of the best performing, most trusted and most respected consumer products companies in the world. Diageo s global Enterprise Architecture team imagines and architects Diageo s future with breakthrough technology, distinguishing Diageo as the industry leader which others strive to follow. We are a trusted and strategic partner to our business and colleagues across our global Digital & Technology function. We act as an internal consultancy, anticipating the future capabilities required for our business to achieve it s ambitious goals and create the vision for our integrated technology landscape across all of our functions: sales, marketing, manufacturing, human resources, etc. Role Description: Be the Identity & Security Visionary for Diageo Were seeking a passionate Enterprise Architect to join our Security & Network Enterprise Architecture team. Youll play a pivotal role in shaping the future of Identity Management across Diageo, including external partners, customers, and consumers. Additionally, youll leverage your expertise to contribute to the broader cybersecurity strategy. The role is split roughly 80/20 between Identity and Security domains, with the specific focus adapting to business needs. What Youll Do: Strategize the Future: Translate business goals into a robust architecture for IAM and cybersecurity. Champion Strategic Vision: Partner with stakeholders to define Diageos vision and capabilities in Identity and Access Management. Develop a 3-5 year roadmap to leverage technology for secure, streamlined access to critical assets, while prioritizing user experience. Architect of Change: Design target and interim architectures, assess current capabilities, and guide technology selection for future needs. Alignment is Key: Foster collaboration among stakeholders to ensure everything aligns with the overall architecture strategy. Governance Guru: Oversee IAM and cybersecurity changes, ensuring strategic alignment, value for money, and suitability for purpose. Roadmap Champion: Drive adoption of the architecture roadmap through close collaboration with internal teams. Investment Influencer: Influence portfolio investments for key technology solutions aligned with the roadmap. Vendor Whisperer: Build and maintain strong relationships with technology vendors and suppliers. Trusted Advisor: Provide technical expertise and guidance to senior leadership on strategic approaches and solutions. Knowledge Navigator: Stay current on business priorities, emerging technologies, and cyber threats. Proactively identify IAM and cybersecurity transformation opportunities. EA Champion: Contribute to the overall success of Enterprise Architecture within Diageo. Technical Expertise: Minimum 5 years of experience as an Enterprise Architect or a similar role. Experience and expertise in developing capability models, reference architecture and technology roadmap artefacts. In-depth knowledge of Identity & Access Management (IAM) principles and frameworks, Privileged Access Management, Identity Governance and B2B / B2C Identity & Access Management Experience with cybersecurity best practices and frameworks (e.g., NIST CSF). Understanding of risk management and security concepts Experience with enterprise architecture frameworks (e.g., TOGAF, Zachman) is a plus. Familiarity with relevant IAM and security solutions and technologies. Experience working in a large and complex enterprise environment is a plus. Security certifications (e.g., CISSP, CISA) are a plus. Business Acumen and Leadership: Bold and strategic thinker - able to develop stretching and ambitious future vision Fantastic communicator - able to articulate and sell the vision to senior stakeholders Demonstrated ability to deliver integrated Business-IT strategy, establishing a high level of trust among both business and technical stakeholders Building International and cross-functional relationships to drive engagement Experience working with executive sponsors and senior business leadership teams developing and delivering strategy and operating plans with demonstrated competency Experience documenting technical solutions clearly and concisely. Experience / skills required: (TE) Flexible Working Statement: Flexibility is key to our success. From part-time and compressed hours to different locations, our people work flexibly in ways to suit them. Talk to us about what flexibility means to you so that you re supported from day one. Rewards & Benefits Statement: (TE) Diversity statement: Our purpose is to celebrate life, every day, everywhere. And creating an inclusive culture, where everyone feels valued and that they can belong, is a crucial part of this. We embrace diversity in the broadest possible sense. This means that you ll be welcomed and celebrated for who you are just by being you. You ll be part of and help build and champion an inclusive culture that celebrates people of different gender, ethnicity, ability, age, sexual orientation, social class, educational backgrounds, experiences, mindsets, and more. Our ambition is to create the best performing, most trusted and respected consumer products companies in the world. Join us and help transform our business as we take our brands to the next level and build new ones as part of shaping the next generation of celebrations for consumers around the world. Feel inspired? Then this may be the opportunity for you. If you require a reasonable adjustment, please ensure that you capture this information when you submit your application. Worker Type : Regular Primary Location: Bangalore Karle Town SEZ Additional Locations : Budapest 2025-06-30

Job Summary: We are seeking a knowledgeable and detail-oriented PCI DSS Auditor to join our compliance and information security team. The auditor will be responsible for planning, executing, and managing audits to ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS) . The ideal candidate will have deep knowledge of PCI DSS requirements and a strong background in IT security, risk management, and regulatory compliance. Key Responsibilities: Plan, coordinate, and perform internal and external PCI DSS assessments. Conduct risk assessments and gap analyses against PCI DSS requirements. Work with stakeholders across departments to gather evidence and validate compliance. Identify areas of non-compliance and develop recommendations for remediation. Prepare formal audit reports and present findings to management. Liaise with Qualified Security Assessors (QSAs) and support formal PCI DSS validation efforts. Maintain documentation of security policies, procedures, and controls as they relate to PCI DSS. Monitor changes to PCI DSS and related regulations to ensure ongoing compliance. Provide training and guidance to internal teams on PCI DSS requirements and best practices. Assist in the remediation of audit findings and track progress until closure. Required Qualifications: Bachelor s degree in Information Security, Computer Science, Information Systems, or related field. Minimum of 3-5 years of experience in IT auditing, security assessment, or compliance. In-depth knowledge of PCI DSS v4.0 and prior experience conducting PCI audits. Familiarity with information security frameworks (e.g., NIST, ISO 27001). Strong understanding of network security, encryption, access control, and vulnerability management. Preferred Qualifications: Certification such as PCI ISA , PCI QSA , CISA , CISSP , or CISM . Experience working in regulated industries (e.g., finance, healthcare, e-commerce). Experience with audit tools, GRC platforms, or compliance tracking systems. Excellent verbal and written communication skills.

TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance and employee benefits, including health insurance, retirement plans and workers compensation insurance. TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If you re passionate about innovation and making an impact on the large SMB market, come join us as we power our clients business success with extraordinary HR. JOB SUMMARY The Staff Vulnerability Management Analyst is a key member of the Global Security Cyber Defense team responsible for identifying, analyzing, and driving the remediation of vulnerabilities across enterprise systems, applications, and cloud environments. Based in Hyderabad, India, this role plays a critical part in protecting the organizations digital assets by ensuring vulnerabilities are promptly addressed and risk is effectively communicated to stakeholders. Essential Duties/Responsibilites Lead the execution of the enterprise Vulnerability Management Program, including the design, scheduling, and tuning of automated vulnerability scans across endpoints, servers, cloud assets, and container environments. Ensure the health and performance of scanning tools and infrastructure, including asset discovery, credentialed scanning, and optimization of scan coverage. Analyze scan data to identify true positive vulnerabilities, eliminate false positives, and work with asset owners to ensure timely and effective remediation. Conduct regular assessments of container images, infrastructure-as-code (IaC), and cloud-native platforms to identify misconfigurations and known vulnerabilities. Collaborate with cross-functional teams, including Cyber Defense, Security Architecture, Security Engineering, Application Security, Risk, Engineering, and Technology to coordinate remediation activities and provide technical guidance on mitigating identified risks. Support continuous improvement by tracking and reporting remediation SLAs, scan coverage metrics, and program KPIs, while partnering with system owners to ensure timely compliance with remediation timelines. Design and deliver actionable dashboards and executive-level reports to drive data-informed remediation decisions and communicate risk posture effectively. Stay current on emerging threats, vulnerability disclosures (CVEs), and industry benchmarks such as CIS, NIST, and OWASP. Act as a backup resource to the Cyber Defense team, assisting in threat hunting, incident response, and vulnerability-related investigations. Performs other duties as assigned Complies with all policies and standards QUALIFICATIONS Education Bachelors Degree Work Experience Typically 5+ years experience in vulnerability management or a related cybersecurity domain. Licenses and Certifications CISSP - Certified Information Systems Security Professional CISM - Certified Information Security Manager GIAC Certified Incident Handler (GCIH) CEH: Certified Ethical Hacker CISA - Certified Information Systems Auditor Knowledge, Skills and Abilities: Hands-on experience with vulnerability scanning platforms such as Microsoft Defender Vulnerability Management, Tenable, Qualys, Rapid7, or similar. Experience working in ServiceNow Vulnerability Management suite is preferred. Experience with security orchestration and automation tools (e.g., Microsoft Sentinel, Logic Apps, ServiceNow SecOps, Splunk SOAR) is a plus, particularly within Microsoft Defender environments. Solid understanding of common operating systems (Linux, Windows), networking, cloud platforms (AWS, Azure, GCP, Oracle), and container technologies (Docker, Kubernetes). Expertise in security tools and technologies (e.g., SIEM, intrusion detection systems, firewalls) and the ability to analyze and interpret security data to identify vulnerabilities and threats. Strong understanding of cybersecurity principles, frameworks, and best practices, including risk management, incident response, and regulatory compliance (e.g., NIST, ISO 27001, NIST 800-53, PCI-DSS). Familiarity with vulnerability prioritization methodologies (e.g., CVSS, EPSS, threat intelligence enrichment) is a plus. Strong analytical and troubleshooting skills with the ability to interpret complex data sets, convey technical findings to both technical and non-technical audiences, and contextualize vulnerabilities in terms of business impact and operational risk. Experience building and presenting vulnerability management reports at a leadership level is preferred. Experience in creating technical documentation, runbooks, playbooks, and training materials for vulnerability management. Excellent communication and interpersonal skills. Proficient in Microsoft Office Suite. Detail-oriented and well organized. Self-motivated and capable of working independently within a small, high-performing team that values critical thinking and sound decision-making. Contributes to a team culture of inclusion, transparency, and innovation, by actively sharing ideas and taking ownership of impactful work. Highly ethical and professional. Work Environment: Work in a clean, pleasant, and comfortable office work setting. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable persons with disabilities to perform the essential functions. This position is 100% in office.

Head of Security TReDS Full-time | Senior Leadership Role Experience - 8-14 years Location: Noida (Hybrid) About C2Treds C2Treds is an RBI-approved TReDS platform, of C2FO the world s leading on-demand working capital platform. Our mission is clear: to empower every MSME in India with the working capital they need to thrive, driving long-term sustainability and economic growth. At C2Treds, a strategic initiative by C2FO, we are transforming the landscape for MSMEs in India by unlocking easier access to working capital. As India s only fintech platform offering both Early Pay and TReDS functionalities, we enable businesses to bypass receivables delays, enhance financial agility, and unleash their full growth potential. We understand that MSMEs are the backbone of India s economy, contributing to 30% of the country s jobs. Yet, these businesses often face significant barriers like restrictive debt cycles, high interest rates, and delayed payments that stifle their growth potential. That s where C2Treds comes in with over 50,000 MSMEs in C2FO s India network, we are dedicated to breaking down these financial barriers and providing a direct path to success. By joining C2Treds, you ll be part of an innovative, growth-driven company at the forefront of transforming MSME financial empowerment and shaping India s economic future. As the Head of Security, you will be the strategic architect and operational guardian of TReDS information security landscape. You ll lead the design, execution, and management of robust security initiatives to safeguard the platform s data, systems, and networks ensuring resilience in a regulated and rapidly evolving fintech ecosystem. Key Responsibilities Design and execute a holistic information security strategy that aligns with TReDS business goals and complies with relevant regulatory mandates. Lead comprehensive risk assessments and vulnerability scans to proactively identify and address security threats. Develop and enforce information security policies, standards, and protocols to minimize risk and protect sensitive data. Oversee daily security operations and ensure rigorous adherence to security policies and procedures across the TReDS platform. Spearhead incident response efforts, coordinating with stakeholders to swiftly contain, investigate, and mitigate security breaches. Direct real-time monitoring and threat detection through security systems and tools, enabling rapid response to potential intrusions. Ensure organizational compliance with all applicable industry standards, legal requirements, and regulatory frameworks. Conduct regular audits and security assessments to uncover and resolve compliance gaps. Collaborate with cross-functional teams to embed security best practices into business processes. Lead identification, evaluation, and mitigation of security risks tied to operations, technology infrastructure, and third-party relationships. Develop and operationalize a dynamic risk management framework that prioritizes and addresses key threats. Assess and manage security risks associated with external vendors and partners, ensuring adherence to TReDS security benchmarks. Champion a security-first mindset across the organization, mentoring team members and promoting a culture of accountability, awareness, and excellence. Required Qualifications Bachelor s degree in Computer Science, Information Security, or a related discipline. Recognized certifications such as CISSP, CISM, or CISA. Minimum 6 years of experience in leading information security teams. In-depth knowledge of security frameworks and standards, especially those relevant to the Indian financial sector. Demonstrated success in building and executing enterprise-grade security programs. Strong leadership, interpersonal, and communication skills. Ability to thrive in fast-paced, high-stakes environments. Familiarity with cloud security principles and data privacy regulations. Preferred Qualifications Prior experience in the fintech domain. Knowledge of Indian data privacy regulations, including the Personal Data Protection Bill. Commitment To Diversity And Inclusion As an Equal Opportunity Employer, we not only value diversity and equality, but we also empower our team members to bring their authentic selves to work every day. Our goal is to create a workplace that reflects the communities we serve and our global, multicultural clients. We recognize the power of inclusion, emphasizing that each team member was chosen for their unique ability to contribute to the overall success of our mission. #LI-NS

The Manager, Continent Security Partnerships, Property Security Compliance is a key role in continent security aspects relating to planning, executing and managing the Marriott Security Compliance Assessment program, providing the necessary support to above property and on property teams. The objective for this role is to attain maximum security compliance status and ensure that all IT Operations in the continent follow the company security standards. Enforce Marriott Security Standards and requirements for properties. The role will perform tracking and reporting on the established security policies and processes as implemented at the hotels and will have a direct reporting line to the Senior Director/Director, Continent Information Security Partnerships. This position maintains strong relationships with and provides support to Area Operation/IT Leaders with continent operations and provides assistance in liaising with additional teams within Information Security and will require to travel for up to 75% of the work capacity. CANDIDATE PROFILE Education and Experience 5+ years Information Technology or information security work experience including: 3+ years in executing technology plans and/or information security projects, programs, and/or portfolios 2+ years in implementing enterprise security risk management frameworks and processes. Bachelor s degree in Computer Sciences, Information Technology, Information Security, Cybersecurity or related field or equivalent field experience. Fluent in English, both spoken and written. Preferred: Professional certifications related to security assessment, such as CISA, CRISC, PCI ISA, ISO/IEC 27001 Lead Auditor, etc. Hotel IT Management. Cybersecurity experience. Good understanding of PCI DSS and NIST CSF. Expert level understanding of key network and technical security controls. Experience participating in and coordinating activities for security incident responses. Knowledge of global regulatory standards to include GDPR and CCPA. Ability to demonstrate security experience via certifications (CISSP, CISM, etc.) or significant career accomplishments. Demonstrated ability to apply organizational information security policies at a discipline unit level. Knowledge of IT security within an infrastructure environment. Proven ability to effectively prioritize and execute tasks in a high-pressure environment. Experience in business systems and process planning. Graduate/postgraduate degree. CORE WORK ACTIVITIES Lead and execute audits, security assessments, and control reviews across infrastructure, applications, data, cloud, and third-party services. Evaluate the effectiveness of information security controls (technical and administrative) aligned with corporate standards. Perform risk-based assessments and identify vulnerabilities, non-compliances, and improvement opportunities. Review historical audit and assessment findings and real-time observations, both internal and external, to determine areas for improvement, including developing and disseminating best practices, standardized configurations, and implementation guides across the hotel portfolio. Review artifacts, interview key stakeholders and identify areas for improvement. Develop and manage the end-to-end audit or assessment program, including planning, scoping, scheduling, stakeholder engagement, fieldwork, and follow-up. Organize and facilitate kick-off meetings, status updates, walkthroughs, and closing sessions. Track and report audit timelines, milestones, and risk issues to ensure timely completion. Build relationships and collaborate with key stakeholders to develop pragmatic remediation plans and track closure progress through defined follow-up cycles. Prepare clear, concise, and well-structured audit reports with actionable findings and risk ratings. Provide input on risk treatment strategies, control enhancements, and policy updates. Develop effective communication plans to collaborate with the stakeholders by customizing individual needs. Contribute to the maturity of the information security internal audit methodology, templates, and knowledge base. Additional Functions Represents Security in signing off on new property openings reviewing the implemented policies and controls. Provides tactical communications and issues remediation planning and implementation with the continent IT Operations team. Signs off the new property openings including tracking that all necessary information on the property systems and security readiness is registered, such as application inventory. Facilitates educational calls, materials and meetings to the Continent IT Operations and field associates Tracks the compliance performance of the continent and work with on property IT associates along with the Area IT Managers towards issues remediations, providing necessary escalations and follow ups to the respective teams. Reporting on security & compliance related metrics to different stakeholders including GIS, Continent leadership Provides answers to general questions and queries around IT security and other related queries. Identifies learning and knowledge gaps and facilitates educational calls, materials and meetings to the Continent IT Operations and field associates Additional Responsibilities Informs, updates, and provides information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person in a timely manner. Attends and participates in all relevant meetings. Presents ideas, expectations and information in a concise, organized manner. Uses problem solving methodology for decision making and follow up. Maintains positive working relations with internal customers and department managers. Manages time effectively and conducts activities in an organized manner. Performs other reasonable duties as assigned by manager.

: In Scope of Position based Promotions (INTERNAL only) Job TitleIT Auditor, AVP Corporate TitleAVP LocationPune, India Role Description You will be responsible for auditing Deutsche Banks technology and security controls. You will be involved in the planning, preparation, coordination and execution of audits to evaluate the adequacy and effectiveness of internal controls related to IT Infrastructure services primarily within TDI Global Technology Infrastructure including End User Computing. You will undertake audit assignments, draft and consolidate audit reports as well as tracking and closing audit findings. You will work as part of a global team, spread across the US, Germany, the United Kingdom and Singapore What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities What Youll Do Plan, prepare, coordinate and execute audits to evaluate the adequacy and effectiveness of cyber security controls in accordance with Group Audits Methodology. Contribute to Continuous Monitoring and overall implementation of Group Audit Methodology. Undertake audit assignments, draft and consolidate audit reports for review by audit management and facilitate finding tracking and validate closure of findings. Participate in ad hoc projects and special inquiries. Work closely with colleagues in New York, Jacksonville, London, Birmingham, Berlin, Frankfurt and Singapore. Your skills and experience Skills Youll Need University degree in computer science, mathematics, engineering or a related scientific degree. Certifications as CISA, CISM, CISSP or equivalent qualification in the areas of information security, project management or process-/quality management would be an advantage. Demonstrable experience in one or more of the following disciplinesIT infrastructure, IT production, IT operation such as system administrator, database administrator, operator in a data centre or software development for IT infrastructure applications. Experience in IT Audit, IT risk management or information security. A fundamental understanding of the following Audit disciplinesaudit concepts (e.g. pre-/post implementation audits), controls in outsourced environments (e.g. for managed services), auditing project management and auditing IT service- and quality management. Skills That Will Help You Excel Very good written/verbal communication skills and the ability to communicate effectively in conflicts and at all management levels. Language skills beyond English are not a requirement, but are generally useful. Experiences in analyzing and articulating IT Infrastructure risks combined with a good understanding of IT services and IT processes in an enterprise environment. Flexibility, pro-active, self-sufficient and innovative with strong organizational skills to take ownership and responsibility of agreed targets and meet them within budget to enable a timely and efficient completion of audit projects. Ability to multi-task assignments and prioritize the workload with limited supervision and be resilient under pressure and the ability to deliver to deadlines. How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

About this role Role Description: The Information Security team member will augment the Supply Chain Security team and play an integral part in the development, implementation, and compliance of technical security across the enterprise. The candidate will be key contributor to ongoing security assessments of third-party tools and products and will regularly act as a voice of Information Security to business teams and management, building cyber security confidence in support of business development and governance processes. Responsibilities: Perform focused assessments of existing or new service providers, and technologies being introduced into the firm s environment. Experience in performing cyber security due diligence assessments of third-party service providers and vendors. Provide governance and oversight over existing and new SaaS and IaaS products Influence the overall direction for securing infrastructure, applications and third parties service providers for the firm Communicate risk assessment findings to information security stakeholders or business partners and influences the risk mitigation Provide consultative advice to information security customers that enables them to make informed risk management decisions Performing assessments of new and existing Internet of Things (IoT) Deployments Identify appropriate controls to effectively manage information risks as needed Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk Maintain strong working relationships with individuals and groups involved in managing information risks across the organization Support the documentation of Information Security Policies and Standards Security assessments of third-party software packages deployed on machines Perform vulnerability impact analysis of newly identified vulnerabilities of the firm s critical service providers Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the skills and competencies necessary to be highly effective in the role. These skills and competencies include: Strong documentation and process-oriented background with experience working on complex technology projects An ability to effectively influence others to account for the plans and collaborative behaviors for results An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners in a way that influences optimum risk mitigation Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one Ability to react to high pressure dynamic changing environments Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one s network within an organization An ability to apply original and innovative thinking to produce new ideas and create innovative products, solutions, or approaches A discipline and interpersonal skills to work well in a global environment, complementing teams in multiple remote locations Experience Degree in Business, Computer Engineering, Computer Science, Information Security, or a related field Working knowledge of data analysis techniques, including Excel, Python and basic SQL skills Experience with agile project management Knowledge of Azure security, AWS security, web security, including API and token security 5+ years Information Security experience 3+ years with risk advisory and senior management communication, metrics, collaboration to drive risk-based results 3+ years of experience with documenting, project management, written analysis for Information Security risk assessments 3+ years of experience in an Enterprise Risk Management and/or assessing controls within a Technology and/or Financial Services firm Experience with information security management frameworks (e. g. , IS027001, COBIT, NIST 800, SOC 2 Type 2) Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA) AWS, GCP, or Azure security certifications are a plus Our benefits . Our hybrid work model . At BlackRock, we are all connected by one mission: to help more and more people experience financial well-being. Our clients, and the people they serve, are saving for retirement, paying for their children s educations, buying homes and starting businesses. Their investments also help to strengthen the global economy: support businesses small and large; finance infrastructure projects that connect and power cities; and facilitate innovations that drive progress. This mission would not be possible without our smartest investment - the one we make in our employees. It s why we re dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive. For additional information on BlackRock, please visit @blackrock | Twitter: @blackrock | LinkedIn: www. linkedin. com/company/blackrock BlackRock is proud to be an Equal Opportunity Employer. We evaluate qualified applicants without regard to age, disability, family status, gender identity, race, religion, sex, sexual orientation and other protected attributes at law.

Business Title Lead - Zero Trust and IAM Region APAC Country India What we look for 8+ years experience implementing enterprise Identity and Access Management (IAM), Privileged Access Management (PAM) solutions (e. g. Saviynt, Okta, SailPoint, Ping Identity, Omada, Microsoft Identity Manager, Beyond Trust, CyberArk or equivalent IAM solution) in client environments. Familiarity with Zero Trust Network Architecture is desirable Familiarity with service now Ticketing and CMDB is desirable Design, build, operate and automate security solutions and processes to protect the integrity of the organizations networks, systems, applications and data. Experience developing technical strategies, architectures, and roadmaps. Outstanding communication and presentation skills. Able to articulate complex, technical concepts to non-technical audiences. Respond to security incidents, including data breaches, and coordinate with other IT teams to mitigate the impact of any security breaches. Preferred Experience hardening security for Active Directory, Windows, *nix OS. Experience with IDaaS providers such as Microsoft, Okta, Ping Identity, Google Cloud Identity Experience with cloud architectures particularly Azure, AWS, GCP native IAM controls. Experience with Identity Governance processes and solutions such as Saviynt, SailPoint, Ping Identity or equivalent. Experience with Microsoft 365, Active Directory, SAML, OIDC Knowledge of Applied Cryptography and PKI Manage and network security infrastructure Firewall configuration and rule management Cloud proxies services & Network Access control Employee and Partner remote access VPN services Cloud based Web application firewall Development knowledge e. g. Python, Java, C#, . NET, Web Services (SOAP/REST/RESTful, APIs), Shell programming/scripting Preferred Network Infrastructure Security background in both on prem physical security components (firewalls, IDS/IPS , remote access and internet proxies) as well as cloud security services (Zscaler , Azure, GCP). Strong experience of working on SIEM tools like Splunk to analyse logs and correlate events. Experience with User Behaviour Analytics & Workday, SAP, Salesforce Experience with MDM capabilities such as Intune or AirWatch Understanding of trends and regulations to ensure effectiveness and compliance with all regulations and frameworks (NIST, HIPPA-HITECH, HITRUST, PCI, GDPR) Certifications CISSP or SANS, GIAC, CIMP, CEH, CISM or CISA certifications is a plus OKTA - Professional or Consultant is a plus Google/AWS/Microsoft Professional Cloud Architect is a plus Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law . If you are an individual with a disability and you require an accommodation during the application process, please visit www. johnsoncontrols. com/careers .