581 Cism Jobs - Page 2

The Global Information Security (GIS) Technology Risk Management Analyst will work with peers in Global Information Security (GIS) and across the Technology Division to ensure that third party technology risks are properly identified, assessed, monitored, and communicated in support of the overall Third Party Risk Management (TPRM) program. The Analyst will assist with the continuous improvement and daily operation of the GIS Third Party Risk Management (GIS TPRM) program. Responsibilities Include: Work with peers to identify and assess Information Security risks Conduct risk assessments using CME Groups established GIS Third Party Risk Management assessment process Collaboratively author and edit various assessment related documents including Deficiencies Observed, Summary of Work, Risk Advisory Memos, exceptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities Participate in and contribute to various working groups across the Technology Division, including, but not limited to, Third Party Risk Management working group, Governance, Risk Management, and Compliance (GRC) working group, etc. Assist the GIS TPRM function with: Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage third party technology risks Providing advisory and consulting services to the Information Technology Management Team related to InfoSec risks, treatment strategies, and decision-making Assist in the preparation of management reports, presentations, metrics, and other documentation required to support governance functions Assist in compiling and delivering business and operational metrics at regular intervals Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support Problem Solving: Objectively assess the impact, likelihood, and velocity of identified risks Objectively advise on any number of controls that will mitigate risk while not imposing undue burden on those who must implement the controls Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers Rapidly analyze complex technical details Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the company Decision Making: Recommend risk treatment decisions Recommend remediation actions when risk mitigation is desired Recommend improvements to methods, instrumentation, training, documentation, and processes Recommend solutions for automating and streamlining GIS TPRM risk management practices Working Relationships: Interacts with peers across all elements of the Technology Division Communicate regularly with cross-functional peers outside of the Technology Division, including Legal, Information Governance, Global Operations, Global Assurance (Internal Audit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership Interact occasionally with industry peers from other Systemically Important Financial MarketUtilities(SIFMUs),research organizations, solution providers, etc. Required Experience: Bachelors Degree or equivalent experience Minimum of 1 to 3 years of relevant experience in publicly traded companies or finance/technology industry operations with third party risk management experience a plus Experience in at least two of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit Experience working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, COBIT, etc.) Demonstrable knowledge of a broad range of InfoSec technologies and practices Demonstrable, impeccable writing skills for technical, management, and executive audiences Additional preferred experience: Demonstrable knowledge of InfoSec risk management methods and practices Experience with operating GRC solutions Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.)

Job Title: Senior Manager Information/Cyber Security Job Location: Pune / Bangalore / Mumbai Job Summary: We are looking for a seasoned professional in Information/Cyber Security to be part of the Digital Trust and Security team at Capgemini Invent This role requires a resource who is experienced in managing client-facing cybersecurity programs, providing strategic advisory, and enhancing security capabilities within the organization. Key Responsibilities: Client Advisory & Leadership: Lead cybersecurity engagements for clients, and providing strategic direction and ensuring alignment with their business and security goals. Program Oversight: Manage the delivery of multiple cybersecurity projects, ensuring high-quality service, timely execution, and compliance with client expectations. Risk Management & Compliance: Oversee risk assessments for clients and ensure the implementation of security controls that meet industry standards (ISO 27001, NIST, GDPR, etc.). Team Development: Mentor and develop the internal cybersecurity team, fostering a culture of continuous improvement and ensuring the team is equipped to handle evolving client needs. Stakeholder Engagement: Collaborate with senior client stakeholders, including C-level executives, to communicate security risks, program progress, and recommend improvements. Innovation & Thought Leadership: Drive the adoption of new security technologies and best practices, positioning the organization as a thought leader in cybersecurity services. Business Development & Solutioning: Lead the development of cybersecurity solutions tailored to client needs, aligning with emerging threats and industry trends. Collaborate with sales and account teams to identify new business opportunities and expand client relationships through cybersecurity offerings. Develop and present compelling proposals, including RFP/RFI responses, for cybersecurity services. Engage in pre-sales activities, providing expertise and thought leadership to support business development efforts. Drive solution architecture and proposal strategies for large-scale cybersecurity projects to win new business. Required Skills and Qualifications: Master’s degree in Information security, Cybersecurity, Information Technology , or a related field. 10-15 years of experience in Information/Cybersecurity , with at least 7 years in a client-facing leadership role within a consulting environment. Deep understanding of cybersecurity frameworks (e.g., ISO 27001, NIST etc.) and regulatory standards (GDPR, HIPAA, PCI-DSS etc.). Proven track record in managing complex security programs for large clients, including risk management, cloud security, incident response , and compliance management . Certifications such as CISSP, CISM, CRISC, CISA, or PMP are highly preferred. Personal Attributes: Strong leadership and team-building skills, with a focus on mentoring and developing the next generation of cybersecurity leaders. Excellent communication and presentation skills, with the ability to influence senior stakeholders at client organizations.

Cybersecurity Engineer + Analyst (Hybrid Chandigarh / Mohali) Infinity Healthcare Solutions, LLC is expanding its cybersecurity operations and is actively seeking a highly skilled and motivated Cybersecurity Engineer + Analyst to join our team. This role is designed for professionals who bring both deep technical engineering expertise and analytical skills to secure enterprise infrastructure, identify vulnerabilities, and respond to evolving cyber threats. This position will work at the intersection of IT security architecture, incident response, risk management, and compliance operations to ensure the security and integrity of our organizations data and systems. Key Responsibilities: Security Operations & Monitoring: Monitor infrastructure, networks, and cloud environments using SIEM tools (e.g., Splunk, Microsoft Sentinel) Identify, investigate, and respond to real-time alerts and security incidents Analyze logs and network traffic to detect anomalies and unauthorized activities Perform deep-dive forensic analysis and root cause investigations on security events Incident Response & Threat Management Lead and execute end-to-end incident response processes including containment, eradication, and recovery Maintain incident response playbooks, runbooks, and documentation for various threat scenarios Collaborate with cross-functional teams to remediate vulnerabilities and improve incident readiness Stay up to date with the latest threats, vulnerabilities, zero-day exploits, and malware campaigns Security Engineering & Hardening Manage and configure endpoint protection, firewalls, IDS/IPS, and other security controls Assist in the secure deployment and configuration of cloud environments (AWS, Azure, GCP) Evaluate and implement security tools and automation for risk mitigation Apply industry best practices to harden systems and reduce attack surfaces Governance, Risk & Compliance Perform routine risk assessments, internal security audits, and gap analysis Ensure adherence to regulatory and compliance standards: ISO 27001, NIST, SOC 2, GDPR Support internal and external audits by preparing documentation and evidence Develop and maintain security policies, procedures, and technical documentation IAM & Access Controls Manage Identity and Access Management (IAM), including user provisioning, role-based access, MFA Enforce least privilege and zero-trust principles across all systems and environments Required Qualifications: Bachelors degree in Cybersecurity, Computer Science, Information Technology, or a related field Minimum 3 years of hands-on experience in cybersecurity operations, security engineering, or threat analysis Proficient with SIEM, IDS/IPS, EDR, antivirus, and endpoint security platforms Solid understanding of network protocols, firewalls, routing, and segmentation Practical knowledge of security for cloud platforms (AWS, Azure, or GCP) Experience working with IAM, RBAC, MFA, VPNs, and secure access controls Strong documentation and reporting skills; ability to communicate technical issues clearly Preferred Skills & Tools: Familiarity with MITRE ATT&CK, CIS Controls, OWASP Top 10 Experience using tools such as Wireshark, Nmap, Nessus, CrowdStrike, Qualys Scripting or automation experience (e.g., PowerShell, Python, Bash) is a plus Familiarity with DevSecOps practices is desirable Preferred Certifications (Any): CEH Certified Ethical Hacker CompTIA Security+ CISSP Certified Information Systems Security Professional CISA, CISM, or other GIAC certifications Why Join Us: Opportunity to work in a security-first environment with global impact Collaborative, forward-thinking team culture Exposure to enterprise-grade cloud security architecture and compliance frameworks Career development.

Implement security strategy, policies & controls.Oversee risk, vendor security, BCDR, vulnerability remediation & AppSec.Drive compliance, training,audits,and continuous improvement.GRC tool expertise,ISO27001 Implementer/Auditor,CGRC/BCMS preferred.

As a Security Architect & Engineer, you will play a crucial role in designing secure architectures, implementing effective security controls, and supporting security operations across IT and cloud environments. Your responsibilities will involve creating long-term security strategies aligned with business goals, evaluating security technologies, and ensuring compliance with regulatory requirements. In the realm of Security Architecture, you will be tasked with designing secure and scalable architectures that seamlessly integrate with existing IT systems. Your role will also involve recommending security technologies, frameworks, and practices across IT, OT, and cloud environments. Implementing access control and identity management measures will be essential, including least privilege, RBAC, MFA, and SSO controls. In terms of Security Engineering, you will apply secure configuration baselines and automation across operating systems, databases, and cloud environments. Supporting security and vulnerability assessments, assisting in patch implementations, and promoting infrastructure-as-code and DevSecOps practices will also fall under your purview. Your involvement in Security Operations will require collaboration with SOC and IT teams to detect, investigate, and respond to security incidents. To enhance security measures, you will support threat hunting, root cause analysis, and the evolution of incident response and disaster recovery plans. Regarding Risk, Compliance & Governance, you will be responsible for identifying and mitigating security risks associated with IT systems. Developing security policies, conducting risk assessments, ensuring compliance with frameworks and regulations, and providing security input into vendor assessments will be crucial aspects of your role. In terms of Collaboration & Communication, you will act as a trusted advisor to internal teams on security best practices and secure solution design. Your ability to translate complex security topics into actionable guidance for technical and business stakeholders will be paramount. To qualify for this role, you should hold a Bachelor's degree in Information Security, Computer Science, or a related field, along with 8-12 years of cybersecurity experience. Strong knowledge of cloud security services, regulatory compliance requirements, IAM concepts, and relevant certifications are required. Additionally, experience with SIEM, EDR, vulnerability scanners, and cloud-native controls is essential. While not mandatory, advanced knowledge in cloud security architecture, experience with automation tools, and relevant certifications like CISSP, CISM, or CEH would be advantageous. This position may offer remote work options and will involve collaboration with diverse teams in a dynamic environment, providing you with the opportunity to contribute to critical security initiatives.,

As a candidate for this position, you will be responsible for performing and documenting testing on consulting, compliance, and internal audit engagements with a focus on IT risk, strategy, and governance within financial institutions. You will also provide training and supervision for engagement staff, identify findings, and document opportunities for process improvement. Additionally, you will research technical issues that arise during engagements and assist Managers and/or Senior Managers in developing strategic solutions to meet client needs. Furthermore, you will work closely with Managers and/or Senior Managers on engagement planning, execution, and issuing a final report that meets client deadlines. You will also play a key role in setting the foundation for developing relationships with clients through networking and business development activities. Your motivation to meet client deadlines and provide excellent client service will be crucial to your success in this role. In terms of qualifications, a Bachelor's degree is required for this position. Preferred certifications include CISA, CISM, or CISSP. If not already certified, you must meet the educational requirements to obtain a license upon hire in the state of employment. Additional certifications such as CPA, CIA, CRCM, CAMS, CFIRS, CFE, and/or CFF are considered a plus. The ideal candidate will have a minimum of 3 years of experience in information systems, internal audit, regulatory compliance, or consulting services. Experience in network engineering/administration with a security emphasis is preferred. Knowledge of IT control and/or services management standards such as CObIT, ITIL, and ISO is also preferred. Previous experience in banking or credit unions would be advantageous. You should possess the ability to work effectively as part of a team as well as independently. Creative problem-solving and research skills are essential, along with excellent verbal and written communication abilities. Strong analytical and report writing skills are required, and proficiency with Microsoft Office applications such as Word, Excel, PowerPoint, and Outlook is expected. The ability to handle multiple priorities, tasks, and simultaneous projects is a key attribute for success in this role.,

As a Cyber Risk Manager at Stryker, your primary role will be to identify, analyze, evaluate, and mitigate present and future risks to Stryker data and assets. You will drive towards acceptable risk levels by fostering partnerships with IT, Business, and Partner stakeholders. Your responsibilities will encompass a broad spectrum of tasks within Stryker, focusing on managing and completing reviews throughout the cyber risk management lifecycle. Your essential duties and responsibilities will include leading and overseeing 3rd party cyber security assessments of vendors and other external parties engaging with Stryker. You will also drive the completion of cyber risk assessments across various functions, proactively identifying opportunities to minimize risk levels. By engaging with stakeholders and leveraging internal partnerships, you will work towards maintaining acceptable risk levels for the organization. In addition, you will be responsible for leading the design, implementation, maintenance, and enforcement of cyber risk management policies, procedures, and controls. Utilizing tools such as ServiceNow and OneTrust, you will streamline and enhance risk assessment activities. It will be crucial for you to identify key program metrics, such as key performance indicators (KPI) and key risk indicators (KRI), to gauge the effectiveness of the program and assess inherent risks to the organization. Continuous improvement of the cyber risk assessment process will also be a key focus, from request intakes to evidence gathering. To qualify for this role, you should hold a Bachelor's degree in computer information systems, Information Security, or a related field. A Master's degree is preferred. Additionally, having an understanding of various Cyber Security Risk Frameworks like NIST 800-300 and ISO 27001, along with relevant industry certifications such as CRISC, CISM, or CISSP, will be advantageous. With at least 8 years of experience in a regulated industry, strong negotiation and leadership skills are essential for this role. You should have the ability to influence and lead teams effectively, communicate proficiently, and work independently under minimal supervision. Thriving in a fast-paced environment, managing global teams, and familiarity with tools like OneTrust will be beneficial. As a Cyber Risk Manager at Stryker, you will be expected to be a results-oriented leader with the ability to drive change, collaborate effectively, and communicate across all levels of the organization. Your strategic agility, high energy, and focus on process and metrics will play a crucial role in successfully managing cyber risks and driving positive outcomes for the organization.,

MECPL is a construction company specializing in Civil, Structural & Interior Contracts. We focus on delighting clients by consistently meeting requirements and exceeding expectations through Quality Construction, Timely completion, and After Sales Service of Industrial, Commercial & Institutional Projects. Our use of state-of-the-art technology and commitment to quality construction keeps us at the forefront of the industry. This is a full-time on-site Information Technology Security role located in Pune at MECPL. The role involves implementing cybersecurity measures, ensuring network security, managing information security, and overseeing application security on a day-to-day basis. You will lead the organization's cybersecurity posture and ensure the safe deployment and operation of cloud platforms, SaaS apps, and user identity systems. Key Responsibilities: - Implement firewalls, MFA, endpoint detection (EDR/XDR) - Ensure Email security: SPF, DKIM, DMARC; spam/phishing protection - Monitor threats, audit logs, VPN, and remote access policies - Maintain Microsoft 365 / Google Workspace security configuration - Oversee Cloud workload security (if using AWS, Azure, GCP) Must-Have Skills: - CISSP/CEH/CISM preferred or equivalent experience - Knowledge of SIEM tools, endpoint security (CrowdStrike, SentinelOne) - Familiarity with Microsoft Intune, Google Admin Console, Okta/Azure AD Qualifications: - Cybersecurity, Network Security, and Information Security skills - Experience in Information Technology and Application Security - Strong understanding of security principles and best practices - Certifications like CISSP, CISM, or CISA are a plus - Bachelor's degree in Computer Science, Information Technology, or a related field - Relevant work experience in IT security roles,

As a Technology Transformation Risk Senior at EY, you will be instrumental in ensuring that technology transformations are executed with a thorough understanding and management of associated risks. Your role will involve identifying, assessing, and mitigating risks related to significant technology changes like system upgrades, cloud migrations, and the implementation of new digital tools. By adhering to the company's risk management policies, you will guarantee the secure and compliant implementation of technological advancements. Key Responsibilities: - Conduct risk assessments for technology transformation projects to identify potential risks and vulnerabilities. - Assist in developing and executing risk mitigation strategies to address identified risks. - Collaborate with project teams to incorporate risk considerations throughout the project lifecycle. - Monitor and communicate the status of risk mitigation activities to the Technology Transformation Risk Manager and other stakeholders. - Contribute to the preparation and upkeep of risk documentation, including risk registers, reports, and dashboards. - Participate in the formulation of risk management policies, procedures, and training materials. - Engage with internal and external stakeholders to convey risk findings and recommendations. - Stay abreast of emerging technology trends, threats, and regulatory requirements that could impact the risk landscape. - Support the Technology Transformation Risk Manager in cultivating a culture of risk awareness and proactive risk management within the organization. Qualifications: - Bachelor's degree in Information Technology, Computer Science, Risk Management, or a related field. - At least 3 years of experience in technology risk management, particularly in transformation projects. - Profound knowledge of IT governance frameworks (e.g., COBIT, ITIL), cybersecurity principles, and data privacy regulations (e.g., GDPR, CCPA). - Preferred experience in Internal controls within SAP ECC/S4 Applications, IT application controls, IT general controls, and interface controls. - Professional certifications such as CRISC, CISM, CISSP, or equivalent are highly advantageous. - Demonstrated exposure to client-facing roles and collaboration with cross-functional teams including internal audits, IT security, and business stakeholders to evaluate control effectiveness and facilitate remediation activities. - Excellent communication, documentation, and report writing skills. Join EY to craft a fulfilling career and contribute to building a better working world for all.,

You will be responsible for reviewing and approving firewall requests in line with the risk appetite of the organization. Your role will involve reviewing and analyzing firewall rules to ensure their effectiveness and alignment with security best practices. It will be crucial for you to ensure that all firewall rules are recertified by owners within the specified timeframe. In cases where no owner is assigned, you will be required to find an owner and update the necessary information accordingly. Your duties will include performing firewall ruleset reviews and validating rule compliance reports generated from automated firewall review solutions. You will need to collaborate with stakeholders and manage ACL ruleset by adding, updating, removing, and optimizing rules to eliminate defunct or duplicate entries. Adherence to the change management process for creating, modifying, or removing rules with appropriate approvals is essential. Documenting all changes to firewall rules comprehensively is a key aspect of this role. This documentation should include the reason for the change, details of the change, the requestor's information, and the date and time of the change. Regularly reviewing existing firewall rules to ensure their necessity and appropriateness is also part of your responsibilities. Outdated or redundant rules should be identified and removed, while adjustments to rules based on identified issues should be made as necessary. In terms of experience qualifications, you should possess 16 to 20 years of experience in setting up, configuring, and managing firewall devices such as Palo Alto, F5, Zscaler, Cisco ISE, Azure, and DDoS solutions. A strong background in Network Architecture and the ability to design and develop the architecture framework are essential. Experience in preparing High-Level Design (HLD) and Low-Level Design (LLD) documents, managing end-to-end delivery, and excellent communication skills are required. Moreover, you should demonstrate strong leadership and team management skills, along with the ability to collaborate effectively with cross-functional teams. Possessing certifications such as CISSP, Certified Ethical Hacker (CEH), or CISM would be considered advantageous for this role.,

Role Overview: We are seeking a highly skilled Information Security Specialist to join our team. The ideal candidate will have extensive experience in addressing client queries related to product security, AI security, and cloud security (AWS and Azure) . This role requires a proactive approach to identifying and mitigating security risks , as well as excellent communication skills to effectively interact with clients. Key Responsibilities: Good and detailed understanding of Azure and AWS services provisioning, architecture and security recommendations Respond to client queries regarding product security, AI security, and cloud security (AWS and Azure). Develop and implement security policies, protocols, and procedures. Conduct regular security audits and assessments to identify vulnerabilities. Collaborate with the product development team to ensure security best practices are integrated into the product lifecycle. Monitor and analyze security incidents to determine root causes and implement corrective actions. Stay updated with the latest security trends, threats, and technologies. Provide training and guidance to internal teams on security best practices. Co-ordinate with internal InfoSec team for timely deliverables, as required Hands-On experience for Azure and AWS Cloud services and application end -to-end provisioning on Cloud. Key Performance Indicators (KPIs): Client Query Response Time: Ensure all client queries related to security are addressed within 24 hours. Incident Resolution Time: Resolve security incidents within the defined SLA (Service Level Agreement). Security Audit Compliance: Achieve a compliance rate of 95% or higher in all security audits. Client Satisfaction: Maintain a client satisfaction score of 90% or higher for security-related queries and support. Training Effectiveness: Conduct quarterly security training sessions with an average feedback score of 4.5/5. Cloud Architecture: Ensure secure hosting of product at Cloud Environment. Qualifications: Bachelor's degree in computer science, Information Technology, or a related field. Minimum of 10-15 years of experience in information security, with a focus on AI security and cloud security (AWS and Azure). Relevant certifications such as CISSP, CISM, or AWS Certified Security Specialty. Strong understanding of security frameworks and standards (e.g., ISO 27001,NIST). Excellent problem-solving skills and attention to detail. Strong communication and interpersonal skills. Nice to have Exposure to financial research domain Industry recognized certification programs on Data Management/Cloud etc. » Experience with JIRA, Confluence » Understanding of scrum and Agile methodologies » Experience with data visualization tools, such as Grafana, GGplot, etc. Soft skills » Oral and written communication skills » Good problem solving and negotiation skills » Intellectual curiosity to find new and unusual ways of how to solve data management issues. » Passionate about the work and attention to detail

Job Title: Information Security Engineer Job Type: Full-Time Position Overview: We are seeking a highly skilled Information Security Engineer to manage Risk Assessment,Compliance, and Clouds Infrastructure Security, with specialized expertise in healthcaresecurity, cybersecurity analytics, and emergency preparedness. The ideal candidate will haveexperience designing secure applications and architectures, conducting SAST/DAST testing,managing cyber emergency preparedness, and ensuring robust security protocols across theenterprise. You will also be responsible for developing security policies and procedures andintegrating cutting- edge security practices to maintain the organization's security posture andcompliance standards. Key Responsibilities: Risk Assessment: Perform internal and third-party risk assessments, conductsecurity audits, and manage vulnerability remediation. Develop mitigation strategiesand report risks to senior management. Clouds Infrastructure Security: Secure cloud environments (AWS, Azure, GCP) and on prem infrastructure, ensuring access controls, encryption, and network securityprotocols are in place. Compliance Management: Oversee compliance with HIPAA, GDPR, DPDPA, and healthcare-specific regulations. Support audit preparation, conduct assessments, andensure alignment with industry and privacy standards. Cybersecurity Analytics: Leverage cybersecurity analytics to monitor, identify, andrespond to threats in real-time, utilizing data-driven insights to enhance overall securityposture. Designing Secure Applications Architectures: Collaborate with development teams todesign and implement secure applications and system architectures, ensuring thatsecurity best practices are incorporated into the software development lifecycle. SAST /DAST: Implement Static and Dynamic Application Security Testing (SAST/DAST) to identify vulnerabilities and ensure secure coding practices throughout the development pipeline. Cyber Emergency Preparedness: Develop and maintain cyber emergency preparednessplans, including incident response, disaster recovery, and business continuity strategies. Electronic Surveillances Corporate Security: Oversee and manage electronic surveillance systems to detect and prevent both physical and cybersecurity threats.Ensure seamless integration between corporate security measures and IT/cybersecurity strategies. Security Policies Procedures: Develop, document, and maintain comprehensive securitypolicies and procedures to ensure regulatory compliance and alignment with riskmanagement frameworks. Incident Response: Lead investigations into security incidents, conduct root cause analysis,and recommend corrective actions to prevent future breaches. Collaboration Training: Partner with IT, development teams, and external vendors tointegrate security best practices into cloud and infrastructure environments. Providetraining and awareness programs to staff on security policies and procedures. Qualifications: 2-5 years of experience in information security, risk management, compliance, and healthcare security. Expertise in cybersecurity analytics, secure application design, andarchitectural security best practices. Strong knowledge of HIPAA, GDPR, DPDPA, and other healthcare-related compliance regulations. Hands-on experience with cloud security (AWS, Azure, GCP) and infrastructure security. Proficiency in SAST/DAST tools and vulnerability management. Experience with cyber emergency preparedness, incident response, anddisaster recovery planning. Knowledge of electronic surveillance systems and corporate security measuresto protect both physical and digital assets. Ability to document and maintain security policies, procedures, and standards. Strong analytical, communication, and problem-solving skills. Certifications (Preferred): CISSP, CISM, CRISC, CEH, AWS Certified Security Specialty, Azure Security Engineer, Certified HIPAA Professional (CHP), Certified Information Privacy Professional(CIPP/US), Certified Business Continuity Professional (CBCP)

ASSOCIATE CONSULTANT Experienced in Information Security Risk Management with experience in implementing and maintaining Risk Management frameworks (ISO 31000 & ISO 27001) Should have executed and managed consulting and audit assignments for clients in the areas such as internal audit, operational risk management and compliance management. Should be adept at conducting gap analysis, risk assessments to identify vulnerabilities. Have worked with organizations to develop Business Continuity Plans and Disaster Recovery related processes. Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Should have Knowledge on information security incident management. Specific Duties and Responsibilities Include: Proactively protect the organizations information by ensuring appropriate information security controls are in existence and enforced Conduct audits to verify the compliance to organizations security standards Assist in Business Continuity Planning and Implementation. Metrics collection & reporting Must Have Skills Excellent communication and presentation skills. Able to effectively interact with various functions. Good to have Skills / Certification Minimum: ISO27001:2013 Lead Auditor course Good to have: CISSP, CISA, CISM, ISO22301QualificationBE/ BTech, MCA, MBA with specialization in Information Security #eviden

ASSOCIATE CONSULTANT Experienced in Information Security Risk Management with experience in implementing and maintaining Risk Management frameworks (ISO 31000 & ISO 27001) Should have executed and managed consulting and audit assignments for clients in the areas such as internal audit, operational risk management and compliance management. Should be adept at conducting gap analysis, risk assessments to identify vulnerabilities. Have worked with organizations to develop Business Continuity Plans and Disaster Recovery related processes. Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Should have Knowledge on information security incident management. Specific Duties and Responsibilities Include: Proactively protect the organizations information by ensuring appropriate information security controls are in existence and enforced Conduct audits to verify the compliance to organizations security standards Assist in Business Continuity Planning and Implementation. Metrics collection & reporting Must Have Skills Excellent communication and presentation skills. Able to effectively interact with various functions. Good to have Skills / Certification Minimum: ISO27001:2013 Lead Auditor course Good to have: CISSP, CISA, CISM, ISO22301QualificationBE/ BTech, MCA, MBA with specialization in Information Security #eviden

Policy & Framework Management: Define, review, and update cybersecurity policies, procedures, and standards to align with business and regulatory requirements.Regularly review and update Security Configuration Documents (SCDs).Drive the adoption and alignment of the NIST Cybersecurity Framework.Implement and manage the Unified Compliance Framework to streamline regulatory mapping.Security Controls & Automation: Conduct configuration reviews across critical systems and platforms.Lead initiatives to automate policy management and control validation.Evaluate and recommend risk management solutions and security technologies.Risk & Change Management: Perform third-party/vendor risk assessments, including onboarding, periodic review, and offboarding processes.Collaborate with IT and operations teams for firewall rule lifecycle management.Participate in and govern the Change Management process to ensure security reviews and approvals.Compliance & Audit: Ensure continuous compliance with RBI, IRDAI, UIDAI, ISO 27001, IT Act 2000, and other applicable regulatory and industry standards.Prepare, maintain, and manage documentation for internal and external audits.Track, report, and drive mitigation for audit findings and exceptions.Implement and maintain continuous compliance monitoring tools and practices.Reporting & Governance: Develop and report on cybersecurity posture to senior leadership and key stakeholders.Maintain and deliver Service Level Agreements (SLA) reports and performance metrics.Design and manage Key Risk Indicators (KRI) dashboards to support informed decision-making.Conduct periodic exception reviews and manage approval workflows. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field.6+ years of experience in cybersecurity governance, risk, and compliance (GRC).Strong understanding of NIST, ISO 27001, UCF, and regulatory standards (RBI, IRDAI, UIDAI, IT Act).Proven experience in policy lifecycle management, audit coordination, and risk assessment.Familiarity with firewall rule governance, change management, and automated compliance tools.Excellent communication, analytical, and stakeholder management skills. Preferred technical and professional experience CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, CGEIT

& Summary . Why PWC & Summary We are looking for an experienced Cloud Security Lead with deep technical expertise in Zscaler (ZIA/ZPA) and Fortinet security solutions. The ideal candidate will play a key role in architecting, implementing, and managing secure cloud onprem and internet access strategies, supporting enterprisewide digital transformation and security posture enhancement. s Zscaler Security Operations Design, implement, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) solutions. Configure SIPA (Secure Internet & Private Access) policies for optimized secure remote and internet access. Perform regular reviews, audits, and optimization of Zscaler configurations to align with industry best practices. Provide technical support and guidance to L1 and L2 teams for Zscalerrelated issues. Stay up to date on Zscaler enhancements, threat intelligence, and security features to ensure proactive defense. Fortinet and Network Security Implement and manage Fortinet firewall and security solutions for perimeter and cloudbased infrastructure. Configure Fortinet firewalls to support SDWAN, secure edge, and hybrid cloud environments. Work closely with networking teams to design secure network topologies integrating Fortinet technologies. Cloud Security and Compliance Design and assess cloudnative security architectures for AWS, Azure, or GCP environments. Conduct cloud security assessments, vulnerability scans, and risk remediation. . Assist in external security audits and privacy assessments related to cloud workloads. Collaboration and Strategy Collaborate with crossfunctional teams (Security, IT, DevOps, Engineering) to embed security into cloud and network initiatives. Act as a Subject Matter Expert (SME) for Zscaler and Fortinet technologies in solution design and customer engagements. Maintain documentation on security controls, configurations, SOPs, and incident response playbooks. Required Skills and Qualifications Experience in network and cloud security domains. Proven handson experience with Zscaler ZIA/ZPA design, implementation, and operations. Strong working knowledge of Fortinet firewalls and FortiManager, FortiAnalyzer. Experience with SDWAN, SDN, VPNs, and secure web gateway technologies. Strong understanding of network security principles, SIEM, threat intelligence, and incident response. Knowledge of cloud compliance standards and risk frameworks (NIST, CIS, ISO). Excellent communication skills and ability to work in crossfunctional environments. Strong documentation, presentation, and stakeholder management skills. Experience in SOC environment will be a plus Mandatory skill sets Zscaler ZIA / ZPA / SIPA Fortinet FortiGate / FortiManager / FortiAnalyzer SIEM platforms (Splunk, QRadar, etc.) Firewall platforms Fortinet, Palo Alto, Check Point, Juniper Security Frameworks ISO 27001, NIST, CIS Controls, HIPAA, GDPR Preferred skill sets Zscaler Certified Professional ZIA/ZPA Fortinet Certified Professional (FCP) CISSP / CCSP / CISM Cloud Security certifications (AWS/Azure/GCP Security Specialty) Years of experience required 58 Years of experience Education qualification Graduate Engineer or Management Graduate Education Degrees/Field of Study required Master Degree, Bachelor Degree Degrees/Field of Study preferred Required Skills Splunk Administration Accepting Feedback, Accepting Feedback, Active Listening, Analytical Reasoning, Analytical Thinking, Application Software, Business Data Analytics, Business Management, Business Technology, Business Transformation, Communication, Creativity, Documentation Development, Embracing Change, Emotional Regulation, Empathy, Implementation Research, Implementation Support, Implementing Technology, Inclusion, Intellectual Curiosity, Learning Agility, Optimism, Performance Assessment, Performance Management Software {+ 16 more} Travel Requirements Available for Work Visa Sponsorship

You will be responsible for conducting third-party risk assessments in alignment with ISO 27001:2022 and ISO 22301:2019 frameworks. Your duties will include identifying, assessing, and mitigating risks related to information security, business continuity, and third-party vendors. Collaboration with cross-functional teams and external stakeholders to drive risk mitigation strategies will be a key aspect of your role. Additionally, drafting and reviewing policies, procedures, and audit reports will be part of your responsibilities. As a TPRM Consultant / Senior Consultant, you will need to effectively communicate complex risks and findings to both technical and non-technical audiences. Strong verbal and written communication skills will be essential for this. Furthermore, you will be expected to solve complex problems using structured critical thinking and issue-resolution approaches. Ensuring adherence to internal standards and client requirements at every phase of the engagement will be crucial. Excellent stakeholder management, critical thinking, and problem-solving abilities are key skills required for this role. Language proficiency in English is mandatory for this position. Additionally, fluency in Tamil and Hindi would be considered a plus. Certifications in ISO 27001:2022 or ISO 22301:2019 are mandatory for this role. Possessing certifications such as CEH, CISA, CISM, CompTIA Security+, or GISF would be advantageous.,

As an organization focused on re-imagining agricultural insurance through the innovative integration of Public Cloud, GIS, Remote-sensing, and cutting-edge AI-based algorithms, we at Kshema are dedicated to empowering the future of agricultural insurance. Leveraging the latest advancements in Mobile and Geospatial technologies, we are committed to revolutionizing the industry. We are currently seeking a Chief Information Security Officer (CISO) who will play a pivotal role in driving our cyber security strategy and ensuring strict compliance with regulatory and statutory guidelines pertaining to information and cyber security. As the CISO, you will be entrusted with the responsibility of enforcing policies aimed at safeguarding the organization's information assets and coordinating all information/cyber security-related matters internally and externally. **Key Responsibilities:** - Develop a comprehensive Information Security Roadmap for the organization with a forward-looking perspective. - Establish and oversee an enterprise-wide information security and IT risk management program. - Lead the implementation and review of Hardware, Network, and Software Security Standards and Controls to fortify systems, data, and assets against internal and external threats. - Implement Security Assessment and Testing Processes, including Penetration Testing, Secure Software Development, and Vulnerability Management. - Identify and deploy cutting-edge Security Products/Tools for various purposes. - Proactively monitor and address security issues, potential threats, and vulnerabilities to enhance security standards continually. - Conduct Information Security awareness training for all employees. - Execute Security Assessment practices such as Audits and Reviews. - Provide strategic guidance and consultation for IT Projects, including security risk assessments. - Conduct real-time analysis, investigations, and forensics when necessary to enhance security measures. - Develop strategies to manage security incidents and conduct investigations. - Maintain regular communication with stakeholders on Information and Data Security Practices and Activities. - Implement a strategy for deploying information security technologies to mitigate cyber-attack risks. - Continuously evaluate current IT security practices and systems for enhancement. - Ensure compliance with the latest regulations and requirements. - Develop and implement business continuity plans. **Desired Skills and Experience:** - Engineering Graduate/Post-Graduate in fields such as Computer Science, IT, Electronics, Communications, or Cyber Security. - Minimum of 15 years" experience in risk management, information security, or cyber security. - Profound knowledge of information security management frameworks like ISO/IEC 27001 and NIST. - Familiarity with DevSecOps, Secure SDLC, Security Automation, Security Testing, DR & BCP Concepts. - Experience in financial forecasting and budget management. - Understanding of Industry Security Standards, Protocols, and Data Privacy Regulations. - Ability to navigate ambiguity and devise solutions for complex problems. - Experience in contract and vendor negotiations and management. - Proficiency in Agile software development practices. - Collaboration skills to work effectively with cross-functional teams. - Relevant certifications such as CISSP, CEH, CISA, and CISM are advantageous. - Hands-on experience in designing, implementing, and operating security in public clouds like AWS, Azure, Oracle, or GCP. - Strong written and verbal communication skills with a high level of integrity. - Excellent presentation skills. Join us at Kshema and be a part of our mission to redefine agricultural insurance through innovation and technology.,

As an Information Security professional in our organization, you will be responsible for various key tasks related to ensuring the security of our third-party suppliers and information systems. Your role will involve assessing and managing the security risks associated with our suppliers, interpreting security assurance reports such as SOC2 and pen test reports, as well as reviewing security requirements in contracts. Your responsibilities will also include understanding outsourced solutions and the information classification associated with them, assessing supplier security controls based on ISO27001/2 standards, and identifying and documenting security risks. Additionally, you will be expected to suggest recommendations to address the identified security risks and potentially perform information classification assessments. To excel in this role, you should hold relevant security certifications such as ISO27001 auditor/implementation, CISSP, CRISC, CISM, or CISA. Your experience of at least 4 years in Information Security along with a strong understanding of security policies, processes, and standards will be valuable in this position. If you are a proactive professional with a keen eye for detail and a passion for enhancing information security practices, we encourage you to apply for this position. Please note that the location of this role is in Mumbai (Andheri East) and the ideal candidates should be able to join within an immediate to 30 days" notice period. Interested candidates are requested to share their updated resumes with us at manasa.chilla@visionyle.com.,

Summary Implements the information security, governance and strategy per the information management framework through business partnering. Perform ISRM compliance activities for a specific area or technology within TT. About the Role Major accountabilities: Deep understanding of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST, GDPR, NIS2. Hands-on experience in GRC tools such as ServiceNow to configure, build and automate controls / assessments logic for the compliance management. Provide input to GRC team on risk and control register business requirements. Aptitude for technology, open-mindedness towards picking up new skills and working in various trending areas such as AI, GenAI, OT, Mobile, Cloud technologies etc. Basic knowledge on industry regulations e. g. SOX, GxP etc. Deliver effective security training and awareness programs and coordinate delivery across functions and countries. Experience in designing and implementing controls and policy framework, laws and regulations and best in class industry standards. Work experience in risk, control, and governance disciplines (e. g. , Risk Management, Audit, Information Security, Regulatory Compliance). Establish close collaboration with stakeholders to facilitate alignment with policies, risks as well as internal and external audits. Strong communication to manage various levels of collaboration/working relationship with global teams. Desirable Skills: 8-10 years of experience in various industry framework and GRC tools. Strong presentation, analytical and communication skills. Ability to, influence, work collaboratively and contribute to high performing teams. CISA/CISM and Big 4 experience preferred.

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our EY-Cyber security, the EKM Team owns the Public Key Infrastructure (PKI) and is responsible for certificate lifecycle management, distribution, and key management. The Lead Info Security engineer will be a part of a team of subject matter experts to facilitate the protection of data at rest, in-transit, or in-use by providing systems of processes, technologies, and policies. We're looking for Security Analysts in the Risk Consulting team to work on various privacy/data protection related projects for our customers across the globe. As an influential member of the team, you will help create a positive learning culture, coach and counsel junior team members, and assist in their development. **Your key responsibilities include:** - Designing, developing, integrating, and deploying encryption and key management solutions both on-premises and in the cloud. - Defining business/technical strategies to reduce risk and improve the overall security posture of applications, platforms, and infrastructure. - Collaborating with stakeholders at all levels to understand security needs and prioritize the roadmap accordingly. - Ensuring projects are completed on time, within budget, and with high quality. - Supporting necessary compliance activities and developing runbooks, SOPs, and troubleshooting guides. - Continuously validating the team's products/solutions against policies, guidelines, procedures, and regulations to ensure compliance. - Supporting the client's team by acting as an interim team member (e.g., security officer, security manager, security analyst). **Skills and attributes for success:** - Being a good team player with excellent verbal and written communication skills. - Proficient in documentation and PowerPoint skills, with good social, communication, and technical writing skills. - Ability to prioritize tasks, work accurately under pressure, and follow workplace policies and procedures. - Strong analytical/problem-solving skills and the ability to work independently on projects with minimal oversight. **To qualify for the role, you must have:** - Bachelor's or master's degree in Computer Science, Information Systems, Engineering, or a related field. - At least 7+ years of experience in Information Security with subject matter expertise in PKI, CLM, HSM. - Excellent scripting skills and experience with developing SOPs, runbooks, CP/CPS. - Technical experience with a combination of CLM, KMS, and PKI services, along with Linux and Windows systems. - 2+ years of working experience in cloud technologies such as AWS, Azure, and Google Cloud Platform. - Knowledge of security technologies like Venafi, AppViewX CERT+, Luna HSM, Fortanix DSM, MS-PKI, Sectigo. **Ideally, you'll also have:** - Experience with data tokenization/data masking and leading high performing technical teams. - Security certifications such as CISSP, CISM, CRISC, AWS, Azure, SANS, etc. - Ability to provide strong customer service and willingness to work weekends and travel as required. **What we look for:** - A team of people with commercial acumen, technical experience, and enthusiasm to learn in a fast-moving environment with consulting skills. - An opportunity to be part of a market-leading, multi-disciplinary team of professionals, working with leading businesses across various industries. **What working at EY offers:** - Inspiring and meaningful projects with a focus on education, coaching, and personal development. - Support, coaching, and feedback from engaging colleagues. - Opportunities to develop new skills, progress your career, and handle your role in a way that suits you. EY exists to build a better working world, creating long-term value for clients, people, and society, and building trust in the capital markets. Join EY's diverse global teams to provide assurance, help clients grow and transform, and find new answers to complex issues facing the world today across assurance, consulting, law, strategy, tax, and transactions.,

As a professional in IT Risk, Compliance, and security, you will play a crucial role in ensuring the security and integrity of core IT projects. Your responsibilities will include assessing audit findings and control weaknesses, collaborating with stakeholders to develop management action plans, and implementing security classification, change controls, and SDLC. Your expertise in industry frameworks such as ISO standards, GDPR, NIST, and PCI DSS will be essential in identifying and mitigating cyber security risks. In addition to your technical skills, you will also utilize your project management experience to plan and execute multiple IT Risk, Compliance, and security operations. You will contribute to the planning of SOX programs, conduct follow-ups on security control implementations, and develop project plans and resource plans to meet client needs. Your ability to communicate effectively and provide regular project updates to clients and leaders will be crucial in ensuring the success of GRC and Security engagements. Your primary skills in Governance, Risk and Compliance (GRC), Security Frameworks, and ISMS Implementation will be instrumental in driving the security initiatives forward. Additionally, possessing certifications such as CISA, CISM, CRISC, or CISSP will further enhance your expertise in the field. Joining Capgemini will provide you with the opportunity to work alongside a collaborative community of colleagues from around the world and contribute to building a more sustainable and inclusive world through technology. Capgemini is a global leader in business and technology transformation, with a strong legacy of over 55 years. As part of a diverse team of 340,000 members in more than 50 countries, you will have the chance to make a tangible impact on enterprises and society. Leveraging your skills in IT Risk, Compliance, and security, you will help unlock the value of technology for clients and address their business needs with innovative solutions. If you are passionate about technology and seeking to shape your career in a dynamic and supportive environment, we invite you to join us at Capgemini.,

As a Cyber Assurance Assistant Vice President (AVP) at Barclays in Pune, you will play a crucial role in partnering with the bank to provide independent assurance on control processes and offer advice on enhancements to ensure the efficiency and effectiveness of the bank's internal controls framework. Your responsibilities will include collaborating across the bank to maintain a robust control environment by conducting ad-hoc assessments and testing the design and operational effectiveness of internal controls aligned with the bank's policies and standards. You will develop detailed test plans and procedures to identify weaknesses in internal controls and other initiatives within the bank's control framework to mitigate potential risks and issues that could disrupt bank operations, lead to losses, or impact reputation. In this role, you will communicate key findings and observations to relevant stakeholders and business units to enhance overall control efficiency and provide corrective actions to senior managers. You will work closely with other control professionals to address complex issues and ensure consistent testing methodologies across the bank. Additionally, you will establish a knowledge center containing detailed documentation of control assessments, testing results, findings, and distribute material on internal controls to train and upskill colleagues within the bank. As an Assistant Vice President, you are expected to advise and influence decision making, contribute to policy development, and take responsibility for operational effectiveness. You will lead a team in performing complex tasks, set objectives, coach employees, appraise performance, and determine reward outcomes. If the position involves leadership responsibilities, you will demonstrate a clear set of leadership behaviors to create an environment for colleagues to excel. Your role may involve collaborating on assignments, guiding team members, identifying new directions for projects, and consulting on complex issues. You will identify ways to mitigate risks, develop new policies and procedures to support the control and governance agenda, and take ownership of managing risk and strengthening controls related to your work. Furthermore, you will engage in complex data analysis, communicate complex information effectively, and influence stakeholders to achieve desired outcomes. It is essential for all colleagues to uphold the Barclays Values of Respect, Integrity, Service, Excellence, and Stewardship, as well as demonstrate the Barclays Mindset of Empower, Challenge, and Drive in their behavior.,

As a Presales Consultant at Netenrich, you will play a crucial role in the sales process, specializing in advanced cybersecurity solutions with a focus on SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) technologies. Your deep understanding of these technologies will enable you to tailor solutions to meet the unique security needs of our clients. Your responsibilities will include collaborating with the sales and marketing teams to drive sales by presenting and demonstrating comprehensive security solutions that incorporate SIEM and SOAR capabilities. You will oversee partner support for Netenrich partners, managing account management, pricing and quoting support, and identifying opportunities to drive growth in partner accounts. To excel in this role, you must become intimately familiar with partner businesses, work closely with the sales team to identify growth opportunities, and assist partners with day-to-day requirements such as pricing, quoting, and solution development. You will be responsible for presenting and demonstrating cybersecurity solutions to clients, addressing technical queries, and ensuring a high-quality customer experience throughout the partner/customer lifecycle. Qualifications and Requirements: - Ability to quickly understand client business structures and needs - Professional certifications in cybersecurity such as CISSP, CISM, or CISA preferred - Strong understanding of various cybersecurity concepts, technologies, and best practices - Sales acumen and the ability to understand client needs - Experience in working with US channel partners preferred - Proficient at communicating with US sellers and professionals - Ability to develop and execute efficient and repeatable business processes - Comfortable interacting with senior executives, sales technical, engineering, and operations teams - Efficient multitasking and prioritization skills - Prior experience in Security Services, Information Technology, and Management Services If you are a self-motivated individual with a passion for cybersecurity and a track record of success in presales roles, we invite you to join our team at Netenrich and make a significant impact on our partner relationships and revenue growth.,

At Alight, we believe a company s success starts with its people. At our core, we Champion People, help our colleagues Grow with Purpose and true to our name we encourage colleagues to Be Alight. Our Values: Champion People - be empathetic and help create a place where everyone belongs. Grow with purpose - Be inspired by our higher calling of improving lives. Be Alight - act with integrity, be real and empower others. It s why we re so driven to connect passion with purpose. Alight helps clients gain a benefits advantage while building a healthy and financially secure workforce by unifying the benefits ecosystem across health, wealth, wellbeing, absence management and navigation. With a comprehensive total rewards package, continuing education and training, and tremendous potential with a growing global organization, Alight is the perfect place to put your passion to work. Join our team if you Champion People, want to Grow with Purpose through acting with integrity and if you embody the meaning of Be Alight. Learn more at careers.alight.com . As a Senior Cloud Security Analyst , you will play a critical role in ensuring the security and compliance of our cloud infrastructure. You ll collaborate with cross-functional teams to design, implement, and maintain robust security measures across our cloud platforms. Your expertise will be instrumental in safeguarding our systems, data, and applications. You will assist in the wider operational activities including but not limited to validating and addressing identified security risks, Data Security, SOC1/SOC2 Audits, Client Audits, security certifications, vulnerability testing and support management teams during security incident events. You should be confident and capable of explaining the risk and remediation positions for threats as part of the global security incident management process related to cloud security. Duties & Responsibilities Cloud Security Posture Management (CSPM): Drive remediation of open security risks. Collaborate with the Information Security and compliance team to develop global cloud security architecture and maturity standards. Evaluate and respond to alerts and events from security tools, fine-tuning configurations to minimize false positives. Develop event response documentation and processes for the Security Operations Center. Work closely with Cloud Operations teams to define and implement security standards and best practices. Maintain documentation and diagrams for security tools, system environments, and cloud operations. Host Configuration Management: Conduct regular scans of host configurations to identify configuration violations and ensure compliance with security policies and CIS Benchmarks. Develop and implement remediation plans for identified violations. Collaborate with IT and DevOps teams to ensure secure configurations are maintained. Cloud Workload Protection: Perform vulnerability assessment on container images and containerized environments using industry standard tools. Identify, assess, assign, and report vulnerabilities throughout the container lifecycle. Work with development teams to ensure vulnerabilities are addressed in a timely manner. Implement security controls and best practices for container orchestration platforms. Combine security assessment tools with automation to proactively identify and remediate vulnerabilities. Collaborate with functional-area architects and security specialists to ensure adequate controls are in place. Incident Response Monitoring: Monitor and analyze security logs and events. Respond promptly to security incidents, investigating and containing threats. Work within a DevOps security model to automate incident response. Serve as a subject matter expert (SME) for security tools and processes. Position Requirements: Bachelor s or Master s degree in Computer Science, Engineering, Information Security, or similar boot camp certifications. Relevant certifications (e.g., AWS, CISSP, CCSP, CISM, GSEC) are highly desirable. Proven experience in cloud security, vulnerability management, and/or incident response. Strong knowledge of cloud platforms (e.g., AWS, Azure, Google Cloud-optional). Familiarity with security assessment tools (e.g. Host Configuration Management, Cloud Security Posture Management (CSPM), cloud native tools, Vulnerability scanners, etc). Experience with developing and managing software application(s), APIs, or cloud infrastructure Familiarity with one to many programing languages and infrastructure as Code (IAC) Ability to collaborate effectively with cross-functional global teams. Alight requires all virtual interviews to be conducted on video. Flexible Working So that you can be your best at work and home, we consider flexible working arrangements wherever possible. Alight has been a leader in the flexible workspace and Top 100 Company for Remote Jobs 5 years in a row. Benefits We offer programs and plans for a healthy mind, body, wallet and life because it s important our benefits care for the whole person. Options include a variety of health coverage options, wellbeing and support programs, retirement, vacation and sick leave, maternity, paternity & adoption leave, continuing education and training as well as several voluntary benefit options. By applying for a position with Alight, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Alight s employment policies. Background checks may include some or all the following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, credit check, and/or drug test. You will be notified during the hiring process which checks are required by the position. Our commitment to Inclusion We celebrate differences and believe in fostering an environment where everyone feels valued, respected, and supported. We know that diverse teams are stronger, more innovative, and more successful. At Alight, we welcome and embrace all individuals, regardless of their background, and are dedicated to creating a culture that enables every employee to thrive. Join us in building a brighter, more inclusive future. As part of this commitment, Alight will ensure that persons with disabilities are provided reasonable accommodations for the hiring process. If reasonable accommodation is needed, please contact alightcareers@alight.com . Equal Opportunity Policy Statement Alight is an Equal Employment Opportunity employer and does not discriminate against anyone based on sex, race, color, religion, creed, national origin, ancestry, age, physical or mental disability, medical condition, pregnancy, marital or domestic partner status, citizenship, military or veteran status, sexual orientation, gender, gender identity or expression, genetic information, or any other legally protected characteristics or conduct covered by federal, state, or local law. In addition, we take affirmative action to employ, disabled persons, disabled veterans and other covered veterans. Alight provides reasonable accommodations to the known limitations of otherwise qualified employees and applicants for employment with disabilities and sincerely held religious beliefs, practices and observances, unless doing so would result in undue hardship. Applicants for employment may request a reasonable accommodation/modification by contacting their recruiter. Authorization to work in the Employing Country Applicants for employment in the country in which they are applying (Employing Country) must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the Employing Country and with Alight. Note, this job description does not restrict managements right to assign or reassign duties and responsibilities of this job to other entities; including but not limited to subsidiaries, partners, or purchasers of Alight business units. We offer you a competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization. DISCLAIMER: Nothing in this job description restricts managements right to assign or reassign duties and responsibilities of this job to other entities; including but not limited to subsidiaries, partners, or purchasers of Alight business units. .