540 Cissp Jobs - Page 9

At least two-year experience in a similar Information Security position Vulnerability research skills Experience in security assessments, pentesting web applications and infrastructure. Experience developing security tools and open source projects Attention to detail and good problem solving skills Very good knowledge of the technical foundations behind networking, operating systems and applications (TCP/IP, Linux, Windows, Web Technologies) Good understanding of Information Security processes and theory Good communication skills and customer-facing experience Experience in the following areas: Vulnerability management Risk management Qualifications Desired Security Certification (GIAC, OSCP, etc.) or similar qualification Experience integrating systems and tools via API's (programming, automation) Online Gaming security experience Experience in Application Security Regulatory and industry standards work: ISO27001, PCI-DSS, etc. Additional Information Additional information With the capacity to display initiative as part of a very strong Technology Governance team, this position plays a key role in ensuring the continued alignment of our Technology department with business objectives. The Candidate should be able to think laterally; suggest process improvements; drive results; Confident with other team members and able to engage with Vendor third parties to ensure Entain's data and confidentiality is maintained to the highest of security standards. Qualification Criteria Qualifications Security Certification (GIAC, OSCP, etc.) or similar qualification Experience integrating systems and tools via API's (programming, automation) Online Gaming security experience Experience in Application Security Regulatory and industry standards work: ISO27001, PCI-DSS, etc. Other relevant professional qualifications will be considered, although not a requirement, e.g. CISA, CISM, CISSP, GIAC, etc.

Cyber Security Auditor Location: Mumbai Leading Bank Work From office mail at manjeet.kaur@mounttalent.com whatsap at 8384077438 Roles and Responsibilities 4 years of experience (upto 12 yrs.) in the field of information security operations, Information System Audits encompassing experience into any of the Banking Technologies Domains Application Security, Database management and administration, / Network security and SOC / Payment systems in addition to IT General controls (ITGC). Exposure to the Banking / Finance / Payment industry domains would be preferrable. Hands-on experience in the following areas: Writing Information security policies, procedures, and processes Conducting risk assessment covering Cyber Security domains as noted below: Application Security: Mobile application assessment, OWASP security practices for applications, VA/PT/AppSec, source-code review, black/grey/white box testing, application SDLC, Strong knowledge of programming languages for applications. Database Security: Database administration and management - Oracle, MS SQL etc., Database Activity Monitoring tools, data security and localization. Payments Systems Security: Understand payment systems and architecture such as SWIFT, UPI, IMPS, ATM, Internet Banking, Mobile Banking, Core Banking System, payment gateway, ATM switch and terminal. Experience in PCI DSS implementation/assessment and ATM end-point security and Cards data security and operations. Networks Security: Managing firewalls, routers, proxy, WAF, email filtering, DLP, DDoS protection, data encryption, IPS/IDS, Incident response and investigate security breaches, VA-PT for networks. Security Operations Centre- Implementation and review. IT General Controls: Familiarity with Technical Security controls of Identity & Access Management, Network, Server, Application, Change management, Backup and Restoration etc. and process controls reviews. Understand BCP and DR processes and architecture. Experience in conducting reviews based on ISO standards and regulatory guidelines in banking sector for a medium to large sized organization would be preferred. Experience in conducting Information System Audits Must have experience in preparing quality deliverables such as audit reports, presentations etc. Excellent written, oral communication and presentation skills Excellent organizational and interpersonal skills Ability to work independently or as part of a team Information technology / Banking and Financial services / Auditing / Cyber Security consulting Candidate will have to travel extensively within Mumbai and across the country for performing audits, as per RBI requirements. Conducting audit of Information security policies, procedures, and processes to identify process/design gaps. Conduct audits of information security systems and infrastructure to verify systems are secure and support the related applications/business processes. Conducts audits in different banking technology domains such as Active Directory, WAF, Network access security, End-point security, Application VA/PT/AppSec, SDLC, Database management and security, PCI-DSS, ATM controls, Cards (Debit/Credit) security, Payment-gateway, Cloud and API Security and IT General Controls etc. Additional weightage will be given to candidates with experience in domains such as Cloud Security, API security. Developing project plans, work programs, evaluating system controls, identify risks and audit gaps, documenting results in proper audit report format, making recommendations, and communicating information to stakeholders. Support in maintaining audit checklist and documents, trend analysis, preparing presentations etc. Should be a self-learner and must keep updated with the latest security guidelines issued by regulators, international standards for information security, threats and vulnerabilities researched/discovered. Research public domain to keep up to date knowledge on latest banking applications / technologies and emerging technologies Cloud, Virtualisation, AI-ML, IOT etc. and ensure continuous learning in identified security competencies and new/emerging technologies. Experience into people management / team management will be preferred.

Roles and Responsibilities : Conduct code reviews to identify potential security vulnerabilities and provide recommendations for remediation. Collaborate with development teams to implement secure coding practices and ensure compliance with industry standards (e.g., CISA). Develop and execute test plans to validate the effectiveness of implemented controls, identifying areas for improvement. Provide guidance on risk management strategies, including assessment, mitigation, and monitoring of identified risks. Job Requirements : 7-15 years of experience in IT services & consulting with a focus on cyber security, control testing, or related fields. Certifications such as CISSP or CISA are highly desirable; equivalent experience may be considered. Strong understanding of software development life cycles, including design patterns, coding standards, and testing methodologies. Experience with conducting audits/assessments using various frameworks (e.g., ISO 27001) is an asset.

Job Description: Cloud Segment Information Security Officer (SISO GL28) Location- Gurgaon Position Overview: The Cloud Segment Information Security Officer (SISO) is responsible for overseeing and implementing security measures to protect the organizations cloud-based data and infrastructure. This role involves developing cloud-specific security strategies, managing risks, ensuring compliance, and leading incident response efforts. A key aspect of this role is fostering strong relationships and partnerships with business leaders and stakeholders to ensure security measures align with business objectives. Key Responsibilities: Cloud Security Strategy: Develop and implement security strategies tailored to the cloud segment to ensure the protection of cloud-based data and infrastructure. Risk Management: Identify, assess, and mitigate security risks associated with cloud operations and technologies. Incident Response: Lead incident response efforts for security breaches within the cloud segment, including investigation, containment, and remediation. Compliance: Ensure compliance with relevant cloud-specific regulations and standards. Collaboration: Work closely with other IT teams and cloud segment leaders to integrate security measures into cloud services and applications. Training and Awareness: Support security training and awareness programs for employees within the cloud segment to promote a security-conscious culture. Policy Development: Develop and enforce security policies and procedures specific to cloud operations. Audit and Assessment: Support security audits and assessments to ensure the effectiveness of security measures within the cloud segment. Business Partnership: Foster strong relationships with business leaders and stakeholders to ensure security measures support and enhance business objectives. Collaborate with business units to understand their needs and provide tailored cloud security solutions. Qualifications: Proven experience in developing and implementing cloud security strategies. Strong knowledge of cloud risk management and security architecture. Experience in leading cloud incident response efforts. Familiarity with cloud compliance regulations and security monitoring tools. Excellent collaboration and communication skills. Ability to conduct training and develop cloud security policies. Experience in conducting cloud security audits and assessments. Demonstrated ability to build and maintain relationships with business leaders and stakeholders. At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyoneof every race, gender, sexuality, age, location and incomedeserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes an enterprise priority reflected in our mission. njp

Primary Responsibilities: Perform audits to identify control gaps and implement corrective action plans Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Monitor compliance with corrective action plans, and address non-compliance issues appropriately Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools) Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards Facilitate/lead security incident investigation Analyze business requirements and ensure that solutions meet established security policies and controls Maintain metrics and ensure reporting as appropriate Maintain current knowledge on information security topics and their applicability program requirements Communicate professionally with stakeholders/end users through multiple communication Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: Bachelors degree or higher level of education 6+ years of Information security experience Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Demonstrated auditing skills and the ability to manage risk assessments / projects independently Demonstrated excellent communication skills both verbal and written Demonstrated good presentation skills particularly ability to present technology elements in manner personnel can follow and act Preferred Qualification: CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyoneof every race, gender, sexuality, age, location and incomedeserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes an enterprise priority reflected in our mission.

Desired Candidate The ideal candidate is a proactive and detail-oriented professional with strong leadership skills and a passion for cybersecurity. They should have excellent communication abilities to convey technical concepts to diverse audiences and a proven track record of managing teams and fostering a culture of security awareness. Adaptable and ethical, the candidate thrives in dynamic environments and collaborates effectively to address evolving cyber threats while maintaining the highest standards of confidentiality and integrity. Responsibilities: Strategic Planning: Develop, implement, and maintain a comprehensive cybersecurity strategy aligned with organizational goals. Risk Management: Identify, assess, and mitigate potential cybersecurity risks and vulnerabilities across systems, applications, and networks. Incident Response: Lead and coordinate incident response activities, ensuring quick containment, recovery, and root-cause analysis of security breaches. Compliance and Standards: Ensure adherence to relevant regulatory standards (e.g., GDPR, ISO 27001) and internal security policies. Team Collaboration: Lead and mentor the cybersecurity team, fostering skill development and ensuring alignment with security objectives. Stakeholder Communication: Act as a liaison between technical teams and senior management, translating technical risks into business terms. Continuous Improvement: Monitor and evaluate the effectiveness of security measures, and recommend enhancements to maintain a robust security posture. Tool and Technology Management: Oversee the deployment and management of security tools (e.g., SIEM, firewalls, endpoint protection, etc.) to ensure system integrity and confidentiality. Training and Awareness: Develop and conduct security training programs to promote awareness and compliance across the organization. Requirements: Education: Bachelors or Masters degree in Cybersecurity, Information Technology, Computer Science, or a related field. Experience: 6-10 years of experience in cybersecurity roles with progressive leadership responsibilities. Certifications: CISSP (Certified Information Systems Security Professional)[Ongoing is acceptable]. Additional certifications (e.g., CISM, CEH) are a plus. Technical Expertise: Strong understanding of security architecture, protocols, and best practices. Experience with tools like SIEM, IDS/IPS, endpoint security, firewalls, and vulnerability management systems. Knowledge of cloud security (AWS, Azure, GCP) and securing hybrid environments. Soft Skills: Excellent verbal and written communication skills for technical and non-technical audiences. Strong leadership, project management, and team collaboration abilities. Analytical and problem-solving mindset with attention to detail.

Job Title: Information Security Officer (ISO) Corporate Title: AS Role Description The role of an Information Security Officer (ISO) is of a role holder aligned to a portfolio of applications (Application ISO). The ISO has the responsibility for the operational aspects of ensuring compliance with the Information Security Principles. The ISO is the primary contact for information security relevant matters within their area of responsibility. The ISO has a disciplinary reporting line into their Line Manager and a functional reporting line into the Divisional CISO. Your key responsibilities To assume the ownership and responsibility for the assigned IT assets, in line with the DB Group Information Security management processes and the Divisional ISMS. To support the development and maintenance of Information Security policies and procedures pertaining to the Unit in accordance with the Information Security policies and procedures of DB Group. To support the management of IS Risks within the Risk Appetite defined by the ISR. To execute the IS Risk assessments and compliance evaluations for assigned IT assets To ensure the execution of information security risk management requirements in their area of responsibility as additionally defined by the Divisional ISO (e.g., conducting risk assessments on an organizational basis, preparing and implementing management action plans to mitigate identified risks) To ensure the implementation of Identity and Access Management Processes and the execution of a periodic recertification of User Access Rights in their area of responsibility To provide timely updates to the Divisional ISO regarding the aforementioned information security management tasks To ensure that application entries regarding information security (e.g., Data Protection and Data Privacy fields) in the Groups inventory of applications are accurate and up to date To implement Segregation of Duty (SoD) rules for the assigned IT assets To contribute to the Information Security incident management process in the case of a security breach Keep oneself informed of the Information Security Principles and its subordinate documents and liaise with any other necessary parties to accomplish their tasks. These resources may be e.g., the TISO, ITAO or any other subject matter experts To ensure appropriate documentation of information security risk management in area of responsibility. This includes major decisions including identified and assessed risks as well as risk mitigation measures To deliver all items requested during regulatory and internal Information Security related audits Your skills and experience Essential Candidate should have a minimum of 8 years of business experience in an operation management / risk management capacity, working knowledge in various banking products with strong communications skills Knowledge on Information Security Controls, Data Protection Policy, Information classification principles and segregation of duties requirements within Banking Operations Good understanding of Regulatory, Compliance, Risk & Control Knowledge Have sound knowledge of Identity and Access Management Process Ability to multitask and manage multiple deliverables / projects that are highly visible and of strategic importance to our clients Ability to effectively communicate with clients internally and externally Must be a team player and facilitator Desirable Solid technical understanding of the business (CB Operations) including strong knowledge of application security related processes. Knowledge of electronic banking products and flow of instructions Computer proficiency in MS Office and ability to utilize IT initiatives to achieve a high degree of operational efficiency, optimize costs and add value to the service provided Innovative approach to work and continuously identify and implement process improvements Seek opportunities to improve service processes, minimize operational risk and reduce costs Strong analytical skills, detail orientation, service commitment and solid people management skills Strong awareness of risk control Education / Certification Graduation degree CRISC Desired: CISA/CISM/CISSP

Role & responsibilities Strong understanding of cybersecurity standards, practices, and policies Hands on experience with Security Technologies such as SIEM, Secure web gateway, mail protection, endpoint protection / EDR, WAF, Identity & Threat protection, etc. Hands on experience of security tools implementation including initial setup, configuration and managing daily operations Experience with Windows, Linux, and MacOS architectures Knowledge of security best practices for on-premises virtualization (VMware) and multiple cloud platforms (e.g.: Azure, GCP, AWS) Understanding of network concepts and protocols, including monitoring logs for anomalous activity Proven experience in leading projects and managing vendor relationships Excellent communication skills, with the ability to assertively address Information Security challenges Familiarity with risk analysis and mitigation methodology, security policy and procedure development, incident response and handling, security training and awareness Hands on knowledge of incident response (investigating BEC, phishing, etc.) Hands on experience on reviewing and analyzing IIS and/or Kubernetes logs for threat investigation Technical/Domain Skills: Security related certifications (e.g., CISSP, CISM, or equivalent) Scripting and automation capabilities via tools like: Python, Bash, PowerShell, API Active engagement in Information Security communities, keeping apprised of the latest tools, technologies, and threats Education (Required): Education: BE / B. Tech Work Experience (Required): •10 to 12 years of experience

The Opportunity "This is an opportunity to define, build, and shape the future of FICOs Cybersecurity and Risk Posture. As part of the Threat & Vulnerability Management team, you will collaborate across the business, IT, and client environments to secure our cloud and data center infrastructure. Your contributions will be key to strengthening FICO's defense mechanisms and enhancing our compliance posture. We're looking for a cybersecurity expert passionate about continuous improvement, cloud security, and vulnerability risk reduction. If you're someone who thrives in a fast-paced environment and wants to work on high-impact global security initiatives, this role is for you" - VP, Software Engineering. What Youll Contribute Collaborate with the Cyber Security Team, business stakeholders, IT partners, and clients to manage and reduce cybersecurity risk. Act as a subject matter expert in vulnerability scanning, compliance monitoring, and risk reporting. Operate and optimize tools such as Wiz, Qualys, or similar for vulnerability scanning across cloud and on-prem environments. Validate, triage, and risk-rank vulnerabilities based on severity, exposure, and potential business impact. Drive remediation planning with Product and IT teams, and oversee patch management cycles. Contribute to threat & vulnerability management strategy, policy, and continuous process improvement. Conduct periodic risk assessments and develop mitigation strategies in line with compliance requirements. Monitor the evolving threat landscapeincluding zero-day exploits, vendor patches, EOL systemsand proactively update mitigation plans. Lead initiatives to improve configuration, cloud asset management, vulnerability and patch management practices. Provide documentation, reporting, and cross-functional collaboration support. What Were Seeking Bachelors degree in Computer Science, Information Security, or a related field (or equivalent work experience). 36 years of hands-on experience with cloud security tools such as Wiz, Qualys, or similar vulnerability scanning platforms. Strong understanding of AWS infrastructure and cloud security principles. Working knowledge of operating system and application-level vulnerabilities and how they relate. Familiarity with risk-based vulnerability management and compliance frameworks. CISSP, CISM or equivalent certifications preferred (or willingness to obtain). Ability to multitask, manage complex data sets, and collaborate with diverse teams. Knowledge of scripting languages (e.g., Python, Bash) is a plus. Demonstrated experience in cloud (especially AWS) patch and configuration management. Familiarity with malware behavior, indicators of compromise, and modern threat vectors. Strong documentation, analytical, and communication skills. Our Offer to You An inclusive culture strongly reflecting our core valuesAct Like an Owner, Delight Our Customers and Earn the Respect of Others. The opportunity to make an impact and develop professionally by leveraging your unique strengths and participating in valuable learning experiences. Highly competitive compensation, benefits and rewards programs that encourage you to bring your best every day and be recognized for doing so. An engaging, people-first work environment offering work/life balance, employee resource groups, and social events to promote interaction and camaraderie. Why Make a Move to FICO At FICO, you can develop your career with a leading organization in one of the fastest-growing fields in technology today Big Data analytics. Youll play a part in our commitment to help businesses use data to improve every choice they make, using advances in artificial intelligence, machine learning, optimization, and much more. FICO makes a real difference in the way businesses operate worldwide Credit Scoring FICO Scores are used by 90 of the top 100 US lenders. Fraud Detection and Security 4 billion payment cards globally are protected by FICO fraud systems. Lending 3/4 of US mortgages are approved using the FICO Score. Learn more about how you can fulfil your potential at

Date 31 May 2025 Location: Bangalore, IN Company Alstom At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, 80,000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars. Could you be the full-time Security into Project Specialist in Bangalore were looking for Your future role Take on a new challenge and apply your cybersecurity and project management expertise in a new cutting-edge field. Youll work alongside innovative, dedicated teammates. You'll ensure the robust integration of security within our IS&T projects, safeguarding our digital initiatives. Day-to-day, youll work closely with teams across the business (Security Architecture, GRC and ISMS team, Architects, Project Managers and PMO, Business teams), review and approve security deliverables and much more. Youll specifically take care of validating Security Inquiry for Partners (SIP) and ensuring secure configurations are applied, but also make informed decisions about security acceptance based on residual risk and asset value. Well look to you for: Reviewing and approving security deliverables Ensuring the application of the "Security into Project" policy Validating and signing off on Security Inquiry for Partners Applying secure configurations for projects or business initiatives Making decisions on security acceptance Implementing design patterns and standards All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Degree in Engineering/Technology Experience or understanding of cybersecurity, architecture and design Knowledge of security architecture and infrastructure Familiarity with cloud solutions (Microsoft Azure/O365) A CISSP or CISM certification Ability to analyze technical risks and vulnerabilities Fluency in English Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges and a long-term career free from boring daily routines Work with cutting-edge security standards for rail signalling Collaborate with transverse teams and supportive colleagues Contribute to innovative projects that shape the future of transportation Utilise our dynamic working environment Steer your career in whatever direction you choose across functions and countries Benefit from our investment in your development, through award-winning learning Progress towards leadership roles within the cybersecurity domain Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension) You dont need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, youll be proud. If youre up for the challenge, wed love to hear from you! Important to note As a global business, were an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. Were committed to creating an inclusive workplace for everyone.

Hiring for Application Security role at Mumbai location !!! Job Title: Senior Manager Third Party Technology Risk Management Location: Mumbai Experience Required: 7 - 9 Years Industry: Financial Services / BFSI Job Type: Full-Time Work Mode: Hybrid Note: 2 levels of interview with client - 1st round - Virtual / 2nd round - F2F is Must . Job Overview: We are looking for a seasoned and driven Senior Manager to lead our Third-Party Technology Risk Management efforts. If you have strong experience in managing vendor risks, IT security frameworks, and global compliance standards in a financial services environment this opportunity is for you! Key Responsibilities: Conduct and lead Third-Party Risk Assessments for new and existing vendors. Evaluate IT security controls using industry frameworks (NIST, ISO 27001, SOC 2, GDPR, etc.). Develop and manage vendor risk dashboards and reports for senior stakeholders. Collaborate with cross-functional teams across regions to ensure compliance and risk mitigation. Ensure vendors meet our cybersecurity, network, and cloud security expectations. Coordinate vendor audits, risk reviews, and maintain detailed documentation. Work effectively with multicultural, cross-time-zone teams. Communicate risk findings and remediation plans to senior management. Maintain high standards of confidentiality, integrity, and professionalism. Required Skills & Qualifications: Bachelor's degree in IT, Information Security, or related field. Certifications such as CISSP, CISA, CISM, CRISC, or ISO 27001 Lead Auditor. 1012+ years in Technology Risk, with strong focus on Third-Party Risk Management. In-depth knowledge of NIST, ISO 27001, PCI DSS, SOC 2, COBIT, GDPR. Strong grasp of cybersecurity, network, and cloud security principles. Experience working with compliance, procurement, and legal teams. Excellent verbal and written communication skills for senior stakeholder engagement. Proficient in Microsoft Word, PowerPoint, and Project. Proven ability to manage conflict, build strong vendor/client relationships, and influence decision-making. Preferred Skills (Nice to Have): Familiarity with GRC tools (e.g., Archer, ServiceNow, OneTrust). Experience working with cloud service providers (AWS, Azure, GCP). Knowledge of outsourced IT risk, data privacy, and regulatory trends.

Roles and Responsibilities : Conduct code reviews to ensure adherence to coding standards, best practices, and industry regulations. Collaborate with development teams to identify and resolve defects, improving overall product quality. Develop and execute test plans, test cases, and test scripts for software applications using Java-based tools. Participate in the Software Development Life Cycle (SDLC) process by providing input on requirements gathering, design documentation, and implementation. Job Requirements : 7-15 years of experience in IT services & consulting with expertise in quality assurance/quality control testing. Strong understanding of CISA/CISSP certifications or equivalent knowledge of security frameworks. Proficiency in conducting code reviews using various programming languages such as Java.

Key Responsibilities Assist in planning and scoping IT compliance and internal control assessments. Identify risk areas and develop internal control testing programs. Perform end-to-end IT compliance assessments, including evaluating effectiveness of risk and control frameworks. Test IT General Controls (ITGCs) across domains like change management, logical access, SDLC and IT operations. Assess IT Automated Controls across business functions such as payroll, inventory, and revenue. Document control walkthroughs using narratives and flowcharts. Develop, maintain, and present compliance workpapers and reports highlighting control deficiencies and recommendations. Collaborate with management to communicate findings and ensure timely remediation of audit issues. Support external audit activities by coordinating information requests and walkthroughs. Stay up to date with regulatory and industry developments in IT compliance and risk management. Engage in continuous improvement efforts to enhance the efficiency and effectiveness of compliance processes. Qualifications Bachelor's degree in Information Technology, Computer Science etc. Professional certification (or working towards) such as CISA, CRISC, CISSP, or CISM preferred. 710 years of experience in IT audit, compliance, or risk management; minimum 3-5 years in a Big 4 or similar professional services firm preferred . Strong understanding of IT infrastructure, applications, and enterprise systems. Knowledge of Sarbanes-Oxley (SOX), ITGCs, automated controls, and internal control principles. Experience with audit and compliance tools (e.g., eAudit, Auditboard, or equivalent). Ability to understand cross-functional business processes and their integration with IT systems. Strong interpersonal, communication, and report-writing skills. Able to work independently and collaboratively under tight deadlines. Demonstrated sound judgment, critical thinking, and attention to detail. Preferred Skills Hands-on experience in documenting business processes and identifying control gaps. Ability to present findings to senior stakeholders and recommend practical remediation steps. Familiarity with GRC platforms and data analytics tools. Understanding of global business practices and regulatory environments.

Dear Candidate, Greetings. We are hiring for the role of Biso Helius Technologies Hyderabad. Work mode – Work from office Project – Singlife Exp – 10 to 15 years Please find the below JD for your reference. Role: BISO Work Location: Hyderabad (ODC) Key Responsibilities Focuses on Core BISO activities: Conduct Information Security Business Impact Assessments (ISBIA) for Projects, Applications, and Third-Party Outsourcing arrangements, aligning with Singlife Standards. Collaborate with Technology and Business units to evaluate the impact of control deficiencies. Lead the implementation of IS standards at the business level, ensuring alignment of procedures and practices with established standards. Collaborate in creating Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) using appropriate tools. Engage with Security Incident Response Teams to guide the resolution and closure of incidents, offering proactive recommendations. Generate periodic IS risk management reports, highlighting critical issues and proposing corrective action plans. Ensure adherence to IS standards and best practices across diverse disciplines. Support the business during audit reviews and regulatory inspections related to IS matters. Maintain vigilant oversight of IS programs, encompassing programs, policies, and associated reporting within the business landscape. Collaborate with business units to rectify non-compliance in processes, applications, and outsourcing activities. 1. 2. Act as a Business Partner Regularly communicate and interact with Management and Employees, enhancing understanding of IS-related programs, policies, and standards. Leverage the ISO network to share resources, extract best practices, and enhance operational efficiency. Validate compliance with security controls within business contracts. Evaluate the alignment of IS processes with business needs, particularly concerning software and internet usage. Conduct Information and Cyber Security Awareness training to fortify organizational preparedness. Partner with application managers or the Technology Information Security Officer (TISO) to address specific technical requirements. Stay relevant to evolving cybersecurity regulations (MAS, CSA, GIA, LIA) to provide subject matter expert feedback. Assess the impact of new and updated regulations promptly by partnering with the ISO, Technology & Operations community. 3. Other Requirements Demonstrate skill in delivering compelling presentations and managing complex programs. Display exceptional aptitude in consulting, problem-solving, and analytical capabilities. Exhibit a proactive, assertive, service-oriented demeanour while effectively functioning as a cohesive team player. Demonstrate the ability to manage concurrent tasks and prioritize effectively, even in conflicting timelines. Key Decisions within the Role Be the gatekeeper of the IS business impact assessments (ISBIA) processes and ensure applications within Singlife adhere to IS standards. Team Direct and indirect accountability for Information Security Officers Requirements Experience Minimum 10 years of experience in Information security. In areas such as security governance, risk management, application security design, security project management or security operation. • Professional Certifications CISSP, CISM, CISA, SANS, Cloud would be preferred. Education Bachelor’s degree in IT, Engineering or equivalent Skill Matirx- Skill Candidate's self- assessment (Score 1-5) Primary: InfoSec experience Secondary: Risk/Governance/Assurance framework Experience in conducting Infosec Training Excellent Communication/Presentation skills Infosec Certifications Primary: Cybersecurity regulations Secondary: Creation of Risk Acceptance/Risk Exceptions/CAPs Monetary Authority of Singapore (MAS) regulations Awareness of Security Control . Compliance Security Audits . Please revert with update profile if you find it interesting. Feel free to reach out for any queries. Role & responsibilities Preferred candidate profile

We are seeking a highly motivated and detail-oriented IT Compliance Analyst to join our Risk & Compliance team. The ideal candidate will be responsible for performing comprehensive IT compliance assessments, testing IT general controls and IT Automated controls and ensuring the organization adheres to internal policies and external regulatory requirements, including Sarbanes-Oxley (SOX). This role plays a critical part in maintaining a strong internal control environment and driving process improvement across the organization. Key Responsibilities Assist in planning and scoping IT compliance and internal control assessments. Identify risk areas and develop internal control testing programs. Perform end-to-end IT compliance assessments, including evaluating effectiveness of risk and control frameworks. Test IT General Controls (ITGCs) across domains like change management, logical access, SDLC and IT operations. Assess IT Automated Controls across business functions such as payroll, inventory, and revenue. Document control walkthroughs using narratives and flowcharts. Develop, maintain, and present compliance workpapers and reports highlighting control deficiencies and recommendations. Collaborate with management to communicate findings and ensure timely remediation of audit issues. Support external audit activities by coordinating information requests and walkthroughs. Stay up to date with regulatory and industry developments in IT compliance and risk management. Engage in continuous improvement efforts to enhance the efficiency and effectiveness of compliance processes. Qualifications Bachelors degree in Information Technology, Computer Science etc. Professional certification (or working towards) such asCISA, CRISC, CISSP, or CISMpreferred. 7 -10 years of experience in IT audit, compliance, or risk management; minimum 3-5 years in a Big 4 or similar professional services firm preferred . Strong understanding of IT infrastructure, applications, and enterprise systems. Knowledge of Sarbanes-Oxley (SOX), ITGCs, automated controls, and internal control principles. Experience with audit and compliance tools (e.g., eAudit, Auditboard, or equivalent). Ability to understand cross-functional business processes and their integration with IT systems. Strong interpersonal, communication, and report-writing skills. Able to work independently and collaboratively under tight deadlines. Demonstrated sound judgment, critical thinking, and attention to detail.

Your potential, unleashed. Indias impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilientnot only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile As Assistant Manager in our Cyber Team youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Threat Modelling: Conduct threat modelling sessions to identify potential security risks to applications, networks, and infrastructure. Utilize various threat modelling frameworks (e.g., STRIDE, PASTA) to evaluate the risk associated with business processes and IT systems. Vulnerability Assessment & Penetration Testing: Perform regular vulnerability assessments and penetration testing on applications, systems, and networks to identify weaknesses and misconfigurations. Security Risk Analysis: Analyse vulnerabilities identified in VAPT engagements and prioritize them based on risk to the business. Provide recommendations for remediation and mitigation. Incident Response: Assist in responding to security incidents by analysing threat patterns, supporting forensic investigations, and recommending preventative measures. Collaboration with Teams: Work closely with developers, DevOps, and other stakeholders to design and implement secure development practices and advise on secure code development practices. Reporting: Document findings from threat modelling, vulnerability assessments, and penetration tests, and present them to management and other key stakeholders. Security Awareness: Promote awareness of cybersecurity risks within the organization and provide guidance on secure coding and risk mitigation strategies. Required Skills and Qualifications: Strong knowledge of Threat Modelling methodologies and tools (e.g., Microsoft Threat Modelling Tool, OWASP Threat Dragon). Hands-on experience in performing Vulnerability Assessment and Penetration Testing (VAPT) using tools like Nmap, Burp Suite, OWASP ZAP, Nessus, and Metasploit. Solid understanding of common vulnerabilities (e.g., SQL injection, Cross-Site Scripting, Buffer overflows) and security protocols (e.g., TLS/SSL, OAuth, OpenID). Familiarity with network security (firewalls, IDS/IPS, VPNs, etc.) and web application security. Experience in performing risk analysis, writing security reports, and presenting findings to both technical and non-technical audiences. Knowledge of OWASP Top 10, CVE, and vulnerability databases. Proficiency in one or more programming languages (e.g., Python, Java, C, or scripting languages) is a plus. Understanding of security frameworks and compliance requirements (e.g., NIST, ISO 27001, GDPR, SOC 2) is desirable. Experience with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus. Strong problem-solving skills and the ability to work independently and in a team. Prior experience in BFSI would be preferred. Preferred Qualifications: Certification: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar penetration testing certifications. Certified Information Systems Security Professional (CISSP) or similar information security certifications. Previous experience in threat hunting, incident response, or application security. Understanding of security in Agile/Scrum development processes. Location and way of working Base location: Pune Professional is required to work from office. How youll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the worlds most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyones welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution.

Location: Thane What does a successful Internal Audit- IT professional do at FISERV? Efficiently conduct the audit projects as per The Institute of Internal Auditors standards and in accordance with Fiserv global Internal Audit framework and methodologies. What will you do: Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Planning, conducting walkthroughs, drafting process understanding and relevant controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Documenting and Reviewing Test of Designs and Test of Effectiveness controls. Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., Validations of audit issues. Conducting special reviews. What will you need to know: Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, drafting skills, communication, and interpersonal skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.) What would be great to have: Desired certifications: CISA / CISSP / CISM / CCNA certified professionals

Analysing cyber-IOCs, APTs, MITRE ATT&CK TTPs, attack vectors, adversary TTPs, and cyber threat intelligence topics and translating these into actionable intelligence Develop, maintain, and update a repository of cyber threat information that is used in conducting risk assessments and reports on cyber risk trends. Conducts research and evaluates intelligence data, with emphasis on TTP's. Good Experience in Development and documenting of threat Intelligence procedures into playbooks. Experience on Threat Research Reports for Strategic, Tactical, and Operational intelligence Focusing on intent, objectives, and activity of cyber threat actors and then acting accordingly. Perform ad-hoc intelligence gathering using OSINT tools and techniques Able to apply creative and critical thinking when approaching issues and in resolving them. Able to communicate effectively with technical, operational, and senior client staff. Required education Bachelor's Degree Required technical and professional expertise Analysing cyber-IOCs, APTs, MITRE ATT&CK TTPs, attack vectors, adversary TTPs, and cyber threat intelligence topics and translating these into actionable intelligence Develop, maintain, and update a repository of cyber threat information that is used in conducting risk assessments and reports on cyber risk trends. Conducts research and evaluates intelligence data, with emphasis on TTP's. Good Experience in Development and documenting of threat Intelligence procedures into playbooks. Experience on Threat Research Reports for Strategic, Tactical, and Operational intelligence Focusing on intent, objectives, and activity of cyber threat actors and then acting accordingly. Perform ad-hoc intelligence gathering using OSINT tools and techniques Preferred technical and professional experience Able to apply creative and critical thinking when approaching issues and in resolving them. Able to communicate effectively with technical, operational, and senior client staff.

Job Title: Information Security Project Manager Location : Guwahati (Assam) Department : Information Security Team : Security Business Services Reports To : Security Business Services CISO Job Summary: The Information Security Project Manager will oversee and manage security-related projects to ensure that they are completed on time, within scope, and within budget. This role requires a strong understanding of information security principles and practices, combined with exceptional project management skills. You will coordinate with cross-functional teams, manage project risks, and ensure that security initiatives align with organizational goals and compliance requirements. Key Responsibilities: Project Planning and Management: Develop and execute comprehensive project plans to ensure timely and successful completion of information security initiatives. Stakeholder Coordination: Collaborate with key stakeholders to align project goals with organizational objectives and ensure smooth communication throughout the project lifecycle. Risk Management: Identify, assess, and mitigate potential risks to the project, ensuring compliance with security protocols and minimizing vulnerabilities. Budget Management: Oversee project budgets, ensuring resources are allocated effectively and financial constraints are adhered to while maintaining project scope and quality. Team Leadership: Lead cross-functional teams, fostering collaboration, accountability, and performance to meet project objectives and deadlines. Compliance and Quality Assurance: Ensure adherence to industry standards, regulatory requirements, and best practices to maintain high levels of security and quality assurance. Reporting and Documentation: Prepare regular status reports and maintain detailed documentation on project progress, risks, and outcomes for stakeholder review. Change Management: Manage and facilitate changes within the project scope, ensuring minimal disruption and alignment with evolving security needs. Continuous Improvement: Identify opportunities for process improvements and implement best practices to enhance the efficiency and effectiveness of project execution. Vendor Management: Manage relationships with external vendors, ensuring they meet contractual obligations and deliver secure, high-quality solutions. Prepare executive-level presentations for leadership, highlighting key updates and progress. Share weekly status reports with stakeholders, summarizing project activities and timelines. Create and manage a comprehensive project delivery plan to address cybersecurity requirements, ensuring alignment with national security priorities. Partner with the Internal Centre of Excellence (COE) Security Leaders and Technical Leads to plan, monitor, and control project execution. Provide regular updates to client stakeholders on project status, key security metrics, and SLA performance, fostering transparency and collaboration. Collaborate with client stakeholders to ensure cybersecurity initiatives align with government and organizational objectives. Qualifications: Education: Bachelors degree in Information Security, Computer Science, Business Administration, or a related field. Relevant certifications such as PMP (Project Management Professional), CISM (Certified Information Security Manager), or CISSP (Certified Information Systems Security Professional) are preferred. Experience: 5+ years of experience in project management, with a focus on information security or IT projects. Demonstrated experience managing complex projects with cross-functional teams. Technical Knowledge: Strong understanding of information security principles, practices, and technologies. Familiarity with security frameworks, standards, and compliance requirements (e.g., HIPAA, PCI-DSS). Project Management Skills: Proven ability to manage projects effectively, including planning, execution, risk management, and reporting. Experience with project management tools and methodologies. Leadership Skills: Excellent leadership and team management abilities, with experience leading diverse teams and managing stakeholder relationships. Communication Skills: Strong written and verbal communication skills, with the ability to present complex information clearly and effectively to both technical and non-technical audiences. Problem-Solving: Excellent analytical and problem-solving skills, with the ability to address issues proactively and make informed decisions. If you are interested, please share below mention details for the same. Location Preferred location Current Co Experience Current CTC Expected CTC Notice Period Offer in Hand Highest Education SSC % HSC % Graduation % University Name Email ID: Ashwini.chakor@ril.com

Role & responsibilities Key Responsibilities: Plan, execute, and document internal audits for ISO/IEC 27001:2022 and SOC 2 controls across the organization. Conduct risk assessments to identify control weaknesses and areas for improvement. Evaluate effectiveness of existing information security policies, procedures, and controls. Collaborate with process owners to ensure timely implementation of corrective actions. Maintain audit schedules and manage audit evidence for internal and external assessments. Liaise with external auditors for ISO and SOC 2 certification processes. Assist in development, review, and continuous improvement of ISMS and security policies. Maintain up-to-date knowledge of compliance requirements, regulatory changes, and industry trends. Train internal teams on ISO/SOC2 awareness and audit preparedness. Report audit findings and compliance status to senior management with actionable recommendations. Required Qualifications: Bachelors degree in Information Security, Computer Science, Auditing, or related field. At least 2–5 years of experience in auditing information security management systems. Proven experience in conducting internal audits for ISO/IEC 27001:2022 and SOC 2 frameworks. Certifications such as ISO 27001 Lead Auditor is mandatory. PIMS/CISA/BCMS or other relevant Certifications will be a plus Solid understanding of information security principles, risk management, and data privacy. Preferred Skills: Excellent analytical, problem-solving, and documentation skills. Strong interpersonal and communication skills, with the ability to interact with technical and non-technical stakeholders. Self-driven with the ability to manage multiple priorities under minimal supervision Work Environment: May require occasional travel for site audits or assessments. Flexible hours during audit cycles may be required.

Proactively lead and support incident response team during an incident. Experience in advance investigation, triaging, analysis and escalation of security incidents with recommendations Hands-on basic experience with configurations and management of SIEM tools(Qradar)including log source integrations, custom parser built, fine tuning and optimizing the correlation rules and use cases recommendations Is MUST. Proven Experience on any of the Security information and event management (SIEM) tools using Qradar Data-driven threat hunting using SIEM, EDR and XDR tools Basic Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR Identify quick defence techniques till permanent resolution. Recognize successful intrusions and compromises through review and analysis of relevant event detail information. Review incidents escalated by Level 1 analysts. Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts. Actively investigates the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies end users when appropriate. Identify the gaps in security environment & suggest the gap closure Drive & Support Change Management Performs and reviews tasks as identified in a daily task list. Report Generation and Trend Analysis. Participate in the Weekly and Monthly governance calls to support the SOC metrics reporting Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc. Willing to work in 24x7 rotational shift model including night shift. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 5+ Years Hands-on experience required in Qradar SIEM and SOAR. Desired experience in Threat hunting, Threat intelligence. Worked on tools belongs to Qradar, UEBA, UAX. Bachelor’s degree in engineering/information security, or a related field. Relevant certifications such as CEH, CISSP, CISM, CompTIA CASP+, or equivalent. Proven experience to work in a SOC environment. Preferred technical and professional experience Proven experience in managing and responding to complex security incidents. Strong analytical and problem-solving skills. Excellent communication and collaboration abilities. Ability to work in a fast-paced, dynamic environment. Deep technical knowledge of security technologies and advanced threat landscapes.

Company Description Tesco Bengaluru: We are a multi-disciplinary team creating a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility, providing cutting-edge technological solutions and empowering our colleagues to do ever more for our customers. With cross-functional expertise in Global Business Services and Retail Technology & Engineering, a wide network of teams and strong governance we reduce complexity thereby offering high quality services for our customers. Tesco Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 4,40,000 colleagues. Tesco Technology consists of people from a number of different backgrounds, but having a common purpose to serve our shoppers a little better every day with our retail technological solutions. We shared a common interest in harnessing innovations in technology to enhance their shopping experience at Tesco stores. Whether making products, software or systems, our teams focuses on various aspects from taking strategic ownership of the architecture to delivering technological solutions such as design, testing, deployment, infrastructure, operation and security of the systems to ensure agile, smooth and safe operations. These help us to deliver the maximum business impact. Teams refine their internal processes to best fit their own needs, working to build core capabilities in application and services. We collaborate globally across teams to build end-to-end customer-facing solutions, as well as to share knowledge, experience, tools and techniques. At Tesco, inclusion means that Everyone?s Welcome. Everyone is treated fairly and with respect; by valuing individuality and uniqueness we create a sense of belonging. Diversity and inclusion have always been at the heart of Tesco. It is embedded in our values: we treat people how they want to be treated. We always want our colleagues to feel they can be themselves at work and we are committed to helping them be at their best. Across the Tesco group we are building an inclusive workplace, a place to actively celebrate the cultures, personalities and preferences of our colleagues ? who in turn help to build the success of our business and reflect the diversity of the communities we serve. Job Description - Carry out Cyber Risk and Assurance initiatives independently while ensuring quality and timely delivery. - Perform control testing using security frameworks to determine effectiveness of the control and provide recommendations. - Review adequacy of evidence provided by Technology teams as part of control assurance activities. - Define processes to collaborate with Security and Technology teams for remediation of identified system-level control gaps and work closely with them to ensure implementation cyber security safeguards to improve security posture across the organisation. - Identify; evaluate and monitor technology risks as part of Cyber Risk and Assurance programmes. - Review security exceptions raised by Technology teams to manage the risks associated. - Drive reporting across different Cyber Risk and Assurance initiatives; including reporting to Security Leadership and Cyber/Technology governance committees. - Identify; drive and implement opportunities for process improvement across various initiatives within the Cyber Risk and Assurance team. - Build strong relationships with the stakeholders and lead internal meetings with Technology and Business Process teams. Qualifications - 7 to 10 years cyber security experience - IT audit and/or IT risk management - Experience of assessing security controls across a variety of technologies and products; recommending improvements where necessary - Hands on Experience with different security frameworks and standards such as ISO 27001; NIST; CIS; PCI; (e.g. controls testing; gap assessments) - Critical thinking with strong attention to detail and good organisational skills - Strong written; verbal communication and presentation skills; working with all levels of seniority and disciplines within the organisation - Able to build solid working relationships with internal and external stakeholders - At least one professional qualification such as CISA; CISM; CRISC CISSP or equivalent Additional information Important Notice: On behalf of Tesco Bengaluru, we must caution all job seekers and educational institutions that Tesco Bengaluru does not authorise any third parties to release employment offers or conduct recruitment drives via a third party. Hence, beware of inauthentic and fraudulent job offers or recruitment drives from any individuals or websites purporting to represent Tesco. Further, Tesco Bengaluru does not charge any fee or other emoluments for any reason (including without limitation, visa fees) or seek compensation from educational institutions to participate in recruitment events. Accordingly, please check the authenticity of any such offers before acting on them and where acted upon, you do so at your own risk. Tesco Bengaluru shall neither be responsible for honouring or making good the promises made by fraudulent third parties, nor for any monetary or any other loss incurred by the aggrieved individual or educational institution. In the event that you come across any fraudulent activities in the name of Tesco Bengaluru, please feel free report the incident at recruitment_compliance_india@tesco.com Role & responsibilities Preferred candidate profile

Role & responsibilities DLP Operations: Manage day-to-day operations of the DLP solution, including monitoring, incident response, and resolution. Policy and Procedure Development: Develop and configure DLP policies to safeguard sensitive information, in line with regulatory requirements and internal policies. Monitoring Compliance: Ensure compliance with data protection laws and organizational policies, and monitor data movement to prevent unauthorized data access or sharing. Privacy Impact Assessment (PIA) & Risk Management: Conduct PIAs to identify privacy risks and ensure the organizations data handling complies with regulations. Data Protection Training & Awareness: Assist in the development and delivery of data protection awareness training programs to educate staff on DLP policies and best practices. Vendor & Third-Party Risk Management: Evaluate risks associated with third-party service providers and ensure they comply with DLP policies and practices. Data Governance & Data Stewardship: Support the organizations data governance framework by ensuring effective use, management, and protection of sensitive data. Incident Investigation & Resolution: Conduct investigations into DLP incidents and resolve issues related to data breaches or violations, ensuring proper reporting and remediation. Data Subject Requests (DSR) Management: Assist in managing data subject requests (DSR), ensuring that data handling and deletion requests comply with privacy laws. Maintain excellent working relationships with business teams, Business Heads encouraging a positive culture of compliance and ethical behaviour by working with the business to achieve a shared vision and strategy. Develop and maintain a knowledge base for privacy and data protection laws as applicable to Protiviti India Member Firm Provide guidance to delivery and support functions on processing of personal data. Maintain data flow maps for the process where personal data is processed. Support the business in identifying data protection and privacy risks by reviewing and advising on Data Privacy Impact Assessments as required. Keep track of changes in the relevant legislations related to Privacy and the Data Protection Acts, interpret, convert these requirements into controls and provide guidance to all stakeholders Preferred candidate profile Bachelor's or master's degree in computer science, information systems or relevant field. Around 2-3 years' experience in managing privacy and data protection program for a company or providing privacy and data protection consulting services. Around 6-8 years of overall experience in the area of privacy and Information Security. Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate privacy, security and risk-related concepts to technical and nontechnical audiences. Knowledge and understanding of relevant legal and regulatory requirements, such as IT Act 2000, GDPR, BS10012, Data Protection Act of India and other Data Protection standards Knowledge of DADP act and country wise data protection act across Middle East Countries Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives Project management skills: scheduling and resource management Professional privacy engagement certification, such as a Certified Information Privacy Professional (CIPP) or other similar credentials in Data Privacy, is desired Strong understanding of data protection laws, regulatory compliance, and risk management. Ability to handle sensitive information with discretion and professionalism

Key Responsibilities: Develop, deploy, and maintain security controls and tools across enterprise environments. Monitor security systems for threats and vulnerabilities, and respond to security incidents. Conduct security risk assessments and recommend mitigation strategies. Implement and manage firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and endpoint security solutions. Collaborate with IT teams to integrate security best practices into infrastructure and application development. Develop and maintain security policies, standards, and procedures in alignment with regulatory requirements. Perform vulnerability scanning, penetration testing, and remediation tracking. Analyze security logs and alerts to identify potential threats or breaches. Provide security awareness training and support to employees. Stay updated on the latest security threats, trends, and technologies. Participate in security audits and compliance assessments. Document security architecture, configurations, and incident reports. Required Skills and Qualifications: 5-10 years of experience in IT security or cybersecurity roles. Strong knowledge of network and system security principles. Hands-on experience with firewalls, IDS/IPS, VPNs, endpoint protection, and SIEM tools. Proficiency in security frameworks and standards such as ISO 27001, NIST, CIS Controls. Experience with vulnerability management and penetration testing tools. Familiarity with cloud security concepts and tools (AWS, Azure, Google Cloud). Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Relevant security certifications such as CISSP, CISM, CEH, or CompTIA Security+ are preferred.

Number of Openings 3 ECMS ID in sourcing stage TS-ID-15358 Assignment Duration 6 Months Total Yrs. of Experience 12+ years Relevant Yrs. of experience 10 +years Detailed JD (Roles and Responsibilities) Crypto Mainframe Engineer Position Overview We are seeking an experienced Crypto Mainframe Engineer to join our team. The ideal candidate will have a minimum of 10 years of experience working in financial institutions and a strong background in using KeyFactor PrimeKey. This is a unique opportunity to work on cutting-edge encryption technologies and ensure the security of our financial systems Key Responsibilities Design, implement, and maintain cryptographic systems on mainframe platforms. Utilize KeyFactor PrimeKey to manage and deploy cryptographic keys and certificates. Ensure the security and integrity of financial data through the application of advanced encryption techniques. Collaborate with cross-functional teams to integrate cryptographic solutions into existing systems Monitor and respond to security incidents related to cryptographic systems. Keep abreast of the latest developments in cryptography and implement best practices Provide technical guidance and mentorship to junior engineers and staff Qualifications Bachelors degree in Computer Science, Information Security, or a related field Minimum of 10 years of experience working in financial institutions Extensive experience with KeyFactor PrimeKey for key and certificate management Strong understanding of cryptographic algorithms and protocols Knowledge of mainframe systems and their security features Experience with incident response and security monitoring Excellent problem-solving and analytical skills Strong communication and teamwork skills. Preferred Skills Masters degree in a relevant field Experience with EKMF and other mainframe cryptography Certifications in cryptography or information security (e.g., CISSP, CISM) Experience with other cryptographic tools and technologies Knowledge of regulatory requirements in the financial sector. Domain Crypto Mainframe Engineer Max Vendor Rate in Per Day (Currency in relevance to work location) 12000 INR Work Location given in ECMS ID Bangalore/Pune WFO/WFH/Hybrid WFO Hybrid BG Check (Before OR After onboarding) As per Infosys Policy Is there any working in shifts from standard Daylight (to avoid confusions post onboarding) YES/ NO NO