15 Fedramp Jobs

Key Responsibilities: Serve as a trusted security advisor and designated vCISO for assigned clients, providing executive-level guidance on cybersecurity strategy, risk posture, governance, and compliance initiatives. Lead the development, implementation, and continuous improvement of client security policies, procedures, and frameworks aligned with standards such as NIST 800-53/CSF, ISO 27001, HIPAA, CMMC, SOC 2, and others. Define and deliver comprehensive security programs, including security risk assessments, maturity roadmaps, control gap analysis, and compliance reporting. Guide clients through technical and strategic decision-making related to infrastructure, applications, third-party tools, and data protection strategies. Coordinate and oversee vulnerability assessments, penetration tests, and the design and implementation of technical and administrative controls. Interpret the results of threat and vulnerability assessments to identify gaps and recommend remediation actions, ensuring alignment with each client's operational risks and compliance obligations. Engage with client stakeholders across IT, DevOps, legal, operations, and executive leadership to drive a security-by-design culture across projects and teams. Manage and deliver high-impact cybersecurity engagements with a focus on scope definition, schedule, budget, documentation, and successful client outcomes. Facilitate client discovery, build proposals, and articulate engagement scope, deliverables, and level of effort required for custom security solutions. Identify cross-functional improvement opportunities, recommending enhancements to client systems and infrastructure (hardware, software, networks). Communicate technical concepts and security strategy effectively to both technical and non-technical audiences, demonstrating leadership and executive presence. Provide mentorship and guidance to junior consultants, engineers, and analysts; when serving in a team lead capacity, manage workload, project direction, and performance feedback for 35 team members. Contribute to business development by identifying upselling and cross-selling opportunities based on client needs, emerging security challenges, or regulatory changes. Plan and execute projects independently with limited oversight, consistently delivering high-quality advisory services and exceeding client expectations. Minimum Qualifications: Bachelors degree in business, computer science, information systems, engineering, or a relevant discipline, or equivalent experience. 10+ years of technical experience. 5+ years of Information Security experience. Familiarity and experience with Microsoft 365, Azure, and AWS. Familiar with Security Frameworks (FedRAMP, ISO, NIST, COBIT, HIPAA/HITECH, PCI, SOC, SOX, etc.) and regulatory requirements. Understanding of Data Loss Prevention, Zero Trust, etc. Excellent written, verbal, and presentation communication skills. Excellent customer service skills. Comfortable in a sales environment and interest in negotiation statements of work. Experience collaborating and supporting clients and executives. Innovative and analytical problem-solving skills. Entrepreneurial and forward-thinking mindset. Strong management consulting skills. Ability to make decisive decisions and exhibit executive presence. Proven ability to lead a team of analysts and engineers effectively.

Security Trust Analyst1 Job Title: Security Trust Analyst Location: Bangalore, India Work Mode: Hybrid (Minimum 2 days/week from office) About the Role We are seeking a Security Trust Analyst to join our Global Trust Office as an individual contributor. In this hands-on role, you will work closely with sales teams and internal security functions to demonstrate that our security and compliance controls meet industry-leading standards. You will also engage with cross-functional stakeholders across Compliance, Legal, Privacy, Product, and Engineering teams. The ideal candidate is detail-oriented, collaborative, and passionate about cybersecurity and compliance, with a strong understanding of industry frameworks such as ISO 27001, PCI DSS, and AICPA SOC . Key Responsibilities Perform first-line review of incoming Trust Office cases in Salesforce, validate case accuracy, and assign for further action. Respond to requests from internal sales teams regarding security and compliance inquiries from customers and prospects. Prepare and distribute weekly reports from Salesforce. Manage distribution of Security and Trust Assurance Packets (STAP) to customers and prospects. Collaborate with internal teams (Security, Product, Engineering, etc.) to communicate and support DocuSigns compliance posture. Contribute to continuous improvement initiatives within the Global Trust Office. Perform additional tasks and responsibilities as assigned. Support after-hours requests on an as-needed basis. What Youll Bring Basic Qualifications: Bachelors degree or equivalent work experience in Computer Science, Cybersecurity, GRC (Governance, Risk & Compliance), or related field. Minimum 2 years of relevant experience in cybersecurity or compliance-related roles. Familiarity with security and compliance frameworks such as:SSAE16, ISO 27001, NIST, PCI DSS, SOC, SIG, CSA, HIPAA, HITRUST, FedRAMP. Experience working in a SaaS or cloud solutions environment. Proficiency with Salesforce and Google Workspace tools. Strong analytical, communication, and presentation skills. Detail-oriented with excellent organizational and time management skills. Comfortable working across cross-functional teams and stakeholders. Strong passion for continuous learning and improvement. Understanding of the role of supply chain security in customer assurance. Work Environment Hybrid Work Model: This is a hybrid position requiring a presence in the Bangalore office a minimum of 2 days per week , with flexibility for remote work based on team and business needs. Location - Pune,Hyderabad,Kolkata,Jaipur,Chandigarh

Location: Only Bangalore Contract Security Specialist SOC Position Overview: The Security Analyst works as part of the Security Operations Center (SOC). Successful candidates will be analytical, familiar with multiple security technologies, and provide initial response to security alerts. Responsibilities: Monitors, reviews and interprets security alerts and notifications and provides initial response, analysis and case management Perform mitigation steps to ensure appropriate security event handling and escalate as necessary Become proficient in a variety of security tools within our security suite Examples: A/V, IDS/IPS, NAC, NGFW, SIEM Provide general security knowledge and recommendations to SOC team Provide feedback to information security engineers and assist with security sensor tuning efforts Communicate with technical vulnerability management and incident response teams to validate security events Perform tasks related to security incident response, such as monitoring and discovery Basic Qualifications Information Security experience via work/school Excellent written and verbal communication skills with the ability to explain technical concepts Self-motivated individual who can follow and maintain procedures Attention to detail and motivated to deliver exceptional quality Critical thinking skills Preferred Qualifications: Vendor and industry certifications in security analysis such as Security+, SANS or GIAC Linux and Windows systems administration experience Knowledge of security industry standard frameworks Examples: NIST 800-53, PCI-DSS, FedRamp Scripting or programming experience Examples: PowerShell, Python, RegEx Basic Qualifications Information Security experience via work/school Excellent written and verbal communication skills with the ability to explain technical concepts Self-motivated individual who can follow and maintain procedures Attention to detail and motivated to deliver exceptional quality Critical thinking skills Preferred Qualifications: Vendor and industry certifications in security analysis such as Security+, SANS or GIAC Linux and Windows systems administration experience Knowledge of security industry standard frameworks Examples: NIST 800-53, PCI-DSS, FedRamp Scripting or programming experience Examples: PowerShell, Python, RegEx Mandatory Skills: Security Log Monitoring. Experience: 5-8 Years.

Responsibilities First line review of all incoming cases to the Trust Office in Salesforce. Validate each case for accuracy and prepare for pickup. Responding to requests for information from internal sales teams regarding compliance and security matters for customers and prospects. Prepare and distribute weekly reporting from Salesforce Prepare and send Security and Trust assurance packet (STAP) to customers and prospects. Additional responsibilities and tasks as required and assigned Basic Qualifications Self-starter with excellent communication, collaborative, and presentation skills Minimum of 2 years of relevant experience in computer science, cyber security, governance risk and compliance, or related domains Experience with security control frameworks (e.g. SSAE16, ISO27001, NIST, PCI, SIG, CSA, HIPAA, HITRUST, FedRamp) Experience with Salesforce and Google workspace applications. Professional communicator in both verbal and written English Understanding of compliance and cyber security implications for business Experience with SaaS and cloud solutions environments Experience working with cross functional teams Strong analytical and communication skills Strong attention to detail, excellent organizational skills, and superior time management skills A very strong passion to learn and continuously improve A willingness to contribute to team discussions and challenge views Preferred Qualifications Degree qualified or higher in a relevant field or equivalent work experience Experience working with external customers regarding their compliance assessments and controls Independently driven, resourceful, and able to deliver results with minimal oversight; Strong sense of ownership, urgency, and drive Strong business acumen with the ability to engage with technical teams to present assessment results, risks and to participate in discussions around acceptable and compensating controls Experience working hands-on with cross-functional teams in assessing processes, risks and controls

Job Summary: We are seeking a passionate and experienced Security & Compliance Engineer to join our team. This role is pivotal in ensuring our cloud services meet the highest standards of security and compliance. You will work cross-functionally with engineering teams, project managers, and compliance stakeholders to identify, implement, and monitor security controls and processes. Your work will directly contribute to the protection of our infrastructure, data, and services. The service you will be joining is Key Protect, IBM’s key management system https://www.ibm.com/products/key-protect. Key Responsibilities: Support security and compliance initiatives across Key Protect & Security Services. Collaborate with development and operations teams to mitigate security risks. Implement, and monitor security controls and compliance processes. Contribute to risk assessments, gap analyses, and remediation planning. Support internal and external audits by providing evidence and documentation. Support adherence to regulatory standards such as FedRAMP, HIPAA, GDPR, SOC 2, PCI, ISO27K, NIST, ISMAP, ENS, HITRUST, etc. Drive improvements in patch management, vulnerability management, and access control. Maintain accurate asset inventories and ensure configuration management best practices. Monitor logs and systems for anomalies and respond to incidents. Participate in penetration testing and threat modeling exercises. Communicate security requirements and findings to technical and non-technical stakeholders. Ideal Candidate Traits: Growth mindset and eagerness to learn. Strong problem-solving and critical thinking abilities. Self-starter, ability to work independently. Ability to translate complex security concepts into actionable guidance. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Experience: 4+ years in security engineering, compliance, DevOps or related roles. Experience with cloud technologies and infrastructure. Hands-on experience with compliance frameworks (e.g., FedRAMP, HIPAA, GDPR, SOC 2, PCI, ISO, NIST). Knowledge of end-to-end Security and Compliance activities such as Threat Models, Security Privacy by Design. Knowledge of Security scanning tools such as Nessus scanner, SonarQube, NMap. Knowledge of Security concepts (includes understanding of identity mgmt./authentication, authorization, firewall, auditing, secure communication, managing certificates, password management) Understanding of cryptographic key management and its lifecycle. Strong understanding of access management, data protection, and secure system configuration. Experience on Kubernetes/ OpenShift deployments, Container Tools such as Docker, Podman, Rancher Excellent communication and documentation skills. Ability to work independently and collaboratively across teams. Preferred technical and professional experience Experience with tools such as GitHub and ServiceNow. Experience with microservice architectures and Restful API development Familiarity using Container Security tools such as Prisma Cloud & AquaSec Experience in DevSecOps pipelines - Jenkins, Tekton Toolchains Scripting and automation skills (Python, Bash, Terraform, etc.)

Perform first-line review of incoming Trust Office cases in Salesforce, validate case accuracy, and assign for further action. Respond to requests from internal sales teams regarding security and compliance inquiries from customers and prospects. Prepare and distribute weekly reports from Salesforce. Manage distribution of Security and Trust Assurance Packets (STAP) to customers and prospects. Collaborate with internal teams (Security, Product, Engineering, etc.) to communicate and support DocuSigns compliance posture. Contribute to continuous improvement initiatives within the Office. Perform additional tasks and responsibilities as assigned. Support after-hours requests on an as-needed basis. What You’ll Bring Basic Qualifications: Bachelor’s degree or equivalent work experience in Computer Science, Cybersecurity, GRC (Governance, Risk & Compliance), or related field. Minimum 2 years of relevant experience in cybersecurity or compliance-related roles. Familiarity with security and compliance frameworks such as: SSAE16, ISO 27001, NIST, PCI DSS, SOC, SIG, CSA, HIPAA, HITRUST, FedRAMP. Experience working in a SaaS or cloud solutions environment. Proficiency with Salesforce and Google Workspace tools. Strong analytical, communication, and presentation skills. Detail-oriented with excellent organizational and time management skills. Comfortable working across cross-functional teams and stakeholders. Strong passion for continuous learning and improvement. Understanding of the role of supply chain security in customer assurance. Work Environment Hybrid Work Model: This is a hybrid position requiring a presence in the Bangalore office a minimum of 2 days per week, with flexibility for remote work based on team and business needs.Role & responsibilities Preferred candidate profile

Required Experience: At least 15 years of experience in working in a fast-paced IT team. Work Location/Travel: Bangalore and must be available during weekends or extended hours if required for critical emergencies. Work in the office during the general shift/work from home during other shifts. Job Summary: Infra Ops Management Manage IT Ops Vendors and hardware Vendors for delivering M365 L1 Support, Network (Internet Leased Line, Firewall, Apps gateway, IDS, IPS) and Onsite desktop support. Manage IT Network Ops vendors including L0 and L1 support. Handle escalation L2/L3 support including developing policies and qualifying exceptions etc. for IIC and US teams. Manage escalation of hardware Issues with OEM vendors like Dell and HP, ensuring they deliver as per SLAs. Built and develop L0/L1 support (including availability, monitoring and change management activities) Architect and manage Infra programs, support technology requirements for delivery projects Own security reviews, vendor security questionnaires, and responses to support Presales Security management and administration of M365, Cloudflare, Proofpoint, N-Able, Fortinet alerts Development support queries on Application installation and client connectivity issues Design and implementation of policies on the Apps managed by IT. Monthly reports and exception management Hardware and software procurement and license management including development requirements on a needy basis. Supports ISO 27001 activities and development of new policies, evidence gathering, and addressing gaps. Readiness for New security compliances Fed Ramp etc., and other compliance required by our customers PCI-DSS. Assisting the development teams in adopting these during application deployment. Nable Patch Management Review Bitdefender Review Dashboards and follow up on exceptions. Review Assets registered and ensuring time and again stale assets are removed. Extract and configure customized reports as required. Review Bitdefender automated reports for exceptions Address escalated issues that cannot be resolved by IT Tech Liaise with All covered for resolution. Audit reviews for Users and devices AZURE AD Risky User Investigation Conditional access policies review and troubleshooting MFA configuration and Troubleshooting Secure score recommendations AZURE AD policies troubleshooting and investigations. AZURE AD Access Reviews and Cleanup AZURE AD Admin Audit logs review Self-service password reset flow activity progress. Reset password (self-service) Update Sts Refresh Token Valid from Timestamp Reset user password. Update user Add app role assignment grant to user When an Enterprise Application is assigned to a user. Add delegated permission grant. Change password (self-service) Change user password Security info saved for self-service password reset. User completed security info registration for self-service password reset. User started security info registration for self-service password reset. Add service principal. Add application. Delete application. Remove service principal. Update service principal Update application Certificates and secrets management Update application Add and remove the owner from application. Create an application password for the user. Redmine Access Reviews Backup Reviews Software updates Assist team with queries on Vulnerability Analysis Gather evidence required for ISO 27001 Escalated Issues on Redmine Address Backup Issues Prepare and coordinate DR and BCP Ad hoc requests from Dev teams and PMO FortiGate and Network Design as per compliance requirements say FedRAMP, PCI-DSS Vendor Liaison (basically L1) on exceptions like IDS, IPS, VPN, Firewall Issues Manage change and problem management activities. Review monthly reports and exceptions. Root cause analysis and remediations SLA reports and corrective actions Policy design and address VPN compliance Handle Escalated Issues on the Network - VPN, IDS, IPS, Security Violations and investigations regarding access to customers and/or impersonation etc. M365 Intune Import and register new laptops during onboarding. Support on shore team for Onboarding Issues Review Assets registered in Intune, and generate asset reports, compare these with asset files. Escalated support on Intune Issues and follow up with vendor and Microsoft. Escalated support on Non-Delivery of Apps during deployment Registering BYOD devices Validating policies and resolving issues that users face due to policy failures. Create and troubleshoot policies. Exchange Online Review Quarantined email and release as appropriate reactively as alerted by Users. Escalate issues of non-delivery reports and/or any emails quarantined or not delivered to users. Review and clear blocked messages from EOL Create and troubleshoot policies. Teams Troubleshoot team issues Jitter, call drops, high utilization. Review usage reports and dashboards for exceptions Review and investigate Teams logs for security issues. Change ownership of Team files as required by Managers or new owners. Resolve file-sharing queries and best practices for sharing files. Procurement Vendor Management Review and monitor SLA with HP, Dell, and hardware Partners Address escalations due to delays in service Address clarifications on warranty claims Procure New hardware or upgrade as required - Memory, SSD etc., Co-ordinate with Insurance firms and support Admin teams Hardware Planning as per business needs Review and procure software requirements. Review asset inventory and ensure asset register is updated. Assist onshore with laptop hardware procurement and configurations for 3-year support. Warranty renewal and Maintenance contracts Competency (Knowledge, Skills, and Abilities): At least 15 years of experience in working in a fast-paced IT team. Responsible for delivery of end-to-end IT requirements for internal stake holders Should have experience of managing internal and external resources working to deliver IT services. Should have hands on experience in managing vendors, negotiating deliverables and keeping costs within pre-determined budgets. Position Type: Full Time/Permanent Required Education: Bachelors degree. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology. Other Duties: This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required. Duties, responsibilities, and activities may change, or new ones may be assigned at any time, with or without notice.

About The Role We at Innovaccer are looking for an Security Engineer-II who will be responsible for Risk Assessment role in our Cyber Security Team for customer & internal activities including proprietary & public data. This role will encompass the use of a broad range of security domains (Security Questionnaires, Vendor Risk Assessment, Internal and External Audits, Writing Policies & Procedures etc.).This role would be a great opportunity to learn and grow as you would be exposed to multiple security domains across multiple cloud platforms at a single time. A Day in the Life Responding to RFPs & Security Questionnaires Coordinating with RFP team and Legal team on reviewing security questionnaires/exhibits, BAA/MSA queries and respond to follow-ups and customer queries Analyzing and updating existing compliance policies, procedures and related documentations Implementing privacy controls & policies Drive Vendor Risk Assessment & Risk Management programme Maintaining communication and coordinating with corporate, legal and IT teams Implement audit controls for external audits like SOC2 Type2, HiTrusHIPAA,t, ISO27701, etc. Perform third party risk assessments and work on remediation of findings Familiar with Regulations in United States HealthCare & Middle-East Coordinating with internal teams for gathering evidences and presenting it to auditor Identify control gaps/weaknesses and formulate action plans to address What You Need Understanding of different Privacy & Compliance controls of Federal & State Regulation's Bachelors degree in Information Technology, Computer Science Engineering preferred Minimum of 3-5 years of prior experience in Information Security Risk & Compliance Hands-on experience on HIPAA, SOCII, ISO27001:2022, HiTrust etc. Familiarity of compliances like GDPR, NISTSP800-53, HiTech, FedRamp, AzRamp, MARSE, etc Vendor Risk Assessment, Respond to RFPs & Legal Review of Security Exhibits Work with Corporate compliance Team for Audits Good to have CISSP/CISA or other relevant certifications Hands-on skills in Data security controls Ready to take up more responsibilities along-with existing role Understanding of Security Architecture and proficient in immediately of data security control Able to work independently, being a team player, ability to work well under pressure Familiarization with cloud like AWS, Azure & GCP Able to multi task, prioritize, and manage time effectively Collaborates effectively and communicates efficiently Readily available to work with teams and clients outside India in USA & Middle-East

About Us CCTech's mission is to transform human life by the democratization of technology. We are a well-established digital transformation company building applications in the areas of CAD, CFD, Artificial Intelligence, Machine Learning, 3D Webapps, Augmented Reality, Digital Twin, and other enterprise applications. We have two business divisions: product and consulting. simulationHub is our flagship product and the manifestation of our vision. Currently, thousands of users use our CFD app in their upfront design process. Our consulting division, with partners like Autodesk Forge, AWS, and Azure , helps Fortune 500 engineering organizations achieve digital supremacy. Job Description We are seeking an IAM Engineer (47 yrs experience) who is on the path to becoming a true specialist. You will own key portions of our identity stack—helping to architect, implement, and maintain authentication and authorization platforms and environments, while pairing closely with our Senior IAM Expert. Key Responsibilities Design and operate PingFederate and Okta-based AuthN/AuthZ solutions. Implement migration of AuthN/AuthZ flows from Okta to PingFederate. Implement PAT and SSA integrations. Configure and maintain multi-environment IDP instances, manage claim mappings, and secure secrets in vaults. Ensure compliance with FedRAMP controls (FIPS encryption, audit logging). Collaborate with SRE, DevOps, and Automation teams to integrate flows into CI/CD pipelines and smoke-test suites. Develop and maintain end-to-end test cases for authentication, authorization, MFA, and token lifecycle scenarios. Write and update runbooks, architecture diagrams, and developer-onboarding materials. Required Qualifications 4–7 years in identity management, IAM engineering, or security engineering roles. Hands-on experience with PingFederate, Okta, or equivalent enterprise IDP platforms. Solid understanding of OAuth2/OIDC protocols, SAML, and token-based authentication. Practical exposure to compliance frameworks such as FedRAMP, SOC2, or PCI-DSS. Proficiency in scripting (Python, Bash) to automate integration tests and routine tasks. Strong verbal and written communication, able to drive technical discussions and documentation. Preferred Skills Familiarity with AWS Cognito, Azure AD B2C, or similar cloud identity services. Experience implementing serverless identity extensions (e.g., Lambda triggers). Working knowledge of directory services and federation protocols. Involvement in disaster-recovery planning for identity systems. Benefits Opportunity to work with a dynamic and fast-paced IT organization. Make a real impact on the company's success by shaping a positive and engaging work culture. Work with a talented and collaborative team. Be part of a company that is passionate about making a difference through technology.

We have a team of security compliance leaders overseeing solutions for this complex environment, collaborating with security architects and Cloud DevOps teams internally and around IBM. The security compliance leader’s role is to determine the secure operation of the all computer systems, servers, and network connections in accordance with our policies, procedures, and compliance requirements. A security compliance leader in our team will participate in some or all of the following: Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Generate compliance reports from an existing dashboard or build requirements to create a new reporting dashboard Proactively Monitor, track, and report on security compliance status across systems and processes. Analyze large datasets to identify trends, anomalies, and compliance risks. Support security audits, assessments, and certification efforts through data collection and analysis. Possess strong communication skill, collaborate with cross-functional matrix teams to drive root cause analysis, corrective actions and improvements based on data insights. Maintain and enhance compliance reporting dashboards and metrics for leadership visibility and decision making. Required education Bachelor's Degree Required technical and professional expertise Experience working with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Working with the Development teams to ensure automation of evidence collection and evidence management is always in line with compliance expectations, otherwise, identifies specific actions and owners to meet the expectations. Assisting team members in addressing highly complex security issues applicable to enterprise environment Ability to utilize project management principles to properly scope compliance work efforts by service lines, identify common areas of work, and create a measurable milestone plans across service lines to enable completion of compliance work items on time. Ability to manage multiple priority projects simultaneously under a short timeline Experience/familiar with enterprise risk management (ERM) framework, service delivery operations, software development lifecycle and be able to understand when to request and integrate risk items into compliance reporting. Experience with compliance programs such as FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, PCI, NIST, ISO, ITAR, etc. Conducting regular reviews on compliance progression of systems and hosting internal audit/assessment as required to maintain compliance certifications. Ability to translate and interpret regulatory compliance requirements into technical controls Ability to understand cloud enterprise business computing operations/requirements, and effectively communicate to service lines what is expected in order to consider a work item complete. Also, will possess good understanding of networking security including security systems such as firewalls, intrusion detection, vulnerability scanning, OS patching, health-checking Diagnosing the root cause of problems and propose solutionsExamples would be failed patches, tooling issues, false positives on system tests, authentication problems. Drive and track audit, security and compliance finding remediation to closure. Experience with enterprise configuration Management database (CMDB) or IT Asset inventory Management. Understand CMDB's structure, data quality, relationships between CIs (Configuration Items), and updates. Use the CMDB for risk, audit, and compliance analysis and reporting Proficiency in SQL, Excel (advanced levelpivot tables, macros), and ServiceNow— data analytics and visualization functionalities Ability to process large datasets, identify and handle missing data, data transformation, normalization, and data quality checks. Ability to perform data analysis to discover patterns and trends to mitigate security risks and drive business results Work with stakeholders to define key metrics and KPIs; develop dashboards and reports for business users. Collaborate with database engineers, data owners, security focal, product managers, and broader metrics teams to understand data needs. Results oriented with intense focus on achieving both short and long term goals. He/she should be able to drive and execute an agenda in a fast paced, dynamic environment. Strong project management skills with ability to design visual and appealing presentations Strong collaboration, problem-solving and critical-thinking abilities. Excellent communication skills — ability to explain technical findings to non-technical audiences. Good time management, organizational skills, and ability to prioritize tasks. Curiosity and a continuous learning mindset. A highly organized with strong attention to detail, analytical and project management skills Work independently within a team focused organization. Preferred technical and professional experience Experience or familiar with cloud service models; IaaS preferred. Project management and consulting experience is a plus Experience with process automation is a plus Experience with Linux Shell, Perl or Python is a plus

Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Supporting Data center audits focussed on Physical Security control assessments Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment

Introduction About IBM IBM is a global technology and innovation company. It is the most extensive technology and consulting employer globally, with a presence in 170 countries. The diversity and breadth of the entire IBM portfolio of research, consulting, solutions, services, systems and software, distinguishes IBM from other companies in the Industry. Over the past 100 years, a lot has changed at IBM in this new era of Cognitive Business, IBM is helping to reshape industries as diverse as healthcare, retail, banking, travel, manufacturing, and many more, by bringing together our expertise in Cloud, Analytics, Security, Mobile, and the Internet of Things. We like to say, be essential. We are changing how we craft, how we collaborate, how we analyze, how we engage. Join the next generation of innovators, inventors, and entrepreneurs who are crafting the very way the world works. We want the brightest minds doing work that encourages an environment where growth is supported. IBMers get to discover their potential, so theyre inspired to build breakthroughs that help our clients succeed. Were building teams with dynamic strengths with people who want their ideas to matter. Join us - youll be proud to call yourself an IBMer. Our Culture : IBM is committed to crafting a diverse environment and is proud to be an equal opportunity employer. You will receive consideration for employment without regard to your race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Your role and responsibilities We have a team of security compliance leaders overseeing solutions for this complex environment, collaborating with security architects and Cloud DevOps teams internally and around IBM. The security compliance leaders role is to determine the secure operation of the all computer systems, servers, and network connections in accordance with our policies, procedures, and compliance requirements. A security compliance leader in our team will participate in some or all of the following: Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment Required education Bachelors Degree Preferred education Bachelors Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Introduction About IBM IBM is a global technology and innovation company. It is the most extensive technology and consulting employer globally, with a presence in 170 countries. The diversity and breadth of the entire IBM portfolio of research, consulting, solutions, services, systems and software, distinguishes IBM from other companies in the Industry. Over the past 100 years, a lot has changed at IBM in this new era of Cognitive Business, IBM is helping to reshape industries as diverse as healthcare, retail, banking, travel, manufacturing, and many more, by bringing together our expertise in Cloud, Analytics, Security, Mobile, and the Internet of Things. We like to say, be essential. We are changing how we craft, how we collaborate, how we analyze, how we engage. Join the next generation of innovators, inventors, and entrepreneurs who are crafting the very way the world works. We want the brightest minds doing work that encourages an environment where growth is supported. IBMers get to discover their potential, so theyre inspired to build breakthroughs that help our clients succeed. Were building teams with dynamic strengths with people who want their ideas to matter. Join us - youll be proud to call yourself an IBMer. Our Culture : IBM is committed to crafting a diverse environment and is proud to be an equal opportunity employer. You will receive consideration for employment without regard to your race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Your role and responsibilities Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelors Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelor's Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk