5028 Information Security Jobs - Page 18

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityNow Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Engage in continuous learning to stay updated with the latest security trends and technologies.- Assist in the development of security policies and procedures to enhance the overall security posture. Professional & Technical Skills: - Must To Have Skills: Proficiency in SailPoint IdentityNow.- Strong understanding of cloud security principles and practices.- Experience with identity and access management solutions.- Familiarity with regulatory compliance frameworks such as GDPR and HIPAA.- Ability to analyze and mitigate security risks effectively. Additional Information:- The candidate should have minimum 2 years of experience in SailPoint IdentityNow.- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Solution Development Good to have skills : NAMinimum 15 year(s) of experience is required Educational Qualification : 15 years full time educationAs a Security Solution Architect, candidate would be primarily responsible for solution architecture effort on deals that are large and complex and own all components of complex deals. Lead or work as Lead Solution Architect on complex and bundled deals and independently can come up with the solution. Conduct solution reviews with SMEs and the DCSO approver. Attend calls with the client team to understand the requirement. Can be able to bring value and differentiated solutions. Work on building the cost model for the solution. Roles & ResponsibilitiesShould be able to lead the joint solutioning workshops with client and be able to walk through technical security solutions with the clients during Orals. Should possess excellent stakeholder management skills and be good to work as individual contributor and good team player. When assigned responsibilities to lead the team, candidate should show leadership qualities to manage the team and get the work done. Frequently interacts with senior client leadership. Develop statement of work Performs Peer Reviews Assists in performing QA Frequently sells to senior client leadership Leads negotiations or develop business terms and conditions Leads QA or plays major QA role for largest, most complex deals Has led solution development for multiple deal types Work with delivery leads for the approval of solution/efforts Bring out technical differentiators and value in the solution Able to represent the solution in front of the client leadership team. Professional & Technical Skills: Prior experience at least 5 years in leading solution development in a reputed organization Deep knowledge and experience in Cyber security Infra Sec, App Sec, Threat and Vulnerability Management and Identity Access Management is necessary Should be a good presenter Should have leadership qualities Should keep himself/herself up to date on various SA Cost models and processes, work independently to develop IDL files Good communication and collaboration skills Prior experience in leading solution development will be an advantage Experience in leading delivery and solution planning of large, complex deals at least 5 opportunities with Security TCV of greater than10m in the recent experience Comfortable in using relevant tools and estimators Comfortable working in extended working hours Good to have CISSP, CISM, CISA Cloud Security knowledge and certification AWS, Azure Solution Architect Core Training Good to have Solution Architect Advance Training Additional InformationMinimum 15- year full time education with Bachelor or college degree in related field or equivalent work experience The candidate should have minimum 15 years of experience This position is based at our Gurugram office. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityNow Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : BE or MCA or MSc with Good Computer Science Background with good academic record. Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Engage in continuous learning to stay updated with the latest security trends and technologies.- Assist in the development and implementation of security policies and procedures. Professional & Technical Skills: - Must To Have Skills: Proficiency in SailPoint IdentityNow.- Strong understanding of cloud security principles and practices.- Experience with identity and access management solutions.- Familiarity with security compliance frameworks such as ISO 27001 or NIST.- Ability to analyze and mitigate security risks effectively. Additional Information:- The candidate should have minimum 2 years of experience in SailPoint IdentityNow.- This position is based at our Hyderabad office.- A BE or MCA or MSc with Good Computer Science Background with good academic record is required. Qualification BE or MCA or MSc with Good Computer Science Background with good academic record.

Skill required: Risk & Compliance - Sarbanes-Oxley Act (SOX) Designation: Risk and Compliance Senior Analyst Qualifications: BCom/Chartered Accountant Years of Experience: 3 to 5 years About Accenture Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. Visit us at www.accenture.com What would you do You will be aligned with our Risk and Compliance vertical and help us perform compliance reviews, publish reports with actions and provide closure guidance as needed. We design & recommend effective controls to mitigate risks and help service delivery team prepare for upcoming client / external audits.You will be working as a part of the Risk & compliance team which is responsible for helping clients and organizations identify risks and create mitigation plans.United States federal law that set new or expanded requirements for all U.S. public company boards, management and public accounting firms. Assist in implementation of client-designed Sarbanes-Oxley controls into client s financial processes, enterprise resource planning system or supporting technology. What are we looking for In this role you are required to do analysis and solving of increasingly complex problems Your day to day interactions are with peers within Accenture You are likely to have some interaction with clients and/or Accenture management You will be given minimal instruction on daily work/tasks and a moderate level of instruction on new assignments Decisions that are made by you impact your own work and may impact the work of others In this role you would be an individual contributor and/or oversee a small work effort and/or team Please note that this role may require you to work in rotational shiftsIn this role you are required to do analysis and solving of increasingly complex problems Your day to day interactions are with peers within Accenture You are likely to have some interaction with clients and/or Accenture management You will be given minimal instruction on daily work/tasks and a moderate level of instruction on new assignments Decisions that are made by you impact your own work and may impact the work of others In this role you would be an individual contributor and/or oversee a small work effort and/or team Please note that this role may require you to work in rotational shifts Roles and Responsibilities: In this role you are required to do analysis and solving of increasingly complex problems Your day to day interactions are with peers within Accenture You are likely to have some interaction with clients and/or Accenture management You will be given minimal instruction on daily work/tasks and a moderate level of instruction on new assignments Decisions that are made by you impact your own work and may impact the work of others In this role you would be an individual contributor and/or oversee a small work effort and/or team Please note that this role may require you to work in rotational shifts Qualification BCom,Chartered Accountant

Core Responsibilities o Provide support in building IAM controls, standards & policies along with best practices to ensure compliance with information security directives and industry standards o Contribute into designing & integrating IAM solutions for web/mobile apps to strengthen security controls at enterprise scale o Collaborate with enterprise & application designers, developers, other information security teams, enterprise infrastructure and testing teams to deliver high quality solutions for remediating security threats o Identify Key control deficiencies and provide roadmap for closures o Define and document issues for escalation to engineers o Work closely with business to address their incidents and task requests Mandatory Skills Technical- Hands-on experience in implementing IAM controls, policies, standards across enterprise Experience in implementing SailPoint IdentityIQ 8.X including design, development, implementation and application support Customize, configure, and develop IAM solution integration Ability to understand the business requirements and implement them with minimal customizations to the product. Expert level experience in the application and user onboarding, using OOTB and custom connectors. Expert knowledge of User Access Review certifications (Targeted, Manager, Role, Application etc.) Ability to understand the business requirements for User Access review and implement them technically in the system to achieve the desired outcomes with minimal changes to the system. Experience in Roles and Entitlement used in IAM solution. Deep understanding of RBAC concepts and understanding of the SailPoint IdentityIQ Roles to ensure proper discovery and implementation. Good knowledge of web server and application server. Good understanding of LDAP concepts and working experience with the directories. Experience in using database client tools like MS SQL Management Studio, Toad, etc. Excellent development coding skills relevant to SailPoint IdentityIQ (java beanshell oracle jsf XML etc.). Behavioral- Excellent communication (both - verbal & written), collaboration and relationship-building skills. Demonstrated initiative, creativity & ability to influence Client focused mindset - exceed the expectations of our internal and external customers Strong interpersonal, communication, motivational, organizational and planning skill Qualification Eligibility BE / B. Tech / MCA from reputed institute 5+ years of relevant experience across Information Security, Software Engineering, and Software Development roles to handle IAM projects Proven engineering skills in delivering IAM solutions related capabilities and practices Preferred Certification CISSP ( Certified Information Systems Security Professional) and/or CISA( Certified Information Systems Auditor) designation and/or CEH( Certified Ethical Hacker)

Job Title: Information Security - GRC Lead Department: InfoSec & Tech Ops Location: Pune (On-site) Job Type: Full-time Experience Level: 5 to 10 years Job Summary : We are seeking a highly motivated and hands-on GRC lead to drive our governance, risk, and compliance (GRC) initiatives. This role is crucial for designing, implementing, and overseeing robust security programs, conducting in-depth technical risk assessments, and ensuring continuous adherence to cybersecurity frameworks. This role will lead efforts in enhancing our security posture through application and strategic guidance across our internal infrastructure. Key Responsibilities Lead the design, implementation, and continuous improvement of the ISMS and cybersecurity programs (NIST CSF, ISO 27001, SOC2, Privacy). Oversee security assessments and compliance for third-party vendors and supply chain components. Develop, enforce, and continuously refine technical security policies, standards, and operational procedures. Conduct internal audits for both technology & wider business teams. Required Skills & Qualifications : Bachelor's degree in Computer Science, Information Security, or a related technical field. 5-10 years of progressive hands-on experience in GRC. Audit & regulatory experience will be a bonus.. Practical understanding and application of cybersecurity frameworks (NIST CSF, ISO 27001 etc.). Strong analytical, problem-solving, and critical thinking skills, with proven ability to make sound decisions under pressure. Preferred Certifications : ISO 27001 CISA or CRISC

Develop, implement, and maintain IT GRC policies, procedures, and frameworks. Conduct IT risk assessments in line with RBI/IRDAI/SBI frameworks and recommend mitigation measures. Monitor and report IT risk metrics. Align IT standards like ISO 27001,

Job Title: Identity & Access Management Analyst Project: Corporate Security Employee Access Management Experience Required: 3+ years in Identity & Access Management Work Timings (Rotational Shifts): Asia: 7:30 AM 4:30 PM EMEA: 12:00 PM 9:00 PM Key Skills Required: Identity & Access Management (IAM) Access Governance & Controls Basic knowledge of SQL, Unix, Active Directory (AD), and Networking Good to Have: Experience with platforms like Unix, Oracle, AD, Mainframe, Postgres Familiarity with tools like CyberArk, SecureID, IGL Understanding of regulatory compliance (SOC1, PCI, GLBA, SOX) Job Responsibilities: Handle IAM requests and provide support to internal teams in Asia Pacific and EMEA regions Act as a bridge between users and access engineers to resolve access-related issues Manage Role-Based Access Control (RBAC) including role creation and updates Support enhancements and automation in IAM systems Participate in access certification and governance reviews Assist senior team members in gathering business requirements Ensure access governance with least privilege principle Research and suggest improvements in IAM security practices Why This Role is Interesting: Work in the core domain of Information Security Exposure to multiple technologies and platforms Opportunity to collaborate with global teams Hands-on experience with industry-leading IAM tools If interested, drop your profile at nusrath.begum@priglobal.com along with the following details: Total Experience: Current CTC: Expected CTC: Notice Period:

Its fun to work in a company where people truly BELIEVE in what theyre doing! Job Description Summary: Job Overview: As a member of the IT End User Experience Team with Rocket Software, you are part of a global, fast-paced IT organisation whose primary mission is to provide world-class service to Rocketeers. As a Senior ITSM Process Analyst, you will be responsible for defining, implementing, managing, and continually improving ITIL-based IT Service Management (ITSM) processes and best practices for managing information technology services across Rocket Software, thereby enhancing the reliability and value of IT. Essential Duties and Responsibilities : Define, implement, manage, and continually improve ITSM processes, including, but not limited to, Change Management, Incident Management, Problem Management, Knowledge Management, Service Request Management, and Service Asset and Configuration Management, ensuring alignment with ITIL best practices and business objectives. Serving as the subject matter expert, create and update ITSM process documentation, including but not limited to policy and process documents, user guides and training materials. Provide training to Rocketeers on ITSM disciplines. Measure and report on the effectiveness of ITSM processes using key performance indicators, trend analysis, gap analysis and auditing practices to develop a continuous service improvement plan. Prepare and present the required management information reporting in a timely fashion. Enable visualisation of raw data to support strategic decision-making. Establish governance mechanisms to ensure compliance, traceability, and accountability across the ITSM processes managed. Collaborate with stakeholders, both internal and external to IT, to gather feedback, understand their requirements for service improvement, and take appropriate actions. Establish and cultivate collaborative and professional relationships between EUX, the broader IT Team and Rocketeers. Be an advocate for Rocketeers within IT to ensure that their needs and expectations are understood and met regarding the ITSM processes. Act responsibly and diligently to protect the Rockets brand, reputation, and customers by adhering to all Information Security policies and processes. Required Qualifications: Five (5) to eight (8) years of experience in ITSM process analysis with expertise in the ITSM processes listed below, preferably in a large enterprise organisation with a demonstrated pattern of increasing knowledge and responsibility. Incident Management Change Management Problem Management Knowledge Management Service Request Management Service Asset and Configuration Management Experience conducting process gap analysis and aligning practices with modern ITSM standards. Strong experience with metrics definition and KPI tracking within ITSM processes. Proven ability to define governance models and enforce role clarity across cross-functional teams. Strong troubleshooting and problem-solving skills with the ability to innovate and think out of the box while paying attention to detail. Outstanding interpersonal skills, including communication, presentation, and emotional intelligence. Strong stakeholder engagement and training delivery skills. ITSM Certification ITIL Foundation required Experience working in a culturally and geographically diverse team in a rapidly changing environment. Preferred Qualifications: Advanced ITIL certifications Microsoft 365 (Excel, PowerPoint) Jira Service Management Six Sigma Green Belt Education: Degree preferred Information Security: Information security is everyone s responsibility. A fundamental principle of information security at Rocket Software is that all individuals in the organization have a responsibility for the security and protection of company information and IT Resources over which they have control, according to their role. Diversity, Inclusion & Equity: At Rocket we are committed to an inclusive workplace environment, where every Rocketeer can thrive by bringing their full selves to work. Being a Rocketeer means you are part of our movement to continually drive inclusivity, diversity and equity in our workforce. . Rocket is committed to working with and providing reasonable accommodation to individuals with physical and mental disabilities. If you need special assistance or an accommodation while seeking employment, please call: 781-577-4321 or send an email to people@rocketsoftware. com. We will make a determination on your request for reasonable accommodation on a case-by-case basis. If you like wild growth and working with happy, enthusiastic over-achievers, youll enjoy your career with us!

Information Protection Associate Advisor - HIH - Evernorth ABOUT EVERNORTH: Evernorth exists to elevate health for all, because we believe health is the starting point for human potential and progress. As champions for affordable, predictable and simple health care, we solve the problems others don t, won t or can t. Our innovation hub in India will allow us to work with the right talent, expand our global footprint, improve our competitive stance, and better deliver on our promises to stakeholders. We are passionate about making healthcare better by delivering world-class solutions that make a real difference. We are always looking upward. And that starts with finding the right talent to help us get there. Position Summary: We are looking for a highly skilled Information Protection Associate Advisor to join our team, focusing on automation engineering initiatives to drive efficiency and reducing manual effort across the organization. In this role, you will work directly interact with application or product teams and cross-functional teams to identify automation opportunities, design and deliver scalable, resilient, and secure solutions that optimize our internal processes and support Cigna s overarching security goals. You will involve in the design, development, enhancement, and maintenance of Cyber security initiatives like intake system, automating workflows. This individual will contribute to major technology initiatives aimed at revolutionizing health services and the ability to influence security tools integrations within the healthcare delivery system working from HIH. Experience Required: 8 - 11 years of experience in cybersecurity, with a focus on application and product security Bachelor s or Master s degree in Computer Science, Information Security, or a related field. Strong understanding of Object-Oriented Programming (OOP), Design Patterns, Data Structures, and Web Standards. Hands-on development experience with Java or NodeJS or Python. Strong experience developing RESTful web services, Event-Driven Architecture and caching frameworks. Experience with Java/Spring Boot or NodeJS, React frameworks. Experience working with SQL and NoSQL databases. Proven expertise in automating security solutions within development pipelines (CI/CD) Experience in integration of security testing and compliance checks into build workflows (GitHub Actions, GitLab, CI/CD, Jenkins, ArgoCD, Tekton) Collaborate with development teams to implement secure coding best practices. Develop and maintain security policies, procedures, and documentation and adhere to the Enterprise standards. Strong understanding of various pipeline touchpoints and integration methods. Cloud experience (AWS, Azure, Google Cloud), Containers, and Kubernetes is highly desirable. Strong knowledge of secure software development practices and principles. Ability to work effectively in an Agile environment. Expertise in API development for automation and workflow integrations (eg. ASPM Orchestrator and developer reporting platform) Extensive experience with development, DevSecOps, and build automation tools such as Jenkins, Maven, GitHub, GitLab, IDEs, Docker, Kubernetes, OpenShift, Java, JavaScript, Node. js, Python, Shell Scripting, and MySQL or other database management tools. Development Experience in Jira, ServiceNow, Onspring Job Description & Responsibilities : This stream covers all the automation needs to improve efficiency and reduce manual effort across Cyber security teams. Identify key security and risk management processes that can be automated for efficiency. Review and analyze system integrations between security assessment tools and centralized risk platform. Collaborate with development and security teams to ensure automation aligns with org compliance and exception management requirements. Continuous assessment of existing manual and automated workflows to enhance effectiveness and reduce operation overhead. Proven experience in medium-to-large-scale web development projects. Ability to develop across the full technology stack, from front-end to back-end. Skilled in designing and developing next-generation RESTful APIs and event-driven services within a distributed architecture. Experience working in Agile development teams and adhering to Agile methodologies. Assist with tool selection for security and risk management processes that can be automated for efficiency. Review data mapping for system integrations between security assessment tools and centralized risk platform. Experience Desired: Knowledge of regulatory and compliance frameworks (e. g. , GDPR, HIPAA, PCI-DSS). Hands-on experience with security automation and orchestration. Proficiency in programming and scripting languages relevant to security (e. g. , Python, Java, Ansible, Shell scripting), Cloud and Kubernetes. Good knowledge of Sec Arch, Vulnerability Management, Cloud Security, and ASPM tools. Ability to manage and prioritize multiple projects in a fast-paced environment. Education and Training Required: Bachelor s degree in computer science, Information Technology, Cybersecurity, or a related field. Relevant certifications such as CISSP, CISM, CISA, or equivalent are highly desirable. Why Join Us Contribute to a high-impact security automation initiative at a strategic level. Work with cutting-edge security and cloud technologies. Collaborate with top security and engineering teams to drive automation and efficiency. About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Cloud Security Architecture : - Asses, help in design and development of AWS, Azure and AWS security architectures for protecting PII/PCI data deployed into different types of cloud and cloud/hybrid systems. - Improve the security around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS). - Work part of Cyber team for Enterprise Security for other Technology teams and Vendors within the organisation for all matters related to cloud security. - Implement NIST framework on cloud-native architectures to mitigate the risk to Organisation PII, PCI data and with appropriate security controls present. - SSDLC Embed Security practices in development and implementation of the overall enterprise cloud architecture to ensure Secure Software Development Lifecycle. - Enhance/redesign existing cyber standards in partnership with Engineering, Infrastructure Services, and Application Development. - Act as the ambassador and senior technical representative to Lead initiatives designed to share knowledge across Security Platforms and/or Technology teams, identify, recommend, coordinate and deliver timely knowledge to support teams regarding technologies, processes or tools. - Ensures the effective translation of the security architecture is implemented into the solutions. - Assist to evaluate all the new initiatives/solutions (including Cloud) with the design recommendations and work with project managers and architects during implementation. - SAP GRC / AC 12 experience is good to have. New Technology & Risks : - Evaluate and recommend tools and solutions to enhance the security posture of the Enterprise. - Maintain contact with vendors regarding security system updates and technical support of security products. - Perform cost-benefit and risk analysisAnalyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks. Measures of Success : - Product/services are cyber compliant and risk reduced to minimal or zero. - Successful implementation/ adoption of any new solution, technology or framework. - Timely and inbudget delivery of security projects specifications within time and budget. Technical Skills / Experience / Certifications : - CCSP certification is mandatory, Any among like TOGAF, SABSA, OSCP or python certification is preferred. - Knowledge of enterprise IT Systems, infrastructure and security technologies. - Knowledge of Information Security Standards like ISO 27001, PCI-DSS, NIST CSF, CSA framework etc. - Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc. - Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc.) preferred. - Experience architecting solutions within Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), VMware NSX, Oracle etc. - Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes such as secure software development, Application Security, data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments. - Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies. - Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies. - SAP GRC / AC 12 experience is good to have.

About the Team The Compliance team at Meesho is like the Avengers safeguarding Meesho's S.H.I.E.L.D. As an Associate Compliance Manager, youll take the lead in fortifying our systems and ensuring they remain secure and compliant. After all, when 5% of Indian households shop with us, its important to build resilient systems to manage millions of orders every day. Weve done this with zero downtime! Sounds impossible? Well, thats the kind of Engineering muscle that has helped Meesho become the e-commerce giant that it is today. We value speed over perfection, and see failures as opportunities to become better. Weve taken steps to inculcate a strong Founders Mindset across our engineering teams, making us grow and move fast. We place special emphasis on the continuous growth of each team member - and we do this with regular 1-1s and open communication. As an AssociateCompliance Manager, you will be part of self-starters who thrive on teamwork and constructive feedback. We know how to party as hard as we work! If we arent building unparalleled tech solutions, you can find us debating the plot points of our favourite books and games or even gossipping over chai. So, if a day filled with building impactful solutions with a fun team sounds appealing to you, join About the Role As an Associate Manager , youll play a key individual contributor role in driving security policies, ensuring adherence to compliance frameworks, and mitigating risks within Meeshos internal and external environments. Youll manage end-to-end compliance activities, oversee audits, and contribute to building a secure and compliant ecosystem. As part of the Security Compliance team, youll own and be accountable for the overall Information Security framework and program, helping to uphold the highest standards of security and privacy. What you will do Lead and own the end-to-end security compliance and certification charter. Define, roll out, and enforce Information Security policies and procedures. Define and ensure adherence to data privacy and data protection laws (e.g., DPDP). Collaborate with third-party vendors to maintain robust third-party security practices. Ensure compliance with IT Act, e-commerce guidelines, and regulations related to cryptography, information security, and data privacy. Conduct periodic information security awareness training programs for employees. Oversee information security risk management and privacy impact assessments. Develop and maintain Business Continuity Plans (BCP) and conduct Business Impact Assessments (BIA) to ensure organizational resilience Draft and enforce Data Protection Agreements and Information Security Agreements. Manage and coordinate internal and external audit-related activities. Collect and present audit evidence to ensure successful compliance assessments. Develop, implement, and maintain internal audit policies and procedures in line with standards such as ISO 27001, SOC 2, PCI DSS, or any other opted frameworks. Audit data, systems, and processes for policy and regulatory compliance. Provide actionable insights and reporting on the effectiveness of compliance programs. Conduct vendor audits and produce comprehensive reports. Plan and execute ad-hoc audits as necessary. What you will need Educational Qualification : Bachelor's/Master's degree in Computer Science, Information Security, or a related technical field. Experience : 47 years in information security, compliance, or audit roles. Demonstrated experience in startup environments or knowledge of regulatory frameworks (e.g., PCI DSS, ISO 27001). Strong problem-solving skills and hands-on experience implementing compliance standards. Familiarity with frameworks like ISO27001, NIST, Cyber Kill Chain, and MITRE ATT&CK. Working knowledge of cloud platforms (AWS, GCP) is highly advantageous. Excellent project planning, stakeholder management, and communication skills. Ability to adapt to evolving regulatory landscapes and implement best practices. Certifications like ISO Lead Auditor/Implementer, CISSP, CISM, CISA, or CCSP are a plus. Curious about life at Meesho? and they've made us the top-rated e-commerce workplace on Glassdoor. Our Mission Democratising internet commerce for everyone- Meesho (Meri shop) started with a single idea in mind -to be an e-commerce destination for the next billion Indian consumers and enable 100 million small businesses to succeed online. We provide sellers with a range of industry-first benefits such as zero commission and the lowest shipping cost. Over million sellers are registered on Meesho, growing their business by tapping the companys massive customer base, state-of-the-art tech infrastructure, pan-India logistics at the lowest cost through third-party logistics providers in an 'Everyday Lowest Cost' channel for sellers. Affordable, relatable merchandise mirroring local markets has helped us make inroads with first-time internet users in the country. We cater to an underserved and unique customer base and cover every serviceable pincode in the country. Our unique business model and continuous innovation has enabled us to become the first Indian horizontal E-commerce company.

Hi all, We are hiring for the role Information Security Architect Experience: 7 - 9 Years Location: Bangalore Notice Period: Immediate - 15 Days Budget: 20 LPA Only Skills: Information Security Architect -Bangalore Experience Required: 7 - 9 years Certifications: • Mandatory: CISSP (Certified Information Systems Security Professional) • Preferred/Added Advantage: AZ-500 (Microsoft Azure Security Technologies), CCSP (Certified Cloud Security Professiona Must-Have Skills CISSP Certification (Mandatory) Experience in secure architecture, threat modeling, and SD Elements Deep knowledge in application security, cloud (preferably Azure), and secure DevOps Familiar with frameworks like TOGAF, SABSA, NIST Strong collaboration and communication skills Experience using SD Elements for security requirements and issue tracking is mandatory. • Proficient in architecture frameworks such as TOGAF, SABSA, or NIST. • Good knowledge of cloud security (preferably Azure) and secure DevOps practices Good to Have Certifications: AZ-500, CCSP Tools: ThreatModeler, Microsoft Defender Frameworks: OWASP Top 10, MITRE ATT&CK If you are interested drop yor resume at mojesh.p@acesoftlabs.com Call: 9701971793

ForgeRock Engineer Responsibilities: Responsible for providing thought leadership and subject matter expertise in Identity and Access Management (IAM). Understand organizational business requirements to produce IAM solutions that meet current and future business needs. Facilitate discussions with internal customers and other stakeholders in large workshops, small groups or one-on-one sessions while driving adoption of best practices in IAM, across a range of applications and other IT resources. Ability to architect planning and design for new or upgrade IAM infrastructure projects, articulating the general benefits of an IAM system. Assess the current state of client IAM infrastructure to identify opportunities for improvement. Establish an IAM service improvement plan with particular focus on resource optimization and operational efficiency and effectiveness. Provide security design, consultancy, and assessment services while introducing improvements in technical security standards and security implementation designs/patterns. Develop / Implement a reference IAM architecture and ensure project and solutions delivery to that architecture. Develop Identity & Access Management Strategies to include roadmap planning and design. (leveraging as needed: Role-based Access Control (RBAC), Federation, Single Sign-on, Multi-factor Authentication, Segregation of Duties, and Reporting & Compliance) for on-prem, SaaS and Azure public cloud-based applications. Partner with IAM build team to ensure project planning and requirements are clearly defined and aligned for an appropriate implementation of scalable and agile IAM solutions. Work closely with Enterprise Architecture, Business Process Partners, and Transformation Management Office to ensure alignment of plans with what is being delivered. Required Skills/Qualifications: Minimum of a bachelor's degree in engineering or information systems or related field of study required. 10 or more years of experience in a diversified IT or information security role. Strong knowledge and proven experience on ForgeRock (Open IM, Open AM and and OpenDJ ). Strong implementation knowledge using SAML, OAuth 2.0, OpenID Connect, etc. Hands-on experience in development / integration background in ForgeRock tools such as Open AM, and Open IDM. Experience with Open IDM development: User provisioning, profile synchronization, and workflow. Good experience in creating policies as per requirements on Open AM. Technical experience with OpenSSO. OpenID Development experience. Should have knowledge of AD, LDAP, Database integration. Good communication skills, analytical skills, business analysis and customer relationship management. Broad understanding of information security tenets and security architecture principles. Experience developing strategies and roadmaps in line with best practices and proven frameworks is required. Strong knowledge and understanding of current and emerging cyber security threats, vulnerabilities, trends and mitigations ranging across the technologies required to provide layered defense is required. ForgeRock Identity Management Certification. ForgeRock Access Management Certification. Demonstrated ability to identify IAM requirements and validate implementation of specified requirements into a robust architecture that sufficiently protects valuable digital resources.

This Sr Associate Business Analyst will play a pivotal role in optimizing our organization s technical environment through data modeling, visualization, and strategic analysis. This position will focus on designing and delivering data-driven insights to support the Technology Rationalization Team, ensuring informed decision-making and prioritization of efforts. You will work on refining business processes, developing data models, and creating visual reports that guide leadership in optimizing IT investments. Additionally, you will contribute to building a sustainable service model for technology rationalization, ensuring long-term efficiency and cost-effectiveness. Roles & Responsibilities: Develop and maintain data models to support the Technology Rationalization Team in optimizing IT assets. Design and create interactive dashboards and visual reports to communicate insights effectively. Ensure data accuracy, consistency, and integrity across multiple sources. Provide senior leadership with data-driven insights to prioritize IT rationalization efforts. Identify opportunities to improve data collection, processing, and reporting workflows. Support the implementation of best practices in data governance and management. Work closely with technology teams to provide data-backed recommendations for IT asset optimization. Assist in building a scalable and sustainable service model for technology rationalization. Functional Skills: Must-Have Skills (Not more than 3 to 4): Data Modeling & Management - Strong ability to create, maintain, and optimize data models. Data Visualization - Proficiency in tools like Power BI, Tableau, Excel, or similar platforms. Stakeholder Collaboration - Experience working with cross-functional teams to align on data-driven priorities. Good-to-Have Skills: SQL & Database Knowledge - Experience working with relational databases, querying data, and optimizing datasets. Business Process Analysis - Ability to assess and refine business processes for efficiency. Data Storytelling - Capability to translate complex data into actionable insights for leadership. Experience with ServiceNow, especially CMDB, Common Service Data Model (CSDM) and IT Service Management. Experience working in SAFe and/or Agile Teams. Experience with process development/engineering. Professional Certifications : SAFe for Teams certification (preferred) Soft Skills: Excellent analytical and troubleshooting skills. Strong verbal and written communication skills Able to work under minimal supervision Ability to work effectively with global, virtual teams High degree of initiative and self-motivation. Ability to manage multiple priorities successfully. Team-oriented, with a focus on achieving team goals Basic Qualifications: Master s degree and 1 to 3 years of Information Security or IT OR Bachelor s degree and 3 to 5 years of Information Security or IT OR Diploma and 7 to 9 years of Information Security or IT experience

Let s do this. Let s change the world. In this vital role you will be collaborating with developers to create optimal designs that provide the best user experience. The UX Designer ensures that the users experience is a priority while maintaining simplicity and elegance in design. Clear communication and quick learning are crucial attributes for success in this role. Participate in design discussions with product managers and business leads to define user requirements and design goals. Collaborate with developers to create and implement design solutions that ensure an optimal user experience. Create annotated prototypes or wireframes of user interface designs that visually and textually communicate the behavior of a software application. Apply Figma and Lucid for creating wireframes, prototypes, and visual designs. Use JIRA for tracking design tasks and handling workflows. Maintain a user-centered design approach and ensure all designs are simple, elegant, and intuitive. Communicate design ideas and prototypes clearly to key partners and team members. Stay updated with the latest design trends and techniques to ensure the best user experience. Adapt to a fast-paced environment and learn new tools and methods quickly. Win What we expect of you Basic Qualifications: Masters degree and 3 years or more IT experience OR, Bachelors degree and 5 years of Information Security or IT experience OR, Associate degree and 7 years of Information Security or IT experience User experience as a priority Simple but elegant design approach Proficient in using standard design & wireframing tools (Figma, Adobe CC), hand drawing, whiteboarding, and visual communication, time-based and interactive prototyping tools (Figma Prototyping, Miro). Experience with JIRA Preferred Qualifications: Experience with HMTL, CSS Experience with SAFe Agile working Business Analyst mentality Passionate about learning new technologies, new methods, and new skills. Have a good understanding of Agile teams, practices, and principles. Professional Certifications: Any user experiences design certification (preferred) Soft Skills : Excellent analytical and troubleshooting skills. Detail oriented & Critical thinker Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation. Ability to handle multiple priorities successfully. Team-oriented, with a focus on achieving team goals Strong presentation and public speaking skills. Thrive What you can expect of us As we work to develop treatments that take care of others, we also work to care for our teammates professional and personal growth and well-being. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

In this vital role you will provide overall support for Amgen s Workday system with a focus on Talent & Performance Management configuration within Workday. The Sr. Associate, HR Systems and Solutions (Talent/Perf Configuration) will contribute to the delivery of high quality and timely service to cross-functional organizations. As part of the Talent and Performance Management product team, the Sr. Associate will support implementation of systems configuration updates while contributing to HR Technology Release planning, analysis and deployment for the functional area of responsibility. Roles & Responsibilities: Successfully deliver advanced configuration within the Performance Management module of Workday to meet the business requirements Contribute to research, evaluation, planning, design and deploying technology-related HR initiatives. Support HR Technology team and COE s success by identifying, recommending HR Technology enhancements for the Talent and Performance Management module. Administer, delineate, and monitor critical path release activities while resolving or escalating problems. Apply Amgen s Information Security and Privacy policies, standards, and processes to ensure the confidentiality and integrity of our HR data. Support delivery of Workday consultation to the broader HR team serving as Workday subject matter expert. Support training and coaching on Workday best practices. What we expect of you We are all different, yet we all use our unique contributions to serve patients. The [vital attribute] professional we seek is a [type of person] with these qualifications. Basic Qualifications: Master s degree and 1 to 3 years of HR IS experience OR Bachelor s degree and 3 to 5 years of HR IS experience OR Diploma and 7 to 9 years of HR IS experience Must-Have Skills: 5 + years demonstrated of hands on Workday configuration in Performance modules Previous implementation experience with Performance Management within Workday Demonstrated previous success rolling out new HR Technology in a fast paced, Agile Environment. Demonstrated HR technology solutions experience involving business processes, workflow, and systems implementation. Demonstrating successes in the HR and IT environment while focusing on the overall user experience. Soft Skills: Excellent analytical and troubleshooting skills Strong verbal, written communication and presentation skills Ability to work effectively with global, virtual teams Strong technical competence, logic, judgement and decision-making Strong initiative and desire to learn and grow Ability to manage multiple priorities successfully Team-oriented, with a focus on achieving team goals Exemplary adherence to ethics, data privacy and compliance policies What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

Let s do this. Let s change the world. In this vital role you will be collaborating with developers to create optimal designs that provide the best user experience. The UX Designer ensures that the users experience is a priority while maintaining simplicity and elegance in design. Clear communication and quick learning are crucial attributes for success in this role. Lead design discussions with product managers and business leads to define user requirements and design goals. Collaborate with developers to create and implement design solutions that ensure an optimal user experience. Create annotated prototypes or wireframes of user interface designs that visually and textually communicate the behavior of a software application. Lead and influence business-wide discussions relative to current user experience projects and the future direction of design and user experience Utilize Figma and Lucid for creating wireframes, prototypes, and visual designs. Use JIRA for tracking design tasks and handling workflows. Maintain a user-centered design approach and ensure all designs are simple, elegant, and intuitive. Communicate design ideas and prototypes clearly to key customers and team members. Stay updated with the latest design trends and techniques to ensure the best user experience. Adapt to a fast-paced environment and learn new tools and methods quickly. Basic Qualifications: Masters degree and 5 years or more IT experience OR, Bachelors degree and 7 years of Information Security or IT experience OR, Associate degree and 10 years of Information Security or IT experience User experience as a priority Simple but elegant design approach Experience in desktop, web and mobile based applications. Proficient in using standard design & wireframing tools (Figma, Adobe CC), hand drawing, whiteboarding, and visual communication, time-based and interactive prototyping tools (Figma Prototyping, Miro). Experience with JIRA Preferred Qualifications: Experience with HMTL, CSS Experience with SAFe Agile working Business Analyst mentality Passionate about learning new technologies, new methods, and new skills. Have a good understanding of Agile teams, practices, and principles. Professional Certifications: Any user experiences design certification (preferred) Soft Skills: Excellent analytical and troubleshooting skills. Detail oriented & Critical thinker Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation. Ability to handle multiple priorities successfully. Team-oriented, with a focus on achieving team goals Strong presentation and public speaking skills. What you can expect of us As we work to develop treatments that take care of others, we also work to care for our teammates professional and personal growth and well-being. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

Let s do this. Let s change the world. In this vital role As a Data Security Senior Manager, you will responsible to lead, operate, manage and improve Amgen s Data Loss Prevention (DLP) , Cloud Access Security Broker (CASB), and Data Classification services. This position will be responsible for delivering data protection services across Amgen s global enterprise. The role will work with architects, engineers and business units to help design, build, and implement critical preventive and detective security controls. This role will lead the team responsible for the protection of Amgen data in a rapidly changing security sector. Roles & Responsibilities: Maintain the service delivery and working order of Amgen Data Protection solutions across Amgen s global enterprise by leading the distributed team of data security analysts and engineers Execute Amgen service management processes such as Incident Management, Organisational Change, Service Requests, etc. for Amgen s DLP / CASB solutions Advise and consult to business domain experts to collect, analyze, create, tune and automate DLP /CASB policy sets Train and manage the team, including other leaders to analyze events and logs for opportunities to improve SaaS, Classification, and DLP policies Synthesize evolving business ecosystem changes to proactively identify new controls to and opportunities to improve data protection practices As needed, support Legal, Human Resources, and Incident Response teams in investigations related to data usage incidents Maintain the needed subject matter expertise to keep current, make recommendations, and lead or participate in the implementation and continuous improvement of technologies and services in assigned information security domains Act as main contact in audits covering information security services and technologies Advise on cryptographic services to protect the confidentiality and integrity of data at rest and in transit Collaborates multi-functionally with analysts, engineers, data scientists to deliver continuous improvement in cyber defense/resilience. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Master s degree and 8 to 10 years of experience OR Bachelor s degree and 10 to 14 years of experience OR Diploma and 14 to 18 years of experience Functional Skills: Must-Have Skills: Track record of leading multi-level and matrixed teams in the operations of security services at a large enterprise. Knowledge of Cloud Access Security Platforms (Elastica, Netskope, SkyHigh,etc) Understanding of cloud environment (AWS, O365, Box, Salesforce, etc) Experience with Data Protection Technologies for a global enterprise Solid knowledge of core cryptographic services (Confidentiality, Data Integrity Verification, Authentication, Non-repudiation) and their applications Competent understanding on how security technologies and data flows (on-prem / cloud) integrate Good-to-Have Skills: Experience and ability to mentor and train others Service delivery experience including headcount and budgetary planning Strong effective verbal and written communication skills including a mastery of Standard American Business English and experience with both technical and persuasive writing Basic experience with ITIL processes such as Incident / Problem / Configuration / Change management with a focus on metric-driven delivery Professional Certifications (please mention if the certification is preferred or mandatory for the role): CISSP or equivalent preferred Soft Skills: Established analytical and gap/fit assessment skills. Ability to work effectively with global, virtual teams High degree of initiative and self-motivation. Ability to manage multiple priorities successfully. Team-oriented, with a focus on achieving team goals Effective presentation and public speaking skills. What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

Let s do this. Let s change the world. In this vital role you will be responsible for the oversight and hands-on leadership of the Access and Privileged Access Management (PAM) team within Digital Identity Access Services (DIAS) organization. This role involves developing, implementing, maintaining, and updating IAM strategies, policies and procedures to ensure the security and integrity of our systems and data. The ideal candidate will have extensive experience in Okta, Microsoft Entra and PAM technologies like CyberArk, SSO, MFA, Password Vaulting and Privileged Account Management. Candidate should have a deep understanding of security standard processes, and the ability to lead a team in a dynamic, global environment. Roles & Responsibilities: Develop and maintain the Access and PAM standards and architecture, ensuring that it meets industry standards. Assess and select IAM technologies and tools that align with Amgen s IAM strategy. Lead the information security team, providing guidance, support, and mentoring to ensure the effectiveness of security operations. Develop and implement the IAM (Identity Access Management) strategy aligned with the organizations information security goals and regulatory requirements. Lead the design, implementation, and management of IAM solutions, including governance, access management, and privileged access management. Create, implement, and maintain IAM policies, standards, and procedures to manage user identities and access rights. Design and enforce access control mechanisms, including role-based access control (RBAC), to safeguard sensitive information. Manage IAM-related security incidents and vulnerabilities, coordinating with IT security teams to mitigate risks. Stay ahead of with industry trends, emerging threats, and standard processes in IAM. Collaborate with IT and security teams to integrate IAM solutions with other security and business systems. Develop and maintain key performance indicators (KPIs) to track service metrics and generate regular reports for management. Evaluate and implement IAM tools and technologies to enhance security and streamline processes. Participate in vendor proposals, contract negotiations/renewals. This role on occasion might have responsibilities outside of business hours. Travel: International and/or domestic travel up to 10% may be important. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications and Experience: Master s degree with 4 years of experience related field OR Bachelor s degree with 6 of experience in related field OR Diploma with 8 years of experience. Functional Skills: Strong knowledge of Privileged Access Management, Session Management and Vaulting technologies. Working knowledge of Web Access Management and SSO technologies (Okta, Azure, Ping Federate, SAML, OAuth, and OpenID/Connect). Experience and background of B2B concepts and architecture, application and reverse proxies, SSO, and multi-factor authentication. Familiarity with security standards and regulations (e.g., NIST, ISO 27001). Experience with Authentication, Provisioning/Deprovisioning, Role Management, Session Management and Privileged Account Management. Experience in driving transformation initiatives using Scaled Agile methodology. Excellent verbal and written communication skills for technical and non-technical audiences of various levels in the organization. Good-to-Have Skills: Work experience in the biotechnology or pharmaceutical industry. Degree in Computer Science, Information Systems, or Engineering. Familiarity with GxP standards, Information Security standards and policies like ISO 27001/27002, NIST and others. Strong problem-solving and analytical skills. Demonstrated ability to work effectively in a fast-paced, dynamic environment. Understanding of ITIL processes and implementation. Proficiency in scripting and automation (e.g., Python, Bash) is a plus Professional Certifications CompTIA Security+ (preferred) Cloud Identity or Security Certification (preferred) Okta Certification (preferred) CyberArk Certification (preferred) Soft Skills: Excellent analytical and troubleshooting skills. Strong verbal and written communication skills. Ability to work effectively with global, virtual teams. High degree of initiative and self-motivation. Ability to manage multiple priorities successfully. Team oriented, with a focus on achieving team goals. Strong presentation and public speaking skills. What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

Let s do this. Let s change the world. In this vital role you will be an integral part in driving growth & innovation, improving efficiency and creating enterprise value - supporting our mission To Serve Patients . The Manager-Information Security will be responsible for the oversight and hands-on leadership of the Directory Services (AD and LDAP) team within the Digital Identity Access Services (DIAS) organization. This role involves developing, implementing, maintaining, and updating IAM strategies, policies and procedures to ensure the security and integrity of our systems and data. The ideal candidate will have extensive experience in Active Directory, Enterprise Unix LDAP and other Directory services. Candidate should have a deep understanding of security standard processes, and the ability to lead a team in a dynamic, global environment. Roles & Responsibilities: Manage Amgens Internal and External PKI Technologies Manage External PKI vendors like Sectigo and Entrust Develop and maintain the Directory and LDAP standards and architecture, ensuring that it meets industry standards and best practices Assess and select IAM technologies and tools that align with Amgen s IAM strategy Lead the information security team, providing guidance, support, and mentoring to ensure the effectiveness of security operations Develop and implement the IAM (Identity Access Management) strategy aligned with the organizations information security goals and regulatory requirements. Lead the design, implementation, and management of IAM solutions, including governance for Directory Services. Create, implement, and maintain IAM policies, standards, and procedures to manage user identities and access rights. Design and enforce access control mechanisms, including role-based access control (RBAC), to safeguard sensitive information. Manage IAM-related security incidents and vulnerabilities, coordinating with IT security teams to mitigate risks. Know the latest with industry trends, emerging threats, and standard methodologies in IAM. Collaborate with IT and security teams to integrate IAM solutions with other security and business systems. Develop and maintain key performance indicators (KPIs) to track service metrics and generate regular reports for management. Evaluate and implement IAM tools and technologies to enhance security and streamline processes. Participate in vendor proposals, contract negotiations, and support renewals. This role on occasion might have responsibilities outside of business hours. Travel: International and/or domestic travel up to 10% may be essential. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Master s degree with 4 to 6years of experience related field OR Bachelor s degree with 6 to 8 years of experience in related field OR Diploma with 8 - 12 years of experience in related field. Preferred Qualifications: Must-Have Skills: Strong knowledge of Internal and External PKI (Public Key Infrastructure). Strong knowledge of Directory Services and LDAP Services. Solid understanding of Active Directory Domain structure and security, Windows Operating Systems and Domain Controllers, Azure AD and Microsoft Entra ID. Strong knowledge of LDAP directories and managing LDAP Structure. Knowledge of LDAP Schema and configuration changes. Create and modify Shell Scripts for bulk LDAP operations. Creation and implementation of LDAP Business Continuity plans. Familiarity with security standards and regulations (e.g., NIST, ISO). Experience with Authentication, Provisioning/De-provisioning, Role Management, Session Management and Directory Services. Experience in driving transformation initiatives using Scaled Agile methodology. Excellent verbal and written communication skills for technical and non-technical audiences of various levels in the organization. Good-to-Have Skills: Work experience in the biotechnology or pharmaceutical industry. Degree in Computer Science, Information Systems, or Engineering. Familiarity with GxP standards, Information Security standards and policies like ISO 27001/27002, NIST and others. Strong problem-solving and analytical skills. Demonstrated ability to work effectively in a fast-paced, dynamic environment. Understanding of ITIL processes and implementation. Proficiency in scripting and automation (e.g., Python, Bash) is a plus Professional Certifications CompTIA Security+ (preferred) Cloud Identity or Security Certification (preferred) Microsoft Azure Certification (preferred) Soft Skills: Excellent analytical and troubleshooting skills. Strong verbal and written communication skills. Ability to work effectively with global, virtual teams . High degree of initiative and self-motivation. Ability to manage multiple priorities successfully. Team oriented, with a focus on achieving team goals. Strong presentation and public speaking skills. What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

Let s do this. Let s change the world. In this vital role is focused on identifying, assessing, prioritizing, and tracking the remediation of vulnerabilities across the organization s technology stack. The Vulnerability Management Analyst plays a key role in the security operations team by ensuring known vulnerabilities are managed through their lifecycle using structured processes and tools. The individual will analyze vulnerability scan data, correlate threat intelligence (e.g., KEV, EPSS), and work closely with infrastructure, application, and business teams to drive risk-based remediation. Roles & Responsibilities: Analyze vulnerability scan results from tools like Tenable, Qualys, or Rapid7 to identify security weaknesses across infrastructure and applications. Prioritize vulnerabilities using multiple criteria, including CVSS, KEV (Known Exploited Vulnerabilities), EPSS (Exploit Prediction Scoring System), asset criticality, and business context. Partner with IT and DevOps teams to track remediation progress and provide technical guidance on mitigation strategies. Monitor threat intelligence feeds to correlate vulnerabilities with current exploit activity. Create and maintain vulnerability metrics, dashboards, and reports for leadership and compliance teams. Support vulnerability assessment activities in cloud environments (AWS, Azure, etc.). Maintain documentation related to the vulnerability management lifecycle. Assist in policy and process development related to vulnerability and patch management. Participate in audits and compliance efforts (e.g., SOX, ISO, NIST, PCI). What we expect of you We are all different, yet we all use our unique contributions to serve patients. Master s degree and 1 to 3 years of experience in Cybersecurity, vulnerability management or information security operations OR Bachelor s degree and 3 to 5 years of experience in Cybersecurity, vulnerability management or information security operations OR Diploma and 7 to 9 years of experience in Cybersecurity, vulnerability management or information security operations Must-Have Skills: Familiarity with vulnerability management tools (e.g., Tenable, Qualys, Rapid7). Understanding of CVSS scoring, vulnerability lifecycle, and remediation workflows. Basic knowledge of threat intelligence and how it applies to vulnerability prioritization. Working knowledge of network, operating system, and application-level security. Ability to analyze scan data and correlate it with business context and threat intelligence. Preferred Qualifications: Good-to-Have Skills: Experience with KEV, EPSS, and other threat-based scoring systems. Familiarity with patch management processes and tools. Exposure to cloud security and related scanning tools (e.g., Prisma Cloud, AWS Inspector). CompTIA Security+ GIAC GSEC / GCIH Qualys Vulnerability Management Specialist (QVMS) Tenable Certified Nessus Auditor (TCNA) Soft Skills: Analytical Thinking - Ability to interpret complex data sets and assess risk effectively Attention to Detail - Precision in identifying and tracking vulnerabilities and remediation status Communication Skills - Ability to communicate technical findings to both technical and non-technical audiences Collaboration & Teamwork - Able to work across IT, DevOps, and security teams to drive resolution Curiosity & Continuous Learning - Willingness to know the latest with evolving threats and technologies Problem-Solving Approach - Capability to identify solutions to security weaknesses in diverse environments What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

Let s do this. Let s change the world. In this vital role you will support the GRC Governance / Policy & Audit team working closely with Technology teams to help ensure that GxP controls are in place, GxP deviations are managed and monitored, and security standards are met. The GxP Manager will assist in owning and maintaining GxP deviation records, performing GxP assessments, managing controlled documents, and supporting regulatory compliance efforts. Roles & Responsibilities: GxP Governance Leadership Support the GRC organization in leading a team of GxP and/or policy analysts performing tasks related to information security governance, GxP deviation management, document management, audit commitments, and/or policy exception processes. GxP Deviation and CAPA Management : Manage and own technology related GxP deviations, CAPA, and CAPA-EV records Manage GxP reporting and monitoring metrics for Technology/IT records Collaborate with record owners and QA to ensure timely record resolution Lead the identification and evaluation of risks associated with GxP deviation records. Identify and support new record owners across IT/Technology (e.g. office hours, ad-hoc meetings, document management support). Attend enterprise network meetings and Quality Forums as needed to represent the Technology / IT function . GxP Deviation Monitoring and Improvements: Recommend deviation management improvement strategies across Technology/IT. Collaborate with Quality, IT application, cybersecurity, and business teams to supervise and resolve identified risks and vulnerabilities associated with deviations and CAPA s. Lead and manage conducting CAPA applicability assessments, time studies, and related initiatives to identify impacts and improvement opportunities in IT systems, processes, and policies. Supervise, monitor, and report on the efficiency of existing GxP records, trends, and recommend improvements as needed. Governance and Regulatory Support: Ensure compliance with relevant industry standards and regulatory requirements (e.g., GxP, GDPR, SOX, NIST). Lead proactive measures to facilitate compliance, such as collaborating with partners to initiate periodic reviews Lead the preparation for audits and inspections by internal and external parties, providing documentation and evidence of IT GxP deviation management practices. Support the development and implementation of IT governance, risk, and compliance frameworks and continuous improvements. Support the development and implementation of IT governance, risk, and compliance policies as well as supporting documentation, and their continuous improvements. Track and monitor document reviews, and support document owners to ensure timely periodic review completion. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Doctorate degree and 2 years of IT GxP deviation management, IT quality management, IT auditing, or information security experience OR Master s degree and 8 to 10 years of IT GxP deviation management, IT quality management, IT auditing, or information security experience OR Bachelor s degree and 10 to 14 years of IT GxP deviation management, IT quality management, IT auditing, or information security experience OR Diploma and 14 to 18 years of IT GxP deviation management, IT quality management, IT auditing, or information security experience Preferred Qualifications: Skills and Competencies : Solid understanding of GxP deviation management , controlled document management, IT infrastructure & systems, and security standard methodologies. Ability to assess technical and business risk related to information systems. Excellent problem-solving, analytical, and communication skills. Ability to communicate complex GxP and risk concepts to non-technical partners. Familiarity with regulatory frameworks and compliance standards (e.g., GxP, GDPR, HIPAA, SOX). Technical Knowledge : Proficiency with GxP deviation management tools, GRC (Governance, Risk, and Compliance) software, controlled document management tools enterprise organisational change tools, and security incident management tools. Experience with security controls related to networks, databases, and cloud environments. Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities, budget, and PI plan successfully Ability to manage a team of Information Security experts Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

The role is responsible for identifying, analyzing, and mitigating IT-related risks to the organization. This role will involve working closely with various departments to ensure that risk controls are in place, policies are adhered to, and security standards are met. The IT Risk Analyst will assist in developing and maintaining risk management frameworks, performing assessments, and supporting regulatory compliance efforts. Roles & Responsibilities: Risk Identification and Assessment : Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies. Assist in the identification and evaluation of risks associated with third-party vendors and partners. Maintain the IT risk register, documenting risks, issues, and remediation actions. Risk Mitigation and Monitoring : Recommend risk mitigation strategies and implement risk management controls across IT infrastructure. Collaborate with IT, cybersecurity, and business teams to track and resolve identified risks and vulnerabilities. Monitor and report on the effectiveness of existing IT risk controls and recommend enhancements as needed. Compliance and Regulatory Support: Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, SOX, PCI-DSS, NIST). Assist in the preparation for audits by internal and external parties, providing documentation and evidence of IT risk management practices. Support the development and implementation of IT governance, risk, and compliance frameworks. Vendor Risk Management : Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies. Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary. What we expect of you Basic Qualifications and Experience: Education : Bachelor s degree in information technology, Cybersecurity, Risk Management, or a related field. Certifications such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional) are highly desirable. Experience: 2 - 4 years of experience in IT risk management, IT auditing, or information security. Hands-on experience with risk management tools and frameworks (e.g., ISO 27001, NIST, COBIT). Skills and Competencies : Strong understanding of IT infrastructure, systems, and security best practices. Ability to assess technical and business risk related to information systems. Excellent problem-solving, analytical, and communication skills. Ability to communicate complex risk concepts to non-technical stakeholders. Ability to assess and interpret security-related clauses in third-party contracts, such as Security Requirements Schedules (SRS) Familiarity with regulatory frameworks and compliance standards (e.g., GDPR, HIPAA, SOX, PCI-DSS). This role involves second shifts: 2pm-11pm IST Technical Knowledge : Proficiency with risk management tools, GRC (Governance, Risk, and Compliance) software, and security incident management tools. Experience with security controls related to networks, databases, and cloud environments. Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills Collaboration across global teams What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

Summary As a key resource within the Audit Management Office (AMO), this role ensures effective coordination and management of audits and inspections involving Data, Digital & IT (DD&IT) systems and processes. This includes supporting GxP audits (e. g. , GMP, GCP) and regulatory inspections by authorities such as FDA, EMA, MHRA and Swissmedic. The associate acts as a liaison, ensuring that relevant DD&IT subject matter experts address audit queries and deliver required documentation in a timely and accurate manner. Additionally, the role involves monitoring audit findings, overseeing remediations, and driving continuous improvement in audit readiness. About the Role MAJOR ACCOUNTABILITIES Govern processes to effectively manage both internal and external audits across Data, Digital & IT (DD&IT), focusing on GxP (e. g. , GMP, GCP), quality, and regulatory-related audits, along with stakeholder management, remediation tracking, status reporting, and lessons-learned sharing. Act as the single point of contact (SPOC) for audit teams across DD&IT, coordinating audit and inspection activities, ensuring effective communication, and maintaining compliance throughout the process. Notify and mobilize relevant DD&IT stakeholders such as application managers, system owners, QA, Information Security & Compliance (ISC), and SOP process owners for audits and inspections, ensuring timely readiness. Coordinate globally with business teams to ensure audit support tickets are created, tracked, and resolved in alignment with Novartis policies and procedures. Conduct pre-audit meetings to clarify IT scope, agree on auditor pre-requests, align timelines, and ensure stakeholders understand expectations for audits and inspections. Provide advice and guidance to DD&IT teams on GxP and information systems compliance requirements to ensure alignment with regulatory standards such as FDA, EMA, MHRA and Swissmedic expectations. Track and proactively manage audit requests across different time zones, ensuring SMEs respond on time, identifying backups where needed, and escalating delays or deviations as appropriate. Guide DD&IT SMEs by clarifying audit process requirements and supporting them throughout the audit lifecycle, ensuring accurate delivery of requested information. Conduct training sessions on audit readiness, including proper inspection etiquette and effective collaboration during audits and inspections. Collaborate with internal teams to improve and standardize governance frameworks and processes, aiming to reduce audit findings and improve inspection readiness. Escalate compliance deviations and critical quality issues to senior management and coordinate resolution efforts, ensuring corrective and preventive actions (CAPAs) are implemented effectively. Manage relationships at a global level across divisions and functions, including ISC, e-Compliance, and DDIT teams, facilitating cross-functional alignment and collaboration on audit-related matters. Coordinate and participate in audit closing meetings, preparing summaries of findings, tracking observations, and supporting SMEs in addressing them. Partner with security, compliance, and quality experts to identify focus areas, evaluate industry trends, and recommend strategies to improve audit processes and outcomes. Monitor and report on audit findings, remediation actions, and related improvement activities, ensuring compliance, security, and quality gaps are addressed thoroughly. Drive and coordinate key Sarbanes-Oxley (SOX) activities in collaboration with application teams and external auditors, ensuring alignment to SOX IT controls and timely delivery of evidence while minimizing audit-related disruptions. Ensure adherence to security and compliance policies and procedures within the audit management governance framework, while aligning with internal and external quality standards. Minimum Requirements University degree or equivalent. Master s degree in IT, Quality Management, Business Administration, or related fields. Overall 8-10 years of work experience in quality management, audit, and compliance within IT, preferably in a global organization. Experience in the pharmaceutical industry or other regulated industries, with knowledge of GxP processes and compliance requirements. In-depth understanding of pharma business processes and their interrelationship with IT systems and regulatory frameworks. Proven track record of managing audits, regulatory inspections, and remediation efforts in pharma or other highly regulated environments. Experince with Computer System Validation (CSV), system testing, and adherence to lifecycle validation processes (e. g. , requirements gathering, system design, validation testing, implementation, and maintenance). Knowledge of ITIL processes and best practices. Demonstrated ability to work effectively in large, cross-functional, global organizations. Proficient in Excel, PowerPoint, and other productivity tools for reporting and presentation. Business-proficient in English (written and spoken). Strong communication skills with the ability to articulate expectations and audit requirements clearly to diverse teams and stakeholders. Ability to manage multiple priorities and time-sensitive processes efficiently. ITIL-certified professional. Strong knowledge of validation practices, including GxP, Sarbanes-Oxley (SOX), and pharmaceutical quality compliance standards. understanding of CSV lifecycle processes, including risk assessment, traceability matrix development, protocol execution, and impact analysis. Business knowledge or experience in IT s role supporting audit and compliance functions within regulated industries. Expertise in Computer System Validation (CSV) testing methodologies and frameworks. ? Our purpose is to reimagine medicine to improve and extend people s lives and our vision is to become the most valued and trusted medicines company in the world. How can we achieve this? With our people. It is our associates that drive us each day to reach our ambitions. Be a part of this mission and join us! Learn more here: https://www. novartis. com / about / strategy / people-and-culture Commitment to Diversity and Inclusion: Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to hear more about Novartis and our career opportunities, join the Novartis Network here: https://talentnetwork. novartis. com/network Why Novartis: Helping people with disease and their families takes more than innovative science. It takes a community of smart, passionate people like you. Collaborating, supporting and inspiring each other. Combining to achieve breakthroughs that change patients lives. Ready to create a brighter future together? https://www. novartis. com / about / strategy / people-and-culture Join our Novartis Network: Not the right Novartis role for you? Sign up to our talent community to stay connected and learn about suitable career opportunities as soon as they come up: https://talentnetwork. novartis. com/network Benefits and Rewards: Read our handbook to learn about all the ways we ll help you thrive personally and professionally: