409 Pci Dss Jobs - Page 13

With 10+ years of Solid knowledge in SIEM, firewalls, EDR, IAM, cloud security tools, NIST, CIS, or COBIT frameworks, ISO 27001, GDPR, PCI-DSS vulnerability assessments, and penetration testing.. Excellent leadership and communication skills.

Cyber Security Senior Advisor (A) - HIH - Evernorth About Evernorth:Evernorth Health Services, a division of The Cigna Group (NYSECI), creates pharmacy, care, and benefits solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people.Cyber Security Senior advisorJob Objective:The Information Protection Senior Advisor is responsible for conducting research, conceptualizing, designing, developing, and testing secure technology systems, including on perimeter and cloud-based networks to support to Cignas Information Protection Middle East and Africa (MEA) team. This role directly supports the MEA Portfolio covering 34x operational entities across 22x countries ensuring that security requirements are adequately addressed safeguarding the protection of sensitive policyholder data, claims information, and financial transactions.Reporting to the Head of Cyber Security Middle East & Africa, you will develop and enforce security strategies that mitigate cyber threats, protect against fraud, and ensure business continuity in a highly regulated health insurance environment. You will be required to design, implement, and oversee the security infrastructure for our business platforms in accordance with Cigna Information Protection (CIP) security architecture framework.In this role, you will work closely with CIP Architecture and Engineering, Risk Management, and Compliance teams to build secure architectures that align with internal and regulatory requirements such as SAMA CSF (KSA), ADHICS (UAE), GDPR, HIPAA, and PCI DSS.:13-16 years of experience in a Cyber Security Design and Development role.Partners with the CIP MEA leadership team to develop a regional strategy and operational plan to deliver CIP shared services to the business.Perform security reviews using CIP or Industry standards (NIST, ISO etc) to identify gaps in security architecture and controls as part of a MEA cybersecurity risk management plan.Develop and Integrate cybersecurity designs for systems and networks that require processing of multiple data classification levelsDetermine if systems and architecture are consistent with CIPs Secure Baselines and Global Security Architecture Requirements.Ensure secure third-party vendor integrations (e.g., Fronting Partners, Third Party Administrators, regulatory entities, payment processors and healthcare providers).Advise on security requirements to be included in statements of work for Cigna or JV partners procuring new technology services.Determine and Document the impact of new system and interface implementations on the cybersecurity posture of Cigna or a JV partner.Partners with the business to evaluate and translate functional requirements and integrating security policies into technical solutions.Performs comprehensive technology research to evaluate potential solutions across cyberspace systems relevant for the MEA region including Joint Venture (JV) partners.Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends enhancements.Maintains strong working relationships with individuals and groups involved in managing security architecture engineering and technology risks across the organizationStays abreast of current and emerging security threats and designs security architectures to mitigate themSkills Needed:Ability to analyse an organisations enterprise information technology architectureAbility to apply secure network architectures and security controls into proposed solutionsAbility to identify cybersecurity or privacy issues in external or partner connectionsAbility to design systems and apply security architecture guidelines across On-Premises and Hybrid Cloud environmentsAbility to partner with Infrastructure, Cloud and Application architects to perform user needs analysis and requirements gathering for large-scale projects.Ability to develop a cyber security strategy and input into detail-oriented operational planning including capability development (People, Processes, Technology, Data).Ability to perform Controls Assurance / Attestation and deliver comprehensive risk treatment plans.Technical depth and sound knowledge in networking, cloud, desktop, server, storage, software-defined-networking, virtualization and application domainsProven communication skills, able to write and verbally communicate complex conceptsProven collaboration skills and can adapt to changing organization changing business needs, technological advances and agile methodologySelf-starter and shows empathy towards business requirements and able to influence changes to facilitate securityHealth Insurance or Health Care Industry experience is a plusTravel required, approximately 10%Qualifications:Bachelors or Masters in Cybersecurity, Computer Science, or Information Security.Qualified candidates will typically have 13+ of professional IT experience work experience, with 8+ years of experience in a security design and development roleCISSP, CISM, CCSP, CRISC or similar certifications requiredExpertise in encryption, network security, cloud security, application security and endpoint protection.Deep knowledge of security risks, data privacy laws, and fraud prevention techniques relevant to Financial Services, FinTech and Health sectors.Experience in data security standards and best practices for Personally Identifiable Information (PII) and Personal Health Information (PHI)Experience and working knowledge of NIST, HIPPA, PCI DSS & ISO 27001 certification is a plusStrong written and spoken English skills, demonstrated ability to communicate at high levels, both verbally and in reportingStrong work ethic, high drive and ability to focus. High stamina. Shows optimism and determination when facing challengesAbility to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Title: Senior Internal Fraud Investigator (ATL/TL) Location: Gurgaon, India Type: Hybrid (work from office) Job Description Who We Are: Fareportal is a travel technology company powering a next-generation travel concierge service. Utilizing its innovative technology and company owned and operated global contact centers, Fareportal has built strong industry partnerships providing customers access to over 600 airlines, a million lodgings, and hundreds of car rental companies around the globe. With a portfolio of consumer travel brands including CheapOair and OneTravel, Fareportal enables consumers to book-online, on mobile apps for iOS and Android, by phone, or live chat. Fareportal provides its airline partners with access to a broad customer base that books high-yielding international travel and add-on ancillaries. Fareportal is one of the leading sellers of airline tickets in the United States. We are a progressive company that leverages technology and expertise to deliver optimal solutions for our suppliers, customers, and partners. FAREPORTAL HIGHLIGHTS: Fareportal is the number 1 privately held online travel company in flight volume. Fareportal partners with over 600 airlines, 1 million lodgings, and hundreds of car rental companies worldwide. 2019 annual sales exceeded $5 billion. Fareportal sees over 150 million unique visitors annually to our desktop and mobile sites. Fareportal, with its global workforce of over 2,600 employees, is strategically positioned with 9 offices in 6 countries and headquartered in New York City. Job Description and Responsibilities: Be the lead investigator one or of more cases. Self-manage the investigation from start to end, including compiling a periodic investigation report for senior management. Conduct investigations into suspected fraudulent activities reported by external or internal reporting mechanisms across all functions and departments. Perform a deep and details analysis of any available data, logs, or other information as part of the investigation. Proactively Identify and track down additional sources of data that can be used to help facilitate an investigation. Conduct internal forensic investigations using tools available within the organisation, log analysis, and monitoring systems. Work closely with the Information Security team to track unauthorized data access, phishing incidents, and security control bypasses. Assess risks in the Ops and Tech processes, identifying vulnerabilities in third-party tools like Accertify, etc. Gather and document evidence, prepare detailed investigation reports, and recommend corrective actions. Collaborate with Legal & compliance and Information Security teams as part of a broader fraud mitigation function. Stay updated with emerging fraud trends, regulatory changes, and industry best practices. Ensure that fraud investigation processes align with PCI DSS and ISO 27001 requirements. Monitor alerts for high-risk employees handling sensitive customer data (emails, phone numbers, credit card details). Conduct interviews and communicate with stakeholders as required. Required Skills & Qualifications: Bachelors / masters degree in finance, Accounting, Law, or an information security curriculum 4+ years of experience in fraud investigation, internal audits, or information security. Strong knowledge of fraud analytics, forensic tools, and SIEM solutions. 4+ years of experience as a Lead Fraud/Financial Crimes Investigator or forensic auditing. Familiarity with regulatory compliance requirements (e.g., PCI DSS, ISO 27001, etc). Self-managing able to initiate, run and conclude investigations from start to end. Hands-on experience with Fraud methodologies, best practices, incident handling. Experience with third party tools such as Accertify, Observe IT, etc preferred. Ability to analyze logs, transaction data, and employee behavior for fraud detection. Hands-on experience with fraud detection tools, case management systems, and payment security protocols. Proficiency in data analysis tools, fraud detection software, or investigative techniques. Excellent communication and report-writing skills Ability to handle sensitive and confidential information with integrity. Knowledge of relevant laws, regulations and compliance frameworks Work independently. Preferred Skills & Qualifications: Certification in Fraud examination (CFE) or forensic accounting is preferred. Detail-oriented, ability to consistently provide high-quality products that are concise, thorough and accurate; Work independently Strong attention to detail with an analytical mind and outstanding problem-solving skills. Disclaimer This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Fareportal reserves the right to change the job duties, responsibilities, expectations or requirements posted here at any time at the Company’s sole discretion, with or without notice.

Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: Bachelors degree in computer science or related field Excellent communication and team collaboration skills

Information Security Manager: Job Title: Information Security Manager Work from Office Location: Bangalore/Chennai/Hyderabad Experience:9 + years No.of Positions: #womenhiring #womenintech #womendiversity this role is exclusive for female candidates. Required Skills: Hands-on experience with security technologies Experience in Information security and business continuity internal audits Strong Knowledge in risk management, ISO 27001, ISO 22301 PCI DSS, HIPAA, GDPR, SOC 2 Knowledgeable in security concepts, techniques, tools, methods, and practices Good technical in cyber security products Individually to perform the technical audits Roles and Responsibilities: Minimum 8 years of experience in managing security audits, such as, ISO 27001, HIPAA, SOC 1, SOC2, PCIDSS Including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, HIPAA, PCIDSS audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Assist in testing and verification of all controls and formulating reports documenting findings. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Work closely with internal business teams to assist in the identification and assessment of potential security risks, and establish risk owners, ratings, and management action plans. Ensure continuity of compliance with ISO27001 and ISO 22301, PCI DSS, HIPAA, GDPR Analyse the potential impact of new threats and communicate risks to relevant business units Manage security operations, analyze security exceptions, gather necessary background information, document exceptions and ensurethat the risk is recognized and managed with compensating controls Provide orientation to Business Units on Risk Assessment, Business Continuity Plan and Business Impact Analysis Facilitate in preparation of a Business continuity plan for each project and functions Conduct internal ISMS and BCMS audits and identify potential gaps in the system Prepare detailed and summary reports of assessments, and remediation plans as needed and advise internal stakeholders Report the audit findings on the potential weakness in the system and areas of improvement

Programme phase: Responsibilities that sit squarely on the AI Engineer Phase 1 Intelligent Document Processing: Stand up the ingestion path: wire OCR services (StreamSets Tesseract/Textract or Spark) inside the PCI enclave. Create the RAG substrate: chunk & embed pages, build a hybrid BM25 + vector index, add a bge reranker layer and measure 92 % recall. Author the Extraction Agent: map 98 % of statement fees to the canonical taxonomy and persist lineage in Snowflake/Databricks. Hit the SLA: keep upload quote under five minutes and prove it in pilot UAT. Phase 2 Automated Pricing Engine: Embed pricing intelligence: glue rule based margin tables and the ML margin model into one Pricing Agent, with error 1 bp. Serve quotes at scale: expose the engine via REST/GraphQL, hold p95 latency below 90 s, and build the audit trail SOX reviewers demand. Own inference infra: productionise model serving, versioning and rollback hooks. Phase 3 Future add ons: Take RAG mobile: integrate an iOS/Android capture SDK and make sure 95 % of photos become usable PDFs/JSON. Close the learning loop: implement active learning triggers, nightly retrains and canary releases to fight layout drift and new fee codes. Cross cutting: Deliverables ownership: OCR/RAG model artefacts, vector/ETL code, pricing rule sets, OpenAPI docs and the PCI/SOX evidence pack. Must have skillsets and experience: 1. Retrieval Augmented Generation & IDP Building hybrid search (BM25 + embeddings) and re ranking pipelines; tuning recall/precision for unstructured card statement text. Designing and orchestrating Expert Agents (Extraction, Pricing, Validation) with LangChain/Snowpark task graphs. 2. Applied MLOps inside a regulated enclave GitHub Actions / Terraform CI CD, model versioning in MLflow or Snowflake, drift & cost dashboards in Prometheus / Tableau. Writing unit + synthetic statement tests that gate promotions, and rolling models forward under strict rollback guarantees. 3. Payment domain compliance & performance PCI DSS data handling patterns, PII masking, SOX grade lineage that captures embeddings, prompts and responses for 18 months. Meeting hard SLAs ( 5 min end to end ingestion; 90 s quote recompute) and sizing infra to keep GPU/credit burn visible to FinOps. 4. Full stack data & model engineering Deep Python/SQL plus either Snowflake VECTOR_SEARCH or Databricks Lakehouse vector indexes, and comfort switching between them. Experience wiring OCR at scale (Tesseract/Textract on UDFs or Spark) and streaming outputs into secure warehouses. 5. Collaboration in a quad team RACI model Willingness to act as the Responsible engineer while an AI Architect is Accountable, partnering tightly with the Business SME (fee taxonomy) and MLQA Engineer (accuracy evidence). Ability to translate compliance or finance feedback directly into backlog tasks without waiting for long managerial chains. 6. Continuous learning mindset Designing active learning loops that detect uncertainty, call for human labels and retrain nightly, keeping extraction and pricing accuracy high as statement formats evolve. In short: a successful AI Engineer here is a hands on builder who can move from low level OCR accuracy hacks to high stakes pricing logic, wrap the whole thing in auditable MLOps, and thrive in a small, decisive team that ships every twelve weeks

Must have skillsets and experience 1. Retrieval Augmented Generation & IDP Building hybrid search (BM25 + embeddings) and re ranking pipelines; tuning recall/precision for unstructured card statement text. Designing and orchestrating Expert Agents (Extraction, Pricing, Validation) with LangChain/Snowpark task graphs. 2. Applied MLOps inside a regulated enclave GitHub Actions / Terraform CI CD, model versioning in MLflow or Snowflake, drift & cost dashboards in Prometheus / Tableau. Writing unit + synthetic statement tests that gate promotions, and rolling models forward under strict rollback guarantees. 3. Payment domain compliance & performance PCI DSS data handling patterns, PII masking, SOX grade lineage that captures embeddings, prompts and responses for 18 months. Meeting hard SLAs ( 5 min end to end ingestion; 90 s quote recompute) and sizing infra to keep GPU/credit burn visible to FinOps. 4. Full stack data & model engineering Deep Python/SQL plus either Snowflake VECTOR_SEARCH or Databricks Lakehouse vector indexes, and comfort switching between them. Experience wiring OCR at scale (Tesseract/Textract on UDFs or Spark) and streaming outputs into secure warehouses. 5. Collaboration in a quad team RACI model Willingness to act as the Responsible engineer while an AI Architect is Accountable, partnering tightly with the Business SME (fee taxonomy) and MLQA Engineer (accuracy evidence). Ability to translate compliance or finance feedback directly into backlog tasks without waiting for long managerial chains. 6. Continuous learning mindset Designing active learning loops that detect uncertainty, call for human labels and retrain nightly, keeping extraction and pricing accuracy high as statement formats evolve

? ?Job Description ?Cybersecurity Architect: MRF00741A Keywords 1. Threat Model OR Threat Modeling OR Threat Modeling Frameworks (STRIDE, DREAD, PASTA, VAST, LINDDUN) 2. Security Review OR Security Architecture Review OR Cyber Security Architecture Review 3. Cybersecurity Architecture Design OR Secure by Design 4. Secure Code Reviews OR Secure Coding Standards OR Secure CI/CD (DevSecOps) 5. Cybersecurity Standards and Frameworks - NIST, CIS, OWASP, GDPR, PCI-DSS 6. CIS Controls Implementation Benchmarking Key Role Characteristics: Prepare high quality threat models and apply knowledge of MITRE framework and kill chains. Hands-on practical experience high quality threat models and knowledge of MITRE framework and kill chains Regularly provides technical guidance and direction to support the business and its technical teams, contractors, and vendors. Proficient knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (e. g. , public cloud, artificial intelligence, machine learning, mobile, etc. ) Engage with Product, Infrastructure and Engineering teams to build threat models, design secure systems, and secure code reviews at a recurring cadence. Must Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data. Manage to evaluate current and emerging technologies to recommend the best solutions for the future state security architecture. Knowledge of cloud architectures and security controls such as network security, IAM, data protection, PKI and logging and monitoring etc. Understanding of hybrid cloud environments and the complexities of securely deploying applications to the cloud and developing Security baselinesBenchmarking. Develop and maintain re-usable security architecture and design patterns for consumption. Strong understanding of attack vectors and ability to design and articulate security controls. Familiarity demonstrated knowledge and experience in securing cloud technologies such as Azure, AWS, GCP, Kubernetes, Container, and infrastructure as code deployments.

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. We are currently seeking an experienced professional to join our team in the role of Lead consultant specialist In this role you will: Hunting for malicious or anomalous activity across the enterprise, using existing tools. Acting in co-ordination with GCO staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and insider threat activities within the organization. Researching new and existing threat actors and associated tactics, techniques and procedures (TTPs); developing a detailed understanding of their potential impact to the organization, providing recommended solutions for improving our defensive and detective capability. Collaboration with the wider Cybersecurity functions, e. g. , Red Team, to develop hypotheses for new attack techniques and evasion methods. Coordinating threat hunting activities, leveraging intelligence from multiple internal and external sources. Reviewing incident and penetration testing reports and corresponding logs, to identify gaps in our detection capability and provide recommendations to improve them. Providing expert analytic investigative support on large scale and complex security incidents. Contributing to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes Training, developing, mentoring, and inspiring colleagues across the function in area(s) of specialism, strengthening Cybersecurity Operations capabilities. Represent HSBC Global Cybersecurity Operations at internal awareness and external cybersecurity forums. Collaborate with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose. Identify processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources. Requirements To be successful in this role, you should meet the following requirements: Excellent investigative skills, insatiable curiosity, and an innate drive to win. Instinctive and creative, with an ability to think like the enemy. Strong problem-solving and trouble-shooting skills Deep knowledge of hacker culture Developed external peer network for sharing intelligence. Self-motivated and possessing of a high sense of urgency and personal integrity. Excellent understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and laws. Excellent understanding and knowledge of common industry cyber security frameworks, standards, and methodologies, including OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards. Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and / or deception environment development (tripwire systems, honeypots, honey-token/accounts, etc. ) using open source, vendor purchased and bespoke/in-house developed solutions. Experience in computer forensics, vulnerability analysis, cyber security analysis, penetration testing and/or network engineering. Highest level of technical expertise in information security, including deep familiarity with relevant penetration and intrusion techniques and attack vectors Expert level knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems. Expert Knowledge and technical experience of 3rd Party Cloud Computing platforms such as AWS, Azure and Google

Role & responsibilities General description of the role: Minimum 8 years of experience in managing security audits, such as, ISO 27001, HIPAA, SOC 1, SOC2, PCIDSS Including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, or HIPAA, PCIDSS audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Assist in testing and verification of all controls and formulating reports documenting findings. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Work closely with internal business teams to assist in the identification and assessment of potential security risks, and establish risk owners, ratings, and management action plans. Ensure continuity of compliance with ISO27001 and ISO 22301, PCI DSS, HIPAA, GDPR Analyse potential impact of new threats and communicates risks to relevant business units Manage security operations, analyse security exceptions, gather necessary background information, document exceptions and ensure that the risk is recognized and managed with compensating controls Provide orientation to Business Units on Risk Assessment, Business Continuity Plan and Business Impact Analysis Facilitate in preparation of Business continuity plan for each project and functions Conduct internal ISMS and BCMS audits and identify potential gaps in the system Prepare detailed and summary reports of assessments, remediation plans as needed and advise internal stakeholders Report the audit findings on the potential weakness in the system and areas of improvement Preferred candidate profile Top 5 Skill Set Hands-on experience with security technologies Experience in Information security and business continuity internal audits Strong Knowledge in risk management, ISO 27001, ISO 22301 PCI DSS, HIPAA, GDPR, SOC 2 Knowledgeable in security concepts, techniques, tools, methods, and practices Good technical in cyber security products Individually to perform the technical audits

Job Title Security Analyst Role and Responsibilities The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards, regulations, and policies.The Security analyst will be professional, independent, impartial, and fair in all interactions. The security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units\u2019 information, applications, and infrastructure. Resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities. This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units. Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to IPS/IDS alerts; change detection (FIM) alerts application firewall alerts; malware alerts rogue wireless network alerts security system health alerts; exploit attempt alerts Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to audits of system security to ensure compliance with Corporate security framework NIS 2, NIST 800-53, ISO 27001/2, PCI-DSS emerging country, state, and Federal privacy laws Primary POC in a vulnerability management program of the account that includes external and internal vulnerability scans of applications and systems external and internal penetration tests of applications and systems documentation and remediation of identified vulnerabilities and exploits routinely monitoring various communication avenues for security vulnerabilities and security patches taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement Acts as the initial point of contact to facilitate the handling of security audits and client requests Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units Qualifications and Education Requirements CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus. Minimum of Five (3 to 5) Years of experience in IT Security compliance, or Security Auditing is required. Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc. Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls. Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter. Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences. Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Experience in PowerPoint, Word, Excel; experience with Visio and MS Project. Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations. Familiarity with security, workflow, and collaboration tools such Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally Preferred Skills Creating and Maintaining NIST 800-53-rev5 based SSP and POAM Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Conduent is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, gender expression, sex/gender, marital status, sexual orientation, physical or mental disability, medical condition, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. People with disabilities who need a reasonable accommodation to apply for or compete for employment with Conduent may request such accommodation(s) by submitting their request through this form that must be downloaded:click here to access or download the form. Complete the form and then email it as an attachment toFTADAAA@conduent.com.You may alsoclick here to access Conduent's ADAAA Accommodation Policy. At Conduent we value the health and safety of our associates, their families and our community. For US applicants while we DO NOT require vaccination for most of our jobs, we DO require that you provide us with your vaccination status, where legally permissible. Providing this information is a requirement of your employment at Conduent.

Duties and Responsibilities+B5:E25C11B5:E21 The Security Project Manager oversees and manages security-related projects, ensuring timely completion within scope and budget, while coordinating with stakeholders, managing resources, and ensuring compliance with security standards and policies. Years of Experience 8 to 10 years Must Have Nice to Have Domain Expertise Project Management: Mastery of planning, risk management, and execution using tools like Jira or MS Project. X Security Principles: Knowledge of cybersecurity threats and information security standards (e.g., ISO 27001, NIST). X Technical Basics: Understanding IT infrastructure, networks, and security tools (e.g., SIEM, firewalls). X Compliance: Familiarity with regulations like GDPR, HIPAA, or PCI DSS relevant to the projects scope. X Leadership: Ability to coordinate teams, solve problems, and communicate security needs effectively. X Technical / Functional Skills Expertise in cybersecurity, including security design, architecture, controls, and policies. Experience with IAM (Identity and Access Management) is essential. X Proficiency in project management methodologies and tools, such as Agile, SAFe, Scrum, and ITIL processes. Ability to manage complex projects and coordinate between different teams. X Knowledge of Industry leading security technologies. Ability to perform assessments, plan, design, and deploy security solutions. X A minimum of 5-7 years of experience in project management, with at least 3-4 years specifically in security project management X Strong experience with project management tools such as Jira, Microsoft Project, ServiceNow, etc. X

The Operational, Technology and Cyber Risk (OTCR) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank s operations, data, and IT systems by managing operational, technology and cyber risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Group OTCR team serves as the second line of defence for assuring that controls are implemented effectively, in accordance with the OTCR Framework, and for instilling a risk culture within the Bank Key Responsibilities The Head of Policy & Regulatory Management is a key leadership role responsible for developing, implementing, and maintaining robust policies, and overseeing standards and controls to safeguard the companys information assets and ensure regulatory compliance within the dynamic industry. This role will lead a small team of policy and risk professionals, collaborate with key stakeholders across the organization, and act as a subject matter expert on evolving cyber security and technology policy matters. The Policy team are responsible for defining and maintaining Cyber and Technology Policy and overseeing first line standards and control implementation. Policy and standard set out the mandatory outcomes the Bank needs to manage the requisite risks effectively, requiring regular update and management to deliver operationally effective and future fit guidelines. The role will be responsible for providing thought leadership on best-in-class policy, standards and control delivery, helping drive the simplification, consolidation and continuous improvement. The role also includes executing Legal and Regulatory Management activities related to the respective policies and frameworks including mapping of regulatory requirements against new regulations and responding to regulatory RFI s. Skills and Experience The ICS & Technology Policy function is responsible for ensuring that the respective policies remain valid, relevant and effective together with the Standards that support the Policy. The responsibilities include. Develop, maintain, and enforce comprehensive Cyber Security and Technology policies that are aligned with industry best practices (e.g., NIST, ISO 27001, PCI DSS), regulatory requirements (e.g., GDPR, CCPA, FFIEC), and business objectives. Ensure policies are clearly documented, communicated, and readily accessible to all relevant stakeholders. The role will be heavily focused on driving enhancement and convergence across ICS and Technology. This will include providing thought leadership on risk and controls, guiding the organisation to develop a simplified control taxonomy, and improving measurement, reporting and compliance. Ensure forward looking approach to assess and update the Policy for fast evolving emerging technologies such as AI, Quantum Computing and Digital Assets. Ensure alignment across wider Risk Frameworks and ecosystem, connecting the dots across frameworks, policy, standards, controls, and process. Qualifications A rigorous and analytical approach to risk management Knowledge of the Business and its franchise and/or remit. Experience of business partnering, including the ability to synthesise and articulate complex and technical topics clearly to diverse audiences Ability to manage a diverse and challenging stakeholder community / team Proven experience with co-ordination of many dependencies in a complex, large-scale environment Specific strong competence in the use of Excel for analysis of complex data and PowerPoint for communication purposes Ideally the role holder will have specific experience of OTCR frameworks and have an in-depth knowledge of some of the key organisational and operational challenges faced by a Second-Line Risk function. Group, with specific knowledge in cyber and information security risk Ability to represent the Bank with external stakeholders via Industry Forums and at key Regulatory meetings. Ability to assess priorities and focus on detailed aspects of a SME function to drive effective delivery Excellent analytical skills: ability to think clearly and rigorously about how best to assess existing and emerging risks and readiness, being able to reach a pragmatic approach and direction. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations. Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum. Flexible working options based around home and office locations, with flexible working patterns. Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning. Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. 24833

Job Description Work with External Auditors as required, including facilitating interactions and documentation requests. Assist with compliance framework assessments including, but not limited to NYDFS, PCI DSS, SOC, SOX, GLBA, CIS, MTL and HIPAA. Coordinate external penetration test(s). Coordinate remediation of observations noted from Audit(s) or Gap Analyses. Conduct Internal Audits each quarter. Conduct New Product Audits. Review and edit policies as necessary, but no less than annually. Develop technical security training programs for application users, site security personnel, IT and HR staff globally. Coordinates audit activities with customers workload and schedule. Maintains the Internal Audit manual and leads updates to audit templates. Conducting investigations on irregularities and errors seen during the Audit. Conduct Table Top exercises including, but not limited to Business Continuity/Disaster Recovery and Incident Response. Update Risk Assessment(s) no less than annually. Complete internal vulnerability scans. Complete new hire training, including but not limited to KnowBe4 and BAI. Work with vendors, banks, partners as required to meet their compliance needs, including but not limited to, Questionnaires, RFPs, and Report Requests. Provide consultation and advisement to the business and project leads around compliance initiatives. Performance of other duties and responsibilities as assigned Comply with and enforce company policies and procedures Provide regular and predictable attendance considering any rights to leaves provided by law or company policy Perform all essential job functions without posing a direct threat of harm to yourself or others Effective written and verbal communication with subordinates, peers and supervisor Preferred candidate profile Demonstrate an ability to work under pressure to meet deliverables accurately and on time Excellent communication, interpersonal, organizational, time management and leadership skills Collaborate effectively with other teams within the Security and Compliance department, IT and the Organization Must be able to resolve problems on a daily basis, handle conflict and make effective decisions under pressure. Determination, Dependability, Integrity, Professionalism

We are looking for a highly skilled and experienced IT Due Diligence Manager to join our team in Bengaluru. The ideal candidate will have 4-7 years of experience in the field. Roles and Responsibility Analyze technology implications for active M&A transactions. Review client investment theses, company profiles, and information on business technology environments. Research niche technologies, regulatory obligations, and latest trends to guide analysis. Participate in discussions with company executives to understand business processes and leverage technology strategy. Evaluate commercial off-the-shelf and custom-developed applications for sufficiency, scalability, and maintainability. Assess a company's IT infrastructure for hosting model adequacy, hardware inventory, network architecture, and business continuity procedures. Analyze technology vendor contracts and compute IT spend through contract reviews and financial documents. Develop workbooks and reports to capture diligence observations/analysis. Manage and develop RSM USI team members. Job Requirements Academic Qualification: B.Tech. and MBA from leading technology/business schools. Relevant experience of 4-7 years at a Big 4 or equivalent Advisory Services practice. Knowledge of Microsoft-powered AI products such as Microsoft CoPilot or any other GenAI tools is preferred. Experience with onshore teams, including data room management, document request list preparation, management meeting preparation, workbook analysis, quality of earnings, due diligence reports, client calls, and engagement team calls. Experience with post-acquisition/carve-out integration and separation-related engagements. Preferred industry experience in manufacturing, distribution, consumer products, business services, healthcare, financial services, business services, or technology. Knowledge of US-based regulatory and compliance frameworks such as FFIEC, NERC CIP, PCI DSS, HIPAA, GLBA, and HITECH is a plus. ERP or supply chain application implementation experience; functional expertise in IT and supporting front/back-office operations preferred. IT and cyber-related certifications (CISSP, CISM, HITECH, PCI DSS QSA, CEH, Azure, AWS). Strong skills in critical thinking, problem-solving, and process improvement. Excellent interpersonal and communication skills to interact effectively with internal team members and external clients. Ability to be a self-starter and drive successful client delivery. Demonstrates willingness to invest time in cross-time zone communication with U.S.-based teams. Evaluated as an exceptional performer in current position.

Security Risk and Compliance Expert will be instrumental in shaping the global Information Security Management System (ISMS) within our Group Security team. This role involves engaging with various Business Groups and Corporate Functions to identify and manage information security risks, ensuring compliance and enhancing our security posture. Facilitate risk assessments, develop training, and contribute to the continuous improvement of security policies and tools. Enhance the overall security and compliance of services provided to our customers. You have: Master's or bachelor's degree in computer science, security engineering, or equivalent 5+ years of experience in information security in a multinational organization. Solid understanding of information security processes and technologies Practical knowledge of ISO/IEC 27001:2022 standard implementation Excellent documentation and communication skills It would be nice if you also had: Knowledge of security standards like CSA CCM, NIST CSF, NIS2, and SOC2 Experience delivering information security training Familiarity with RSA Archer and Microsoft Power BI or other GRC tools Certifications in information security (e.g., CRISC, CISSP and ISO 27001 LI/LA) Implement and operate the global Information Security Management System (ISMS) to enhance overall security and compliance Conduct risk assessments with global stakeholders to evaluate and report information security risks Develop and maintain the information security risk register, tracking mitigation progress and presenting reports to stakeholders Provide recommendations for security risk mitigation strategies tailored to different business groups Create, update, and maintain ISMS documentation and a repository of reports and audit records Facilitate training sessions to educate employees on ISMS practices and promote a strong security culture Collaborate with cross-functional teams to identify evolving security trends and compliance requirements Contribute to the continuous improvement of Nokia ISMS and related tools, utilizing KPIs to measure effectiveness

Audit Management: Coordinate and support internal and external audits, including evidence collection, control testing, and remediation tracking. Serve as the secondary point of contact for auditors and third-party assessors. Maintain audit logs, findings, and corrective action plans. Compliance Oversight: Monitor and ensure compliance with industry regulations and internal security policies. Map controls and processes to multiple compliance frameworks (e.g., NIST, ISO, SOC 2, HIPAA). Track evolving compliance obligations and help update policies accordingly. Access Management: Support access management processes Coordinate and drive periodic user access reviews. Business Continuity & Disaster Recovery (BCDR) Collaborate with IT, operations, and business units to develop and maintain BCDR plans. Coordinate and conduct periodic BCDR tests, document results, and track corrective actions. Evaluate critical business processes to identify single points of failure and propose continuity strategies. Ensure BCDR plans align with compliance requirements and organizational risk appetite. Maintain an inventory of critical assets and dependencies required for continuity and recovery. Policy Development & Enforcement: Assist in developing, updating, and enforcing information security policies, procedures, and standards. Ensure policies align with compliance frameworks and are effectively communicated across the organization. Documentation & Reporting: Maintain detailed and organized documentation of security controls, evidence, and compliance artifacts. Create reports and dashboards for leadership on compliance status and audit readiness. Other assignments as required to support the security, compliance, and resilience goals of the organization. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Bachelor’s degree in Cybersecurity, Information Systems, Risk Management, or related field. 3+ years of experience in information security, with a focus on compliance and audits. Hands-on experience supporting one or more compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, NIST). Strong understanding of security controls and risk management practices. Strong understanding of network, system, and application security principles. Strong knowledge of risk management principles and audit processes. Excellent analytical, problem-solving, and communication skills. Preferred technical and professional experience Strong attention to detail and organizational skills. Excellent written and verbal communication. Ability to manage multiple audits and compliance initiatives simultaneously. Comfortable working with technical and non-technical teams.

Domain Certifications CISSP, CISA, CRISC, ISO 27001 Responsibilities Own and lead the governance program at account level for a large Financial services account with 700 + head count and multi country locations having high security Offshore Delivery Centres & Work from home teams Develop, implement and monitor Account level Information security governance program; meeting client compliance requirements proactively Perform contract reviews, cyber security risk assessments and drive compliance programs to meet contractual and organizational cyber security requirements within the client offshore delivery centres. Experience in Application security and code reviews which can be leveraged to guide and work with delivery teams on covering the cyber security risks associated with Application security, development and maintenance projects. Work closely with different teams internally like IT, business, HR, facilities, cyber security which operate at Organization level to translate client requirements and assess residual risk if required Give directions and monitor the compliance and operations activities within the account through dedicated team and work closely with account team on ensuring the compliance within account team Develop account level procedures, metrics and review programs to maintain and enhance the governance model within the account Be a single point of contact for client interactions during third party audits and liaise within the organization Prepare the account for certification and internal audit requirements based on industry standards like PCI DSS and ISO 27001 requirements Focus and objective driven to demonstrate ongoing improvements; identify early indicators of non compliance and able to draw mitigation actions Hold technical skills to participate in technical discussions for delivery centre setup, connectivity models Excellent communication skills and have demonstrated effective CXO level reviews

So, what s the role all about Cloud Information Security Engineers maintain the security of operating systems, storage, public cloud environments and hardware. They maintain and monitor the security of NICE CXone s lab and production environments. Other responsibilities include identifying security requirements, owning projects related to audits and maintaining a secure systems environment. The Senior Cloud Information Security Engineer needs good communication skills and must be able to work collaboratively with other technical colleagues. They share their expertise and provide individual training and support. How will you make an impact Maintain, monitor, and support the security of a large, global infrastructure environment Performing Risk Assessment and Mitigation Following defined procedures to monitor systems security and resolving issues Security policy development and enforcement Participate in internal and external audits providing required evidence Identifying and Implementing remediation required by audits/assessments Maintain the security of lab and production storage Maintain the security and compliance of enterprise grade systems related hardware Cross-train and share knowledge with team Maintain documentation of security and remediation related processes Communicates events to stakeholders, teams, and leadership Works daily with EDR, NGAV and SIEM products Work with Change Management Have you got what it takes Must have good attention to detail, and the ability to make good, timely decisions Be a Team-player, have a positive attitude and able to work with a distributed team in multiple time zones Experience successfully working in fast paced, production environments Experience working within a team of IT professionals; taking and following direction and completing tasks and assignments in a timely manner with a positive attitude Be a self-starter who is proactive, motivated and can work independently Experience Leading Projects and Delivering Solutions Through Completion Knowledge of common security and compliance certifications and frameworks, such as ISO 27001, SOC 2 type 2, PCI DSS, FedRAMP, IRAP, GDPR etc. 2+ years working with EDR and/or SIEM products 2+ years working with Threat Detection and Incident Response 4+ years in Windows Server Administration 4+ years managing infrastructure security vulnerabilities 4+ years working in a PCI/FedRAMP/IRAP compliant environment 4+ years communicating in English in a technical field Experience working with change management processes Experience working in hybrid Cloud and On-Premise environments Experience working with and responding to security questionnaires Experience working with PowerShell and other scripting languages What s in it for you Enjoy NICE-FLEX! Requisition ID: 5962 Reporting into: Tech Manager Role Type: Individual Contributor About NICE

Understand and apply Technology Control Framework based on industry standards to establish, promote and manage governance, risk compliance. Implement security controls, risk assessment framework, and program that align to best practices and regulatory requirements. Ensure and monitor effective implementations of the policies and procedures. Inform and align decision making for information technology planning, policy and operations to meet business objectives. Communicate the governance activities, policies and decisions with the IT Management and Business Leadership and keep them informed of IT governance decisions that will affect IT services and projects. Work with different stakeholders to maintain up-to-date documentation for scoping, testing and remediation of technology controls Assess audit findings / gaps including control weaknesses in coordination with different stakeholders and assist with development of management action plans. Assess efficacy of security controls, document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities. Ability to communicate a deep understanding of the business and a broad knowledge of existing risk evaluation practices is expected in this role. Carefully maintain complaint and nonconformance processing through records and tracking systems, including root cause and corrective actions. Execute strategy for dealing with increasing number of audits, compliance checks and internal assessment processes for Ameriprise standard compliance framework/practices. Lead the identification, assessment, and mitigation of risks across all operational, strategic, and regulatory domains. Oversee the governance controls across technology business units, ensuring effective governance structures, executive performance evaluations, and compliance with corporate governance codes. Work closely with senior management to define risk tolerance levels, ensuring that appropriate mitigation measures are in place. Maintain strong relationships with key internal and external stakeholders, including the Board, senior management, regulators, auditors, and business leaders. Provide regular updates to the Board and senior management on governance, risk, and assurance matters, including risk exposures, compliance status, and audit outcomes. Lead the preparation of comprehensive risk and governance reports, including annual governance reports, risk assessments, and assurance reviews for the Board and senior management. Job Responsibilities Understand and apply Technology Control Framework based on industry standards to establish, promote and manage governance, risk compliance. Implement security controls, risk assessment framework, and program that align to best practices and regulatory requirements. Ensure and monitor effective implementations of the policies and procedures. Inform and align decision making for information technology planning, policy and operations to meet business objectives. Communicate the governance activities, policies and decisions with the IT Management and Business Leadership and keep them informed of IT governance decisions that will affect IT services and projects. Work with different stakeholders to maintain up-to-date documentation for scoping, testing and remediation of technology controls Assess audit findings / gaps including control weaknesses in coordination with different stakeholders and assist with development of management action plans. Assess efficacy of security controls, document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities. Ability to communicate a deep understanding of the business and a broad knowledge of existing risk evaluation practices is expected in this role. Carefully maintain complaint and nonconformance processing through records and tracking systems, including root cause and corrective actions. Execute strategy for dealing with increasing number of audits, compliance checks and internal assessment processes for Ameriprise standard compliance framework/practices. Lead the identification, assessment, and mitigation of risks across all operational, strategic, and regulatory domains. Oversee the governance controls across technology business units, ensuring effective governance structures, executive performance evaluations, and compliance with corporate governance codes. Work closely with senior management to define risk tolerance levels, ensuring that appropriate mitigation measures are in place. Maintain strong relationships with key internal and external stakeholders, including the Board, senior management, regulators, auditors, and business leaders. Provide regular updates to the Board and senior management on governance, risk, and assurance matters, including risk exposures, compliance status, and audit outcomes. Lead the preparation of comprehensive risk and governance reports, including annual governance reports, risk assessments, and assurance reviews for the Board and senior management. Preferred Key Skills Foundational knowledge of Cloud Computing Technologies (AWS, Microsoft Azure, GCP etc. ). Possess strong oral and written communication skills along with refined presentation skills and the ability to work with other departments and varying levels of management, including senior leadership. Be able to engage at all levels of the organization to organize, drive and communicate results. Good understanding of industry standards for compliance such as ISO 27001:2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards. Defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions Questions status quo and navigates through roadblocks. Ameriprise India LLP has been providing client based financial solutions to help clients plan and achieve their financial objectives for 125 years. We are a U. S. based financial planning company headquartered in Minneapolis with a global presence. The firm s focus areas include Asset Management and Advice, Retirement Planning and Insurance Protection. Be part of an inclusive, collaborative culture that rewards you for your contributions and work with other talented individuals who share your passion for doing great work. You ll also have plenty of opportunities to make your mark at the office and a difference in your community. So if youre talented, driven and want to work for a strong ethical company that cares, take the next step and create a career at Ameriprise India LLP. Full-Time/Part-Time Timings (2:00p-10:30p) India Business Unit AWMPO AWMPS Presidents Office Job Family Group Technology

Governance and Compliance,Risk Assessment and Management,Regulatory Compliance,Policy Development and Enforcement,Third-Party Risk,Data Security Metrics,Risk Reporting Framework Management,eDiscovery,Mitigation Strategies

ROLE & RESPONSIBILTY: Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments. REQUIREMENTS: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices. Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review. Conceptual knowledge of OT Security/ISA 62443 standard is preferable.

. BASIC INFORMATION ON THE POSITION Position Name Trainee - ESGC Mandatory/Required Skills Location Location Mandatory/Required Skills PURPOSE OF THE ROLE To ensure Enterprise Risk management framework and Information Security Management System are effectively implemented in line with the business objectives KEY RESPONSIBILITIES AND ACCOUNTABILITIES 1. Extend support to Implement customer specific information security / enterprise risk related requirements 2. Coordinate and communicate with internal customers to ensure compliance of security / risk guidelines 3. Conduct audit to ensure compliance with customer risk / security requirements 4. Contribute towards customer audits ensuring successful completion 5. Participate in Customer calls when needed and understand customer expectations 6. Provide periodic updates on the implementation status 1. Document procedures and policies based on inputs provided 2. Support implement ISMS (Information Security Management System) framework. 3. Implement new security initiatives and improvements 4. Collect applicable measures and perform periodic analysis as per the measurement program 5. Provide updates periodically 6. Prepare Plan and conduct periodic internal audits 7. Track all internal/external audit findings to closure 8. Implement ERM and conduct risk based audit 9. Conduct surprise/ random audits and track findings to closure 10. Complete the assigned activities like Risk exception, reconciliation, VAPT, etc within the defined SLA 11. Participate in external audits by ensuring readiness of functions providing necessary support for successful completion 1. Understand, align with the goals, roles and responsibilities and provide updates about performance against the set goals 2. Train and mentor team members as appropriate 3. Upgrade competency (skills) in line with the current industry practices and business objectives EDUCATION QUALIFICATION BE/MBA ISO27001 lead auditor s certification CISA/ CISSP Certification (Preferred) PCI DSS Implementer certification MINIMUM EXPERIENCE REQUIRED 2-4 years relevant experience DOMAIN/ FUNCTIONAL SKILLS Knowledge of ISO27001 Standards ISO27005 Guidelines Knowledge of PCIDSS standard Knowledge of risk management (ISO31000) Understanding of organization s business and support processes Knowledge of IT Security, physical and environmental security and HR security controls Knowledge of regulatory requirements

Manager, Software Engineering Overview Mastercards Builders Enablement Program has an exciting opportunity for a Manager of Software Engineering. We are part of Mastercard s Team ONE (Operations, Network and Employee Digital Experience) empowering 6000+ Engineers around the globe. We are responsible for creating a great developer experience enabling engineering teams to deliver innovative payment solutions for hundreds of millions of customers. Our services enable Mastercard engineering teams to focus on delivering business value from ideation to market. The ideal candidate will help Mastercard developers efficiently build, test, and deliver secure, quality code. Role: Lead a team of talented engineers delivering multiple microservices. Interact with technical leaders, product, and operations partners to define strategic platform and product direction. Drive positive change within systems/process to optimally deliver on commitments Drive your team s growth, capability and performance through coaching, mentoring, performance feedback and career development Track and communicate status/progress to customers and senior management Skills: 3+ years experience as a people manager 7+ years prior experience in agile software development knowing OOP/OOAD and prior work with Java, REST microservices architecture and microservice deployments Expertise with Scrum and Kanban best practices You have experience in managing the development of distributed/scalable systems and high-volume transaction applications. You can drive architectural change, balancing technical and business priorities Experience working on products utilizing one or more Cloud platforms and familiar with cloud concepts Experience driving automated testing within CI pipelines Experience with service availability and observability using alerting and monitoring solutions Knowledgeable of containerization technologies Experience working in a regulated environment with secure software development practices (e.g., PCI DSS, GDPR) Experience managing shared components within the organization is a plus All About You: You lead with transparency and have a strong desire to collaborate and provide mentorship to engineers You enjoy working with business and product leaders to inform and support options for delivering highly capable solutions that meet market demands You have excellent communication skills with both technical and non-technical people and have experience preparing delivering executive level presentations to business and technology audiences You are a champion of engineering and operational excellence: developing organizational metrics and driving culture of continuous improvement across teams You are a relentless self-starter who works quickly and efficiently to support product and technical objectives. You can navigate a complex global organization. Education Bachelors degree in Information Technology, Computer Science, Electronics or an equivalent Engineering stream

Our Purpose Title and Summary Manager, Software Engineering Overview Mastercards Builders Enablement Program has an exciting opportunity for a Manager of Software Engineering. We are part of Mastercard s Team ONE (Operations, Network and Employee Digital Experience) empowering 6000+ Engineers around the globe. We are responsible for creating a great developer experience enabling engineering teams to deliver innovative payment solutions for hundreds of millions of customers. Our services enable Mastercard engineering teams to focus on delivering business value from ideation to market. The ideal candidate will help Mastercard developers efficiently build, test, and deliver secure, quality code. Role: Lead a team of talented engineers delivering multiple microservices. Interact with technical leaders, product, and operations partners to define strategic platform and product direction. Drive positive change within systems/process to optimally deliver on commitments Drive your team s growth, capability and performance through coaching, mentoring, performance feedback and career development Track and communicate status/progress to customers and senior management Skills: 3+ years experience as a people manager 7+ years prior experience in agile software development knowing OOP/OOAD and prior work with Java, REST microservices architecture and microservice deployments Expertise with Scrum and Kanban best practices You have experience in managing the development of distributed/scalable systems and high-volume transaction applications. You can drive architectural change, balancing technical and business priorities Experience working on products utilizing one or more Cloud platforms and familiar with cloud concepts Experience driving automated testing within CI pipelines Experience with service availability and observability using alerting and monitoring solutions Knowledgeable of containerization technologies Experience working in a regulated environment with secure software development practices (e.g., PCI DSS, GDPR) Experience managing shared components within the organization is a plus All About You: You lead with transparency and have a strong desire to collaborate and provide mentorship to engineers You enjoy working with business and product leaders to inform and support options for delivering highly capable solutions that meet market demands You have excellent communication skills with both technical and non-technical people and have experience preparing delivering executive level presentations to business and technology audiences You are a champion of engineering and operational excellence: developing organizational metrics and driving culture of continuous improvement across teams You are a relentless self-starter who works quickly and efficiently to support product and technical objectives. You can navigate a complex global organization. Education Bachelors degree in Information Technology, Computer Science, Electronics or an equivalent Engineering stream