12 Security Frameworks Jobs

What you will do Let s do this. Let s change the world. In this vital role the Specialist Data Security Engineer covering Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) technologies. This role will report to the Manager, Data Security. This position will provide essential services that enable us to better pursue our mission. Specialist Data Security Engineers operate, manage, and improve Amgen s DLP and Cloud Access Security Broker (CASB) solutions. In our Data Security team, they will identify emerging risks related to changes in cloud technologies, advise management, and develop technical remediations to address those risks. Specialists lead the development of processes and procedures for multiple solutions which enable business units to remediate identify cloud data exposures. They run multiple projects simultaneously to implement and improve the cloud data security protection and use advanced analytics to demonstrate success. This engineer will play a key role in educating and evangelizing to technologists and business leaders the security strategies that both protect and enable business processes related to cloud data handling. Roles & Responsibilities: Designs, operates, maintains, and enhances capabilities for the technical systems that ensure protection of data for all Amgen global operations. Identifies new risk areas for data and plans controls to mitigate those risks. Researches new technologies, processes, and approaches based on industry practices and recommends future plans for data protection. Authors procedures and guidelines and advises on policies related to data protection requirements and remediation or investigation of violations. Develops and conducts training on data protection technologies for operations staff. Educates business leadership about data risk. Advises other technology groups on data protection strategies and recommends appropriate points of both technical and process integration. Partners with the Manager of Data Security to liaise to legal and human resources leadership on violation remediations. Collaborates with cloud strategy leaders and business unit leadership to ensure that cloud data protection is incorporated by design into new business projects. Collaborates with Cloud Security Engineers to integrate cloud data protection technology into the operations of traditional Data Loss Prevention operations. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Master s degree and 4 to 6 years of experience OR Bachelor s degree and 6 to 8 years of experience OR Diploma and 10 to 12 years of experience. Functional Skills: Must-Have Skills Familiarity with one or more security frameworks, especially in regulated environments. Proficiency specifying requirements for technical systems, as well as designing, implementing, and operating those systems. Expertise in global IT operations, including an understanding of regulatory and cultural differences encountered when dealing with international peers and customers. Demonstrated competence maintaining applications on Windows and Linux based operating systems, and basic understanding of one or more programming or scripting languages. Demonstrated proficiency with one or more Cloud Access Security Platforms (Elastica, Netskope, SkyHigh, etc) Track record of project management leadership, preferably using Agile methodology. Deep knowledge of the principles of Data Protection, including availability, integrity, and confidentiality of data. Good-to-Have Skills: Proficiency with communications focused on both the development of written technical processes and the ability to convey complex ideas clearly in front of an audience. Experience with data analytics focused on building executive reports Reputation of successfully navigating large enterprise environments, understanding both ITIL driven processes and business relationship building Ability to self-direct work on multiple priorities with little to no oversight, based on critical initiatives. Professional Certifications (please mention if the certification is preferred or required for the role): Systems Security Certified Practitioner (SSCP) or Security+ SANS Certifications Cloud security certifications Relevant vendor-specific certifications Soft Skills: Established analytical and gap/fit assessment skills. Ability to work effectively with global, virtual teams High degree of initiative and self-motivation. Ability to manage multiple priorities successfully. Team-oriented, with a focus on achieving team goals Effective presentation and public speaking skills. What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

Description We are looking for a Product Security Governance Engineer with 6-8 years of experience to join our team in India. The ideal candidate will be responsible for developing and implementing security governance frameworks, conducting risk assessments, and ensuring compliance with security policies across our product lines. Responsibilities Develop and implement security governance frameworks for product security. Conduct risk assessments and security audits on products throughout the development lifecycle. Collaborate with product teams to ensure compliance with security policies and standards. Provide guidance and support to teams on security best practices and compliance requirements. Monitor and report on the effectiveness of security controls and governance initiatives. Assist in the development of training programs to educate employees on security protocols and practices. Skills and Qualifications 6-8 years of experience in product security governance or related field. Strong understanding of security frameworks such as NIST, ISO 27001, and OWASP. Experience with risk management methodologies and security assessments. Proficiency in security tools and technologies used for product security. Excellent communication and collaboration skills to work with cross-functional teams. Ability to analyze complex security issues and provide actionable recommendations.

Define security frameworks and governance models. Ensure delivery teams adhere to security protocols. Conduct risk assessments and compliance audits.

3-5 yrs of experience in IS GRC focusing on regulatory compliance. Understanding of security standards and frameworks (E.g. ISO 27001, NIST CSF, PCI DSS, SOX 404, SOC2, NIS2 and PCI DSS. Knowledge of Python PySpark or SparkSQL is an added advantage.

What you will do In this vital role the Specialist Data Security Engineer covering Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) technologies. This role will report to the Manager, Data Security. This position will provide essential services that enable us to better pursue our mission. Specialist Data Security Engineers operate, manage, and improve Amgens DLP and Cloud Access Security Broker (CASB) solutions. In our Data Security team, they will identify emerging risks related to changes in cloud technologies, advise management, and develop technical remediations to address those risks. Specialists lead the development of processes and procedures for multiple solutions which enable business units to remediate identify cloud data exposures. They run multiple projects simultaneously to implement and improve the cloud data security protection and use advanced analytics to demonstrate success. This engineer will play a key role in educating and evangelizing to technologists and business leaders the security strategies that both protect and enable business processes related to cloud data handling. Roles & Responsibilities: Designs, operates, maintains, and enhances capabilities for the technical systems that ensure protection of data for all Amgen global operations. Identifies new risk areas for data and plans controls to mitigate those risks. Researches new technologies, processes, and approaches based on industry practices and recommends future plans for data protection. Authors procedures and guidelines and advises on policies related to data protection requirements and remediation or investigation of violations. Develops and conducts training on data protection technologies for operations staff. Educates business leadership about data risk. Advises other technology groups on data protection strategies and recommends appropriate points of both technical and process integration. Partners with the Manager of Data Security to liaise to legal and human resources leadership on violation remediations. Collaborates with cloud strategy leaders and business unit leadership to ensure that cloud data protection is incorporated by design into new business projects. Collaborates with Cloud Security Engineers to integrate cloud data protection technology into the operations of traditional Data Loss Prevention operations. Basic Qualifications: Masters degree and 4 to 6 years of experience OR Bachelors degree and 6 to 8 years of experience OR Diploma and 10 to 12 years of experience. Functional Skills: Must-Have Skills Familiarity with one or more security frameworks, especially in regulated environments. Proficiency specifying requirements for technical systems, as well as designing, implementing, and operating those systems. Expertise in global IT operations, including an understanding of regulatory and cultural differences encountered when dealing with international peers and customers. Demonstrated competence maintaining applications on Windows and Linux based operating systems, and basic understanding of one or more programming or scripting languages. Demonstrated proficiency with one or more Cloud Access Security Platforms (Elastica, Netskope, SkyHigh,etc) Track record of project management leadership, preferably using Agile methodology. Deep knowledge of the principles of Data Protection, including availability, integrity, and confidentiality of data. Good-to-Have Skills: Proficiency with communications focused on both the development of written technical processes and the ability to convey complex ideas clearly in front of an audience. Experience with data analytics focused on building executive reports Reputation of successfully navigating large enterprise environments, understanding both ITIL driven processes and business relationship building Ability to self-direct work on multiple priorities with little to no oversight, based on critical initiatives. Professional Certifications (please mention if the certification is preferred or required for the role): Systems Security Certified Practitioner (SSCP) or Security+ SANS Certifications Cloud security certifications Relevant vendor-specific certifications Soft Skills: Established analytical and gap/fit assessment skills. Ability to work effectively with global, virtual teams High degree of initiative and self-motivation. Ability to manage multiple priorities successfully. Team-oriented, with a focus on achieving team goals Effective presentation and public speaking skills.

Required Skills Qualification Hands-on experience in securing corporate environment. Hands-on experience in security frameworks (NIST, ISO 27001, CIS) and experience with risk management and compliance Hands-on experience securing Windows (Workstations and Servers), Linux (Workstations and Servers), and Mac Hands-on experience conducting risk management by identifying gaps and providing strategies for mitigation. Hands-on experience documenting vulnerability assessment results in a clear and actionable format. Expertise in network security, firewalls, IDS/IPS, and security monitoring tools such as SIEM Proficiency with cloud security technologies (AWS, Azure, GCP) and securing cloud-based infrastructure. Experience with incident response, forensics, and managing security incidents from detection to resolution. Determines security violations and inefficiencies. Knowledge of mergers and acquisitions Experience: Should have relevant experience of at least 10-15 years. Qualification: Engineering (Computers, Electronics, IT) or equivalent

As a Junior Information Protection Analyst, you will be a vital part of our Information Protection team within the Enterprise Data Office (EDO). Your primary responsibility will be to safeguard Organizations data by triaging and reviewing data loss alerts and assisting in the testing and refinement of the playbooks, with a foundational understanding of cyber principles. Key Accountabilities: Triage and Review Alerts: Promptly assess data loss and access violation alerts to determine their severity and potential threats. Take necessary preliminary actions and escalate issues as needed for further analysis. Support Incident Response Assist in the initial stages of the incident response process providing support to senior analysts. Collaborate with team members to ensure efficient management of incidents. Adherence to SOPs and Playbooks: Follow established Standard Operating Procedures and playbooks for initial security incident management. Contribute feedback to refine and enhance SOPs and playbooks through practical application. Experience and Knowledge Required: Basic experience in data protection or security environments, preferably within global organizations. Fundamental understanding of cyber security principles and incident response processes. Strong analytical and problem-solving skills. Awareness of statutory frameworks like the Data Protection Act and GDPR. Effective communication skills and attention to detail when triaging alerts. Willingness to learn and apply established SOPs and playbooks.

What you will do In this vital role the Specialist Data Security Engineer covering Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) technologies. This role will report to the Manager, Data Security. This position will provide essential services that enable us to better pursue our mission. Specialist Data Security Engineers operate, manage, and improve Amgens DLP and Cloud Access Security Broker (CASB) solutions. In our Data Security team, they will identify emerging risks related to changes in cloud technologies, advise management, and develop technical remediations to address those risks. Specialists lead the development of processes and procedures for multiple solutions which enable business units to remediate identify cloud data exposures. They run multiple projects simultaneously to implement and improve the cloud data security protection and use advanced analytics to demonstrate success. This engineer will play a key role in educating and evangelizing to technologists and business leaders the security strategies that both protect and enable business processes related to cloud data handling. Roles & Responsibilities: Designs, operates, maintains, and enhances capabilities for the technical systems that ensure protection of data for all Amgen global operations. Identifies new risk areas for data and plans controls to mitigate those risks. Researches new technologies, processes, and approaches based on industry practices and recommends future plans for data protection. Authors procedures and guidelines and advises on policies related to data protection requirements and remediation or investigation of violations. Develops and conducts training on data protection technologies for operations staff. Educates business leadership about data risk. Advises other technology groups on data protection strategies and recommends appropriate points of both technical and process integration. Partners with the Manager of Data Security to liaise to legal and human resources leadership on violation remediations. Collaborates with cloud strategy leaders and business unit leadership to ensure that cloud data protection is incorporated by design into new business projects. Collaborates with Cloud Security Engineers to integrate cloud data protection technology into the operations of traditional Data Loss Prevention operations. Basic Qualifications: Masters degree and 4 to 6 years of experience OR Bachelors degree and 6 to 8 years of experience OR Diploma and 10 to 12 years of experience. Functional Skills: Must-Have Skills Familiarity with one or more security frameworks, especially in regulated environments. Proficiency specifying requirements for technical systems, as well as designing, implementing, and operating those systems. Expertise in global IT operations, including an understanding of regulatory and cultural differences encountered when dealing with international peers and customers. Demonstrated competence maintaining applications on Windows and Linux based operating systems, and basic understanding of one or more programming or scripting languages. Demonstrated proficiency with one or more Cloud Access Security Platforms (Elastica, Netskope, SkyHigh,etc) Track record of project management leadership, preferably using Agile methodology. Deep knowledge of the principles of Data Protection, including availability, integrity, and confidentiality of data. Good-to-Have Skills: Proficiency with communications focused on both the development of written technical processes and the ability to convey complex ideas clearly in front of an audience. Experience with data analytics focused on building executive reports Reputation of successfully navigating large enterprise environments, understanding both ITIL driven processes and business relationship building Ability to self-direct work on multiple priorities with little to no oversight, based on critical initiatives. Professional Certifications (please mention if the certification is preferred or required for the role): Systems Security Certified Practitioner (SSCP) or Security+ SANS Certifications Cloud security certifications Relevant vendor-specific certifications Soft Skills: Established analytical and gap/fit assessment skills. Ability to work effectively with global, virtual teams High degree of initiative and self-motivation. Ability to manage multiple priorities successfully. Team-oriented, with a focus on achieving team goals Effective presentation and public speaking skills.

Your role and responsibilities The Security Compliance Specialist works with the Security Compliance Leader and will have the execution responsibility around (but not limited to) the following areas: Compliance enforcement: Implementing necessary controls and measure to ensure organization's overall security compliance, in alignment with internal security standards, applicable regulations and industry standards (e.g., ISO 27001, NIST, GDPR). Ensure adherence to the compliance requirements for network infrastructure, OpenShift environments, and IBM Z systems based on the actionable policies and procedures using approved IBM technology choices. Policy Creation and Management: Maintain and enforce security policies, standards, and controls applicable to network operations, cloud environments, and mainframe systems. Partner with IBM CISO organization to regularly review and update security policies to address emerging threats, regulatory changes, and organizational needs. Risk Management: Conduct risk assessments to identify potential compliance gaps and vulnerabilities within the organization's IT environment. Collaborate with IT and security teams to develop risk mitigation strategies and implement necessary compliance controls. Audit and Assessment: Prepare for regular compliance audits for network, OpenShift platform, and IBM Z systems. Ensure prompt rectification of any compliance findings and develop action plans for continuous improvement. Training and Awareness : Conduct comprehensive training programs to raise awareness of security compliance requirements and best practices among employees. Foster a culture of security compliance by regularly communicating the importance of adherence to security standards. Monitoring and Reporting Adopt/leverage metrics and reporting frameworks to continuously monitor compliance status and effectiveness of security controls. Prepare regular reports for executive management on compliance initiatives, audit findings, and the overall status of security compliance across the organization. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Qualifications & Skill 8-10 years of professional experience with at least 5+ years of relevant experience in the information technology security & compliance domain. Bachelor's degree in Cybersecurity, Information Technology, or a related field; advanced degree or security certifications (e.g., CISSP, CISM, CISA) are a plus. Extensive experience in security compliance management, particularly in network security, cloud security, and mainframe environments. Strong understanding of regulatory requirements and compliance frameworks relevant to the industry. Should be open and willingness to learn new technologies and be open for continuous upskilling experience. Excellent analytical and problem-solving skills to assess compliance issues and risks. Strong Proficiency in working with Secured communications across varied Hybrid platforms (On-Prem, On-Cloud etc). Strong leadership and communication skills to influence and guide cross-functional teams. Ability to work collaboratively with various stakeholders, including technical teams, executive management, and external auditors. Proficiency in compliance management tools and security frameworks. Proficiency in automation tools such as Ansible and pipeline orchestration tools such as Tekton and GitHub Actions.

What you will do Lets do this. Lets change the world. In this vital role you will work for the Manager of Endpoint Security, in direct support of the global endpoint management group. This position will provide essential services that enable us to better pursue our mission. The Specialist Endpoint Security Engineer will operate, manage, and improve Amgens endpoint security posture solutions. In the Endpoint Security team, you will identify emerging risks related to endpoint protection, advise management, and develop technical remediations to address those risks. Specialists lead the development of processes and procedures for multiple solutions Amgen utilizes to deliver to the promise of a secure digital workplace. They run multiple projects simultaneously to implement and improve the endpoint security protections and use advanced analytics to demonstrate success. This engineer will play a key role in educating technologists and business leaders about the security strategies that both protect and enable business processes related to cloud data handling. Lets do this. Lets change the world. In this vital role you will: Designs, operates, maintains, and enhances capabilities for the technical systems that ensure protection of endpoints for Amgens global workforce. Works daily alongside the digital workforce experience team to specify, implement, and validate security controls for Amgens workstation and mobile platforms. Identifies new risk areas for data and plans controls to mitigate those risks. Researches new technologies, processes, and approaches based on industry practices and recommends future plans for secure configurations. Authors procedures and guidelines and advises on policies related to workstation and mobile protection requirements and remediation or investigation of violations. Develops and conducts training on protection technologies for operations staff. Educates business leadership about data risk. Consults other technology groups on endpoint protection strategies and recommends appropriate points of both technical and process integration. Partners with the Manager of Endpoint Security to collaborate closely with legal and human resources leadership on violation remediations. Collaborates with architecture strategy leaders and business unit leadership to ensure that security by design configurations are incorporated into new business projects. Collaborates with Endpoint Security Engineers to integrate protection technology into the operations of traditional Endpoint Detection and Response operations. Basic Qualifications: Doctorate degree OR Masters degree and 4 to 6 years of Information Security or Information Technology experience OR Bachelors degree and 6 to 8 years of Information Security or Information Technology experience OR Diploma and 10 to 12 years of Information Security or Information Technology experience Preferred Qualifications: Familiarity with one or more security frameworks, especially in regulated environments. Holds or is actively seeking one or more security related certifications, preferably with a focus on cloud technologies or data protection. Proficiency specifying requirements for technical systems, as well as designing, implementing, and operating those systems. Expertise in global IT operations, including an understanding of regulatory and cultural differences encountered when dealing with international peers and customers. Skill with elements of MDM systems such as Intune, Workspace One, and JAMF on Windows, MacOS and iOS based operating systems. Basic capabilities with programming or scripting languages. Understanding of endpoint technologies from a security perspective including the security risks associated with misconfiguration. Experience implementing secure baselines such as DISA STIGs and CIS Benchmarks. Experience with project management workstream leadership, preferably using Agile methodology. Deep knowledge of the principles of endpoint protection, including availability, integrity, and confidentiality of user devices. Good-to-Have Skills Proficiency with communications focused on written technical processes and the ability to convey complex ideas clearly in front of an audience. Experience with data analytics in building executive reports. Reputation of successfully navigating large enterprise environments, understanding both ITIL driven processes and business relationship building Ability to self-direct work on multiple priorities with little to no oversight, based on critical initiatives. Work Hours This position requires you to work from 2:00pm to 10:00pm IST. Professional Certifications: Systems Security Certified Practitioner (SSCP) or Security+ SANS Certifications Soft Skills: Excellent analytical and troubleshooting skills Highly motivated and able to work effectively under minimal supervision Strong written and verbal communication skills in English Successful management of multiple priorities Effective working with global, virtual teams Team-oriented, placing priority on the successful completion of team goals

We are seeking a highly skilled and experienced L3Engineer to join our cybersecurity team. The ideal candidate will have extensive experience in Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), Web Application Firewall (WAF)

Location: Remote- Delhi / NCR,Bangalore/Bengaluru,Hyderabad/Secunderabad,Chennai,Pune,Kolkata,Ahmedabad,Mumbai Job Responsibilities: . Architect and design secure, scalable Salesforce solutions aligned with business and technical requirements. . Define data models, object relationships, and system integrations with external platforms. . Provide technical leadership and architectural guidance to Salesforce developers and admins. . Oversee development using Apex, Lightning Web Components (LWC), Flows, and APIs. . Lead platform integrations using REST/SOAP APIs, MuleSoft, and streaming/event-driven architecture. . Ensure data governance, compliance, and performance optimization across Salesforce implementations. Job Requirements: . Bachelors/Masters degree in Computer Science, Engineering, or a related field. . At least 10+ years of experience in Salesforce development, architecture, and administration. . Strong expertise in Sales Cloud, Service Cloud, Experience Cloud, and the Salesforce Platform. . Proficiency in Apex, LWC, SOQL/SOSL, Flows, and Salesforce integration patterns. . Experience in DevOps, CI/CD pipelines, and agile development methodologies. . Deep understanding of data modeling, security frameworks, and regulatory compliance in Salesforce environments. Nice to Have: . Salesforce Architect Certifications (Technical, System, or Application Architect). . Experience with Marketing Cloud, CPQ, Field Service, or Einstein AI. . Familiarity with cloud services integration (AWS, Azure, or GCP). . Proven experience leading Salesforce digital transformation and enterprise-scale projects.