· Maximum 5 years of Information Technology/Technology Operations/Information Security experience required.
· Minimum 3 years of experience in Cybersecurity, Identity & Access Management, Role Based Access Control, and Identity Governance is mandatory.
· Knowledge on User Life Cycle Management, Access provisioning, Access administration is must.
· Experience with technologies such as Role-Based Active Control (RBAC) and Attribute Based Access Control (ABAC) is required.
· Experience in User Access Re-certification activities is mandatory.
· Working knowledge on Active Directory is must.
· Working experience on any IAM tool (SailPoint/Okta/OneIdentity/Varonis/MIM) would be added advantage.
· Knowledge on Identity and Access Management role/processes/tools is must.
· Prior experience in processing IAM requests (Add/Modify/Delete) is must.
· Experienced in Incident management & Change Management processes.
· Knowledge of and the ability to adhere to SAS and SOX audit requirements pertaining to Identity & Access Management job requirements.
· Experience with work-flow management tools such as ServiceNow.
· Leveraging creative thinking and problem solving skills, individual initiative, and utilizing MS Office (Word, Excel, Access, and PowerPoint).
· Understanding personal and team roles; contributing to a positive working environment by building solid relationships with team members; proactively seeking guidance, clarification and feedback.
· Identifying and addressing business needs: building relationships with Stake Holders; developing an awareness of Firm services; communicating with the business/stake holders in an organized and knowledgeable manner; delivering clear requests for information; demonstrating flexibility in prioritizing and completing tasks; and communicating potential conflicts to a supervisor
· Experience performing user administration tasks for various in-house and third-party applications.
· Analyzing, prioritizing, and resolving faults to resolution. Resolve tickets according to SLAs and escalation procedures.
· Strong analytical, problem solving and organizational skills. Be proactive, dynamic, and flexible.
· Good Communication skills, able to articulate well with business and stakeholders.
· Education Qualification : Any graduate/post graduate with Computer Science background.
Similar jobs
Fynd is India’s largest omnichannel platform and multi-platform tech company with expertise in retail tech and products in AI, ML, big data ops, gaming+crypto, image editing and learning space. Founded in 2012 by 3 IIT Bombay alumni: Farooq Adam, Harsh Shah and Sreeraman MG. We are headquartered in Mumbai and have 1000+ brands under management, more than 10k stores and servicing 23k + pin codes.
We're looking for a Security Audit Compliance/Cyber Security Auditor to join our Engineering Team. The team builds products for 10M+ Fynd users and internal teams. Our team consists of generalist engineers who work on building modern websites (SPA & Isomorphic), mobile apps for Android & iOS, REST APIs and servers, internal tools, and infrastructure for all our users.
What will you do at Fynd?
- Updates job knowledge by participating in educational opportunities like reading professional publications, maintaining personal networks, and participating in professional organizations.
- Meets work standards by following production, productivity, quality, and customer-service standards; resolving operational problems; and identifying work process improvements.
- Ensures compliance with regulations and controls by examining and analyzing records, reports, operating practices, and documentation; and recommending opportunities to strengthen the internal control structure.
- Provides business-specific interpretations and supports automation opportunities while working with DevOps teams.
- Establishes credibility and maintains good working relationships with groups involved with payment security and compliance matters (InfoSec, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, Networking, Systems, etc.).
- Collaborate with Compliance Specialists and business/service teams to understand and validate assessment scope.
- Review security controls that are technical in nature, such as access controls, data encryption in transit and at rest, and auditing and logging user activity.
- Responsible for building and influencing security as a core competency throughout our relationships with internal teams/partners/vendors; this includes providing education and training to the organization.
- Delivers recommendations and risk interpretations in a clear, concise and audience-specific format
- Engages with the Business and SMEs to ensure compliance to information security policies
- Supports ad-hoc data analysis requests
- Analysis of historical data to identify trends and insights
- Leads the creation, implementation, monitoring, and maintenance of security Policies and Standards
Some specific Requirements:
- Professional auditing qualification like ISO Lead Auditor with 3+ years in third party contractor underwriting or supplier vetting.
- Strong communication and multitasking skills
- A keen eye for detail
- 4+ years of relevant industry experience including information assurance, data privacy and compliance in healthcare domains.
- 3+ years of information security governance, audit, risk management or related client service or consulting experience.
- Skilled in risk management, business risk analysis and making complex business/risk trade-off recommendations and decisions.
- Technical knowledge and familiarity with information security standards.
- Related security control and compliance experience in various frameworks including: HIPAA, HITRUST, PCI DSS, GLBA, ISO, NIST, etc.
- CISSP, CISA, CISM, CIPP, CEH and/or other comparable security controls or audit certifications preferred.
- Experience with service-oriented architectures and web services security.
At Upswing, we are committed to building a robust, scalable & secure API platform to power the world of Open Finance.
We are a passionate and self-driven team of thinkers who aspire to build the rails to connect the legacy financial sector with financial innovators through a simple and powerful banking-as-a-service (BaaS) platform.
We are looking for motivated engineers who will be working in a highly creative and cutting-edge technology environment to build a world-class financial services suite.
About the role
As part of the DevSecOps team at Upswing, you will get to work on building state-of-the-art infrastructure for the future. You will also be –
- Managing security aspects of the Cloud Infrastructure
- Designing and Implementing Security measures, Incident Response guidelines
- Conducting Security Awareness Training
- Developing SIEM tooling and pipelines end to end for vulnerability/security/incident reporting
- Developing automation and performing routine VAPT for Network and Applications
- Integrating with 3rd party vendors for the services required to improve security posture
- Mentoring people across the teams to enable best practices
What will you do if you join us?
- Engage in a lot of cross-team collaboration to independently drive forward DevSecOps practices across the org
- Take Ownership of existing, ongoing, and future DevSecOps initiatives
- Plan and Engage in Architecture discussions to bring in different angles (especially security angles) to the table
- Build Automation stack and tools for security pipeline
- Integrate different security measures and pipelines with the SIEM tool
- Conducting routine VAPT using manual and automated workflows, generating and maintaining the report for the same
- Introduce and Implement best practices across teams for a great security posture in the org
You should have
- Curiosity for on-the-job learning and experimenting with new technologies and ideas
- A strong background in Linux environment
- Proven experience in Architecting networks with security first implementation
- Experience with VAPT tooling for Networks and Applications is required
- Strong experience in Cloud technologies, multi-cloud environments, and best practices in Cloud
- Experience with at least one scripting language (Ruby/Python/Groovy)
- Experience in Terraform is highly desirable but not mandatory
- Some experience with Kubernetes, and Docker is required
- Understanding Java web applications and monitoring them for security vulnerabilities would be a plus
- Any other DevSecOps-related experience will be considered
Job Responsibilities:
· Assist the Security Manager in developing and implementing security policies and procedures.
· Conduct regular security risk assessments and audits.
· Monitor security systems, including firewalls, intrusion detection systems, and access controls.
· Respond to security incidents and provide recommendations for remediation.
· Assist in managing user access and authentication.
· Provide security awareness training to employees.
· Maintain and improve endpoint security solutions (e.g. antivirus, endpoint detection and response).
· Collaborate with other departments to ensure security is integrated into all aspects of the organization's operations.
· Stay up to date on the latest security threats and industry trends.
Qualifications and skills:
· Bachelor’s degree in computer science, Information Security, or a related field.
· 4-5 years of experience in security-related roles.
· Knowledge of security systems and protocols.
· Familiarity with risk management frameworks.
· Knowledge of compliance regulations and standards.
· Excellent communication and interpersonal skills.
· Strong analytical and problem-solving skills.
· Ability to work independently and as part of a team.
· Attention to detail and accuracy.
Roles and responsibilities:
- Audit the current Information Security system and procedures and do a Gap analysis
- Identify immediate potential Information Security Risks and manage remediation tasks through to closure
- Create an Information Security Compliance Roadmap and execute end-to-end compliance initiatives by that roadmap
- Design high-quality test plans and direct Data/Information security control test activities
- Continuously improve Octro Data/Information security control framework
- Maintain handbook pages and procedures related to Information security compliance
- Identify opportunities for Information security compliance control automation, execute them and then maintain
- Provide actionable and constructive advisement to cross-functional teams, including driving remediation activities for high and select moderate-risk Observations across all Octro departments
- Design, develop, and deploy scripts to automate continuous control monitoring, administrative tasks and metric reporting for all security compliance programs
- Direct and support external audits as and when necessary
Requirements
- A minimum of 6-8 years' experience working with Data/Information Security Compliance programs
- Detailed knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: ISO, SOC 2, GDPR, PCI etc.
About Octro Inc :
We are one of the fastest-growing mobile gaming companies around, a technology-driven organization at heart, and take pride in the platforms we create.
Founded in 2006 with a mission to create productivity applications for Mobile Devices. After pioneering one of the first mobile Voice-over-IP infrastructures called OctroTalk, the company ventured into building mobile gaming platforms. Sequoia Capital has invested in Octro. The funding was announced in June 2014.
- Develop efficient strategies to protect the system, the networking infrastructure, data, and information systems against potential threats/cyber risks
- Routinely performing threat analysis, system checks, and security tests
- Defining and updating information security criteria and validation procedures
- Effectively discuss to understand safety and security and fix the problems along with different stakeholders
- To be a security representative or point of contact for all technical deliveries, initiatives, and project implementations.
- To develop technical processes and procedures and promote compliance in line with regulations, corporate policies, or standards as per ISO27001
- Assess technical security risks in terms of impact on systems and service confidentiality, integrity, and availability, and report and escalate results of risk assessments.
- Report any real or potential security breaches/vulnerabilities to various stakeholders and provide technical support during incident response
- Monitor security tools to detect security events & incidents Report and escalate any security breaches to the Information Technology Security Officer
- Operate vulnerability scanning and compliance tools to identify system weaknesses
- Represent IT Security matters at technical and business forums.
Desired candidate profile :
- Relevant experience in the information security field
- Relevant experience working with ISO Policies, and GDPR guidelines.
- Strong knowledge of network architecture and security concepts related to routing
- Exceptional attention to detail
- Excellent analytical and problem-solving skills
- Great team player and able to work efficiently with minimal supervision
- Excellent communication skills, both written and verbal, work with the different stakeholders on strengthening the security risks.
- Able to handle and cope with stressful situations and understands the pressures of a start-up environment
Job Brief:
You'll be joining Mindtickle’s InfoSec and Compliance team, which is responsible for various functions related to Security, Privacy, and Compliance around Mindtickle's rapidly growing cloud platform. You'll play a crucial role in all our compliance & information security initiatives, including but not limited to those arising from regulations (e.g., GDPR, CCPA, UK DPA 2018, FINRA), audit requirements (e.g., SOC 2, HIPAA), and customer/ prospects requests (typically large enterprises).
As Data Privacy & Compliance Manager, you will champion the highest data privacy standards and drive forward compliance across all of Mindtickle. Crucial to this role will be an expert knowledge of international data protection laws and a proactive and pragmatic approach towards data privacy and compliance.
Key Responsibilities:
-
Act as the single point of contact for all privacy-related topics, including communication with customers and prospects, including RFPs, emails, or privacy calls
-
Closely working with the internal legal team and external legal counsel to support the review of third parties/customer data processing addendums (DPAs), standard contractual clauses, contracts, and other data protection agreements
-
Maintain the data protection terms agreed with customers in a contract management software
-
Perform due diligence of new third parties and periodic risk review of existing third parties, including processes around sub-processors
-
Support in other industry compliance projects such as ADA, Section 508, WCAG, FINRA, 21 CFR Part 11, etc.
-
Lead the assessment of new legislation or other regulatory changes (GDPR, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP) and make recommendations as necessary to ensure that risks are mitigated as well as ongoing compliance
-
To work flexibly and collaboratively across all teams in the organization while driving privacy & compliance-related projects, including sales, customer success, product, and engineering
-
Own internal and external privacy audit projects, including planning, scoping, need analysis, ongoing project management, and communications with all relevant stakeholders
-
Onboard privacy solutions, design, build and deploy data privacy programs on the solutions to ensure compliance with privacy requirements
-
Maintain Records of Processing Activities (ROPA) and ensure Privacy By Design for new features/changes in the platform
-
Undertake all other reasonable and related tasks associated with this role
Desired Qualification:
-
5-10 years of experience in data privacy and compliance, with exposure to cloud software platforms
-
Extensive experience in data protection and knowledge of relevant legislation, including GDPR, Standard Contractual Clauses, Transfer Impact Assessment, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP, etc.
-
Certifications such as CIPP/E, CIPP/US, CIPM, CIPT, etc., are preferred
-
Specialist knowledge in a relevant area, e.g., data security and individual rights requests
-
Excellent communication, interpersonal, project management, and issue resolution skills
-
Excellent analytical skills, organizational skills, ingenuity, and the ability to work as part of a team
-
Experience in managing privacy audits and risk management processes
-
Demonstrated ability to learn quickly, take the initiative, and drive complex projects
What you will do:
- Working closely with the external auditors to achieve common goals
- Conducting Enabling Service Audit (HR, Admin, IT) once in 6 months for the verification of ISMS & QMS Standards
- Performing ISMS and Internal Audit
- Being part of the external Audits (ISMS, QMS & CMMI)
- Managing of implementation of ISMS
Desired Candidate Profile
What you need to have:- Strong communication and team building skills with proficiency at grasping new technical concepts quickly and utilizing the same in a productive manner
- Experience in ISO27001, Internal Audits, CMMI
• Evaluate the organization’s security needs and establish best practices and standards accordingly.
• Designing, implementing, maintaining, overseeing, and upgrading all security measures needed to protect organizations’ data, systems, and networks.
• Responding to all security breaches to the network and associated systems.
• Troubleshooting all network and security issues and incidents.
• Routinely conduct penetration testing.
• Taking appropriate security measures to ensure that the organization's infrastructure and existing data are kept safe.
• Conducting testing and scans to identify any vulnerabilities in the network and system.
• Taking an active role in the change management process.
• Assist in any security breach investigations.
• Handling routine daily administrative tasks such as reporting and keeping open lines of communication with the organization’s appropriate departments.
Provides technical expertise and guidance in the identification, preservation, collection and analysis of digital evidence in various digital formats from computers, servers, mobile devices, and other electronic or online storage media.
Presents recommendations and findings to internal and external customers including Legal, Compliance, HR, Outside Counsel, and Law Enforcement.
Develops and maintains processes, procedures, and methodologies for collecting and analyzing digital evidence.
Maintains strong working relationships with other corporate investigation team members, subject matter experts, 3rd party vendors, and outside law firms.
Skills required:
Hands on experience on Digital Forensics for at least 4 years using digital tools such as X-Ways, AXIOM, FTK, Cellebrite, Oxygen, NUIX, etc
Experience of Computer, Mobile and Cloud Forensics cases
Expertise with Microsoft, Macintosh, and Unix Operating Systems
Strong understanding of network and cloud computing environments
Good to have certifications such as GCFA, Encase, CISSP, CFCE etc
- Must have good exposure working in SOAR (Security, Orchestration, Automation, Response)
- Strong knowledge in End user/ point security.
- Good hands on Cyber security like SIEM, IAM, PAM.
- Sound Knowledge into automated incident management using Demisto (or similar technology)
- Hands on creating playbooks in Python Scripting.