Security Audit Jobs

We are seeking a highly skilled Cyber Security Engineer with 10 to 18 years of experience to join our team in Chennai. The ideal candidate will possess a strong background in protecting networks, systems, and data from cyber threats.**Key Responsibilities:**- **Threat Analysis and Mitigation:** Identify potential security threats and vulnerabilities, assess risks, and implement measures to mitigate them effectively. This ensures that sensitive information remains protected against evolving threats.- **System Monitoring and Maintenance:** Regularly monitor and maintain security systems and tools to ensure they function optimally. This includes updating software and applying security patches to safeguard against new vulnerabilities.- **Incident Response and Recovery:** Act promptly in the event of a security breach, investigating incidents, documenting findings, and implementing recovery plans to restore systems to normal operations.- **Security Policy Development:** Develop and enforce security policies and procedures that align with industry best practices. This helps cultivate a culture of security awareness throughout the organization.- **Training and Awareness Programs:** Conduct training sessions for staff on cybersecurity practices and the importance of maintaining security protocols, enhancing the overall security posture of the organization.**Required Skills and Expectations:**Candidates should have a degree in B.C.A, B.E, or a relevant professional qualification. In-depth knowledge of security protocols, risk assessment tools, and firewalls is essential. Familiarity with compliance requirements and standards such as ISO 27001, NIST, or GDPR is highly desirable. Strong analytical and problem-solving skills, along with excellent communication abilities, are critical for collaborating within teams and educating others on security matters.

We are looking for an experienced Information Security (IS) Risk Manager to lead enterprise-wide security assurance, governance, risk, compliance, and business continuity initiatives.Key ResponsibilitiesLead enterprise-wide information security assurance, governance, risk, compliance, and business continuity programs, ensuring alignment with internal policies and regulatory requirements.Perform and manage information security and cloud risk assessments across AWS and Azure, identify business impact, define mitigation strategies, and communicate risks in clear business terms.Establish, implement, and maintain security governance frameworks, controls, and metrics, ensuring cyber risks and vulnerabilities are prioritized and remediated within agreed SLAs.Own ISMS governance and audits, including internal and external audits, gap analysis, compliance readiness, and corrective actions for ISO/IEC 27001, PCI DSS, NIS 2, and other regulatory standards.Develop, manage, and maintain Business Continuity Planning (BCP) and Disaster Recovery programs to ensure organizational resilience.Manage third-party security risk, including vendor due diligence, security requirements in contracts, cloud and security tooling assessments (GRC tools, CASB), and coordination of external audits and remediation plans.Develop, update, and govern information security policies, procedures, standards, and security awareness programs, ensuring continuous improvement and regulatory alignment.Skills & ExpertiseInformation Security Risk Management & Security AssuranceGovernance, Risk & Compliance (GRC)ISMS, ISO/IEC 27001PCI DSS, NIS 2, Regulatory ComplianceCloud Security AWS & AzureSecurity Audits & IT AuditingBusiness Continuity Planning (BCP) & Disaster RecoveryCyber Risk Assessment & Compliance MonitoringExperience & Certifications (Preferred)10+ years of experience in Information Security / GRC / Risk ManagementExposure to Telecom, BFSI, or large enterprise environmentsCertifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor / Implementer preferred

Job Overview: The Cybersecurity Project Coordinator ensures that cybersecurity projects are planned, executed, and completedwithin scope, time, and budget. This role works closely with cross-functional teams, including IT, riskmanagement, legal, and compliance departments, to implement and enhance security protocols and systems.Key ResponsibilitiesProject Management: Oversee multiple cybersecurity projects from initiation to completion. Develop and maintain project timelines, budgets, and schedules. Coordinate project resources, assign tasks, and monitor progress. Prepare and present regular project status reports to stakeholders.Risk Assessment and Compliance: Ensure all projects adhere to internal and external cybersecurity standards and regulations (e.g., GDPR,HIPAA). Conduct risk assessments and work with teams to mitigate identified threats.Stakeholder Communication: Act as the main point of contact between cybersecurity teams and other departments. Communicate cybersecurity project needs, progress, and outcomes effectively to non-technicalstakeholders.Coordination with Cybersecurity Teams: Work with IT security engineers, analysts, and other specialists to ensure security measures areimplemented as part of the project scope. Track project milestones and identify any barriers to success.Documentation and Reporting: Create detailed documentation for cybersecurity processes, procedures, and incident reports. Maintain project records for future reference and audit purposes.Continuous Improvement: Stay updated with the latest cybersecurity threats, technologies, and best practices. Provide feedback on project successes and areas of improvement to senior leadership.Skills & Qualifications: Educational Background: Bachelors degree in Cybersecurity, Information Technology, or a relatedfield. Experience: Proven experience in project management, preferably in cybersecurity or IT roles. Certifications: PMP (Project Management Professional), CISSP (Certified Information Systems SecurityProfessional, or equivalent, cybersecurity certifications. Skills:o Strong organizational and communication skills.o Familiarity with project management software (e.g., Microsoft Project, Asana, Jira).o Knowledge of cybersecurity principles and risk management frameworks.o Ability to work collaboratively in a team-oriented environment.o Basic understanding of IT infrastructure and security technologies (e.g., firewalls, encryption,intrusion detection systems). Flexible to working second and night shifts. Work location can be remote, WFH/Hybrid mode.Base Location: Hyderabad / Bangalore;

CTCI Construction and Asphalt Production is the most reliable provider of engineering services founded in 1987, is one of the largest Engineering, Procurement and Construction (EPC) operates as an engineering and construction company. The Company offers construction of buildings, petrochemical plants, refinery plants, power plants, and general industrial factory as well as offers pipe, civil and structural, instrumentation, and electrical engineering services. CTCI Thailand operates in Thailand having a big hospital and health center.Key responsibilities are QA Engineer, QC Engineer, Architect, Safety inspection, Fire & safety supervisor, Safety engineer, safety manager, safety officer, Site Engineer, Project Management, Engineering Procurement, Fabrication, Construction, Electrical and Instrumentation, installation, testing and Pipe line fabrication/Welding/erection and Road engineer.CTCI Thailand Co LtdMr Jeffrey HsuHead of Human Resourcesctcideployment@gmail.comWhatsApp @+91-7085937664

Information Security Consultant Location: Kochi Primary Objectives of the Job: Responsible for the implementation of ISO 27001:2013 standards for clients. This role involves working independently or with senior consultants to implement and manage information security compliance and other best practices. Primary Responsibilities: 1. ISO 27001 Compliance: Assist clients in achieving ISO 27001 certification by identifying and implementing appropriate controls. 2. Risk Assessment: Conduct risk assessments and coordinate with stakeholders for closure or risk acceptance. 3. Policy Development: Define, develop, and review security policies, procedures, guidelines, and templates. 4. Technical Standards: Create and review baseline standards for OS, databases, web servers, and applications. 5. Audit Support: Support post-implementation audits and ensure continuous compliance with ISO 27001:2013. 6. Awareness Programs: Develop and conduct information security awareness programs. 7. Best Practice Compliance: Recommend measures to ensure compliance with standards such as ISO, NIST, CIS, PCI DSS. Competencies Required: Qualification: BTech / MCA / BCA / BSc / MSc in Computer Science Minimum Experience: 2+ years Certifications: ISO 27001 / Cybersecurity Certifications (CISSP or CISA preferred or willingness to obtain) Skills: Solid foundation in IT and cybersecurity Strong verbal and written communication Knowledge in auditing, policy development, database security, firewall implementation, risk analysis, identity/access management, or web services.

Visit our aria Manager to consult with Results thank you.

JD for Information Security and Compliance Specialist:Responsibilities:1. Utilize 3-5 years of direct experience in information security, specializing in risk and compliance management. Proficiently conduct audits and manage audit responses and observations.2. Implement ISMS (Information Security Management System) standards, policies, and conduct access reviews to ensure regulatory compliance. Perform thorough risk assessments and remain updated on relevant regulatory requirements.3. Demonstrate a proficient understanding of identity management standards, Business Continuity Planning (BCP), Disaster Recovery (DR), and Cloud Security.4. Utilize GRC (Governance, Risk, and Compliance) tools and techniques to organize and execute risk and compliance projects. Conduct audits, compile evidence, and coordinate audit responses efficiently.5. Manage risk and vulnerability assessments, along with compliance reviews, to ensure adherence to security standards.6. Maintain and monitor a centralized repository for procedures and documents related to security and compliance.7. Demonstrate proficiency in incident response and change management practices.8. Collaborate with stakeholders to align IT General Controls (ITGC) objectives with organizational goals.9. Support functional teams in achieving ongoing operational compliance.10. Conduct Vulnerability Assessment and Penetration Testing (VAPT) assessments, drive remediation efforts, and ensure the closure of identified vulnerabilities.11. Stay updated on regulatory changes impacting information security and ensure organizational compliance.12. Conduct security awareness training sessions and effectively communicate security policies and best practices to all stakeholders.13. Possess effective written and verbal communication skills to interact with cross-functional teams.14. Demonstrate strong analytical and problem-solving abilities to effectively address security and compliance challenges.

Job Description:Job ResponsibilitiesPresent and report regularly InfoSec dashboard to management and stakeholdersAssist with the development of technical security risk and compliance documentationDocument and Communicate status and compliance effectiveness to management on a regular basisConduct regular internal audits on information security specific to ISO 27001Manage external audits from customers and stakeholderSupport business teams to achieve and maintain their security and compliance posture in accordance with ISO 27001 & Data PrivacyValidate ongoing compliance of policies and process/procedures in support of requirements and ensure that controls are operating effectivelyPrepare responses to client questionnaires and RFPs on information security, compliance and data privacy related areas. Provide support and clarity to customers and users of the information and cyber-security policy framework answering related questions and challenges as they ariseInterface and engage both management and other functions in organization on information security compliance related activities and processesLead the effective publication of policy materials and documents Risk ManagementMaintain and manage ISMS related documents, reports, and artefactsCoordinates the issuance of access control and drive change management activitiesManage vendor and third-party due diligence documentationInternal consultant for IT domain leads, administrators for security infrastructure, and assisting them to implement security devices configuration controls for firewalls, Internet connectivity, IPS and router etc.QualificationsCertification ISO 270013+ years of experience in Compliance, Security, or IT Audit experienceTotal experience of 5-6 yearsAny graduate or masters degree in science, engineering or technologyKnowledge in Project Management, IT Security Architecture DesignPrior experience with managing other security compliance ISO 27001 & SOC1 & SOC2

About us:We are headquartered in New York, USA committed to provide sustainable and scalable solutionstowardsclinical research and bioinformatics needs. Our team hasa decade worth of experience in medical information management, especiallyincancer research. Good data drives quality researchandwe recognize that todays research will shape the clinical practice guidelines of tomorrow. Our information technology and data management solutions can streamline and integrate research and patient care workflows to collect quality data and achieve research goals.Job Title:Sr. Executive Department: Risk & Compliance Job Location:Navi MumbaiReporting to: ManagerJob Duties / Responsibilities:Performing daily random audits of computer systems to check the effectiveness of IT controlsConduct Compliance Induction for new joiners.Provide developmental training to staff within defined time line based on business needs.Maintain updated centralized master list for all compliance related functions.Periodic review and up gradation of all mandatory, essential, MR/ISM manual, and procedure documentsConduct Risk & Compliance awareness test to employees at 6-month intervalPrepare and publish the Compliance awareness and Medicare assessment reportReview audit checklists to improve effectivenessTo monitor and ensure continual improvement on QMS/ISMS/SOC and other security auditsCoordination with software team/other process owners on any requirements related to Security and QualityCoordinate and guide the stakeholders in reporting and closing Audit observations and incidents.Education and Experience:Any graduate with good communication skillsOverall IT experience of 4 to 8 years, with a minimum of 2 to 4 years in IT Security, Audit, or Compliance roles.Experience in handling SIEM tools, knowledge of ISO 27001 requirements, and Vulnerability assessments are a plusCertifications like ISO 27001, Security+, or any Security certification.

Job descriptionJob Role: Lead Auditor - Information Security Management System (ISO 27001)Key Responsibilities:Conduct the audit as per the standard, prepare and upload necessary reports for the certificate release.Qualification: Degree in Computer science or Information Technology or Software engineering / relevant IT field/ or equivalent experience.Should have completed Lead Auditor training in ISMS- ISO 27001: 2013.Should have minimum 5+ years of experience in Information security management system implementation.Good knowledge about the data privacy requirements technical knowledge on the other information security domains such as data Privacy management (PIMS).Should have a good knowledge in Physical and environmental Security, IT operations, Networking, asset, access and incident management, Business continuity and compliances.Salary: As per Interview between 30k to 70k.

We are looking for Infosec/GRC resource with 8-10 yrs of relevant work experience for Bangalore.Role: Infosec/GRC ResourceExp: 8-10yrsJob Type: Contract Location: BangaloreSkill Set: 8-10 Years experience in Information Security, Compliance, Risk Management Expertise in Information Security implementation for ISO 27001 and other relevant standards such as SOX, (US role )-NIST 800- 53, CMMC Preferred Certifications: CISSP, ISO 27001 Lead Auditor or ImplementerJD Summary We are looking for people with Infosec skills experience, who have 7-10 year experience in GRC, GRC implementation, individuals with CISSP, CISM, CISA certifications. Additional important skills are Risk management , ITGC, ISO 27001.

skills will be required- Extensive experience with Information security and risk management- Experience with IT (security) Architecture, design and engineering- Practical understanding of, and experience with, Shells IT infrastructure, architecture and technology solutions.- Sound knowledge of IT Governance Risk & Control frameworks, specifically ISO27001, COBIT and risk methodologies (IRAM)- Proven capability in managing IT security infrastructure risks.Knowledge of external Legal, Regulatory and industry best industry requirements, particularly Export Controls, PCI DSS and Data Privacy regulations

Security Risk & Control Consultant (SRCC) The Security & Compliance (S&C) Competency Centre (CC) Lead is responsible for supporting the following:EducationGraduate degree plus recognized information security certifications like CISSP, CCSP, SSCP, CRISC, GSEC, etc. are good to haveProject Review and Technical Advice- Review all new high-risk projects; new technical designs; for Information risks and advise on suitable controls and mitigations at early stages of the program.- Lead the S&C Analyst for specific technology and advice on the Information security for their projects.- Offer advice to Shell and suppliers to assist in resolving questions and issues around how to manage risk- Provide Subject Matter Expertise for projects and business stakeholders, in combination with the Improvement Program.- Work with the architecture community to review new technology and architecture innovations.Risk Management and Mitigation- Assess and classify all potential business and infrastructure information risks.- Execute, with suppliers, risk analyses on IT application/services.- Develop and socialize our overall risk profile and action plans to mitigate risks- Review and recommend approval project charters.- Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network& Systems- Perform end to end Security Assessment on vendor offerings New/Leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment.- Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies.- Support in development of tooling to support IRM processes and ensuring this is fit for purpose.- Actively participate in S&C team and community meetings, representing S&C and Business interests in other CC forums.- Support during Internal /External Audit

Job Title: Cyber Security Specialist TRO GRC(ERM).Roles & Responsibilities:Experience, education, skills, licensure, or training required:The Cybersecurity Specialist must be self-motivated, be a great team player who values results,be professional, and be well-rounded technically. Should be able to conduct a guide and conduct an audit acrosscybersecurity frameworks, works ISO 27001, CMMC, CMMI, and FAIR (factor analysis of information risk). Abilityto conduct risk assessments and audits to support the above framework. Work with all areas of businessunits, IT departments, and third parties, guiding areas of process improvement surroundingpolicy, procedures, and standards for the above frameworks. Interface with team members, departments, and outside associates. Can work directly with all levels ofmanagement and other corporate team members in person as needed. Work with all levels of users and management levels, while being able to understand business needsand communicate necessary IT Security and compliance requirements and needs. Have an extensive knowledge of the development of enterprise-level policies, standards, and proceduresand the ability to determine what is needed and communicate it professionally in writing. learn to analyze software, networks, and scan data to identify vulnerabilities to support compliancerequirements. Assist with and implement process improvement to support IT Security, IT, and GRC requirements toSupport Risk and Compliance Audits. Oversee, develop, and provide guidance where needed for compliance requirement programs, RiskAssessments and audits. Prior experience defining risk management framework and leading implementation. Needs to understand common risk management frameworks and risk assessment approaches. Identifies key risks in business units, Sites & actions to mitigate these risks. Identifies operational control weaknesses. Has rolled out risk management across business units periodically Monitored remediation programs, ensuring root causes of operational risk issues Review and develop risk policies in accordancePreferred Experience/Skills:Candidate must have 5-6 years experience managing enterprise-level Security Audit and Complianceand/or Risk Management programs with successful results. This person must communicate well with themanagement and above, both verbally and in writing, while balancing the business needs and securityrequirements. Experience working in the Big Four Auditing Firms or other Risk managementpreferred.Education: Graduate/postgraduate in any discipline. Certification in CISA, Auditor certification inISO27001, CMMI, CMMC;