Security and Compliance Professional
3 weeks ago
Introduction
Your Role and Responsibilities
The Security and Compliance professional should continuously consider the attack vectors and security weaknesses within their service or product offering and provide solutions to remediate those weaknesses. Communicates and articulates to leadership team about the security posture of represented products/services. This overarching responsibility drives the requirement for the Security and Compliance Lead to be proficient in the Required Skills section below.
- Technical: First and foremost, good grasp of computer science and deep technical understanding of Micro-services architecture, SaaS, Cloud Security and Infrastructure.
- Collaborative: Must collaborate with architects, developers, and non-technical stakeholders to drive security solutions.
- Respected: Proven track record as a security professional in the industry. You will be expected to establish trust and respect with the development teams.
- Growth Mindset: The world of security is highly dynamic and IBM is a company that thrives on innovation and maturation, our Security and Compliance professional must possess a growth mindset to keep up with the ever-changing security landscape and seek opportunities to increase their breadth and depth of security topics.
Required Technical and Professional Expertise
- 5+ years of working experience with designing/building SaaS offerings.
- Domain expertise in cloud software and infrastructure technologies.
- Ability to communicate highly technical aspects to Executives, IT staffs, CISO team, auditors, respectively.
- Experience with various scripting languages (Shell, Python, Bash, etc.).
- Familiarity with OWASP Top Ten, NIST, CIS and MITRE ATT&CK
- Demonstrated experience in successful driving and execution of compliance programs for common IT security standards/regulations: SOC1/2/3, ISO27K, HIPAA, PCI, FBA (formerly FFIEC), FedRAMP, GDPR, etc.
Experience with and understanding of
- Access Management - understand the concepts of need to know, least privilege, individual accountability, privilege access monitoring, access revalidation, etc. and ensure your service implements them. Know to avoid the use of shared IDs, excessive privileges, weak passwords, etc.
- Vulnerability Management - be able to regularly scan your systems and remediate any vulnerabilities found within required time frames
- Data Protection - understand the types of data your services deal with and have measures in place to protect that data (e.g. encryption in transit and at rest, locked down file permissions, etc.)
- Logging & Monitoring - ensure there is a process in place to store key logs with data integrity in place to protect those logs and have a process in place to independently monitor those logs for any unusual activity
- Business Continuity - understand what business continuity requirements are necessary in your organization and actively participate in ongoing business continuity planning
- Risk Management - understand where there are gaps in compliance or areas of risk that need to be analyzed and addressed either by remediation activities or formal Risk Evaluations to ensure mitigation, executive awareness, and approval
- Audits - be prepared to support audits by providing evidence or being interviewed as required
- Common Attack Patterns - know what the common attack vectors facing the industry (e.g. CWE 25 or OWASP Top 10), be able to describe an attack, give a generic example of the payload, describe what a successful exploitation/impact looks like, and what best practice remediation is.
Preferred Technical and Professional Expertise
- Certifications / Credentials - CISSP (preferred), CCNP/CCIE (preferred), CCSP, CISA/CRISC/CISM.
Being an IBMer means you’ll be able to learn and develop yourself and your career, you’ll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.
Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.
Are you ready to be an IBMer?
-
Professional 2 Security Compliance
4 weeks ago
Bengaluru, India DXC Technology Full timeSenior Professional Security Compliance - DRL Ops Manager - JL5
-
Cyber Security Intern
6 days ago
Bengaluru, Karnataka, India HKIT Security Solutions Full time**Job Title: Cybersecurity Intern** As a Cybersecurity Intern, you will work closely with our cybersecurity team to assist in various tasks related to ensuring the security and integrity of our organization's digital assets. You will gain hands-on experience in identifying and mitigating cyber threats, implementing security measures, and analyzing security...
-
Risk & Compliance Professional
4 weeks ago
Bengaluru, Karnataka, India Caterpillar Full time**Career Area**: Legal and Compliance **Your Work Shapes the World at Caterpillar Inc.** When you join Caterpillar, you're joining a global team who cares not just about the work we do - but also about each other. We are the makers, problem solvers, and future world builders who are creating stronger, more sustainable communities. We don't just talk about...
-
Security Compliance Developer
4 weeks ago
Bengaluru, India SecPod Full timeSecurity Content Developer (Compliance)SecPod is a cybersecurity technology company based in India and USA. SecPod (Security Podium, incarnated as SecPod) was founded in the year 2008.SecPod’s SanerNow platform provides a paradigm shift in endpoint security and management. SanerNow automates cyber hygiene implementation, significantly increases IT and...
-
Security Compliance Developer
1 month ago
Bengaluru, India SecPod Full timeSecurity Content Developer (Compliance) SecPod is a cybersecurity technology company based in India and USA. SecPod (Security Podium, incarnated as SecPod) was founded in the year 2008. SecPod’s SanerNow platform provides a paradigm shift in endpoint security and management. SanerNow automates cyber hygiene implementation, significantly increases IT...
-
Security Compliance Developer
4 weeks ago
Bengaluru, India SecPod Full timeSecurity Content Developer (Compliance)SecPod is a cybersecurity technology company based in India and USA. SecPod (Security Podium, incarnated as SecPod) was founded in the year 2008. SecPod’s SanerNow platform provides a paradigm shift in endpoint security and management. SanerNow automates cyber hygiene implementation, significantly increases IT and...
-
Compliance Manager
3 weeks ago
Bengaluru, India LeadSquared Full timeLocation: BangaloreReports to: Director - ITPosition Overview: As an Information Security Compliance Manager at LeadSquared, you will play a critical role in overseeing and maintaining our information security compliance program. The ideal candidate will have at least 8 years of hands-on experience in managing compliance with ISO 27001, SOC 2, and HIPAA...
-
Risk & Compliance Professional
5 hours ago
Bengaluru, India Caterpillar Full timeJob Description: Your Work Shapes the World at Caterpillar Inc. When you join Caterpillar, you're joining a global team who cares not just about the work we do – but also about each other. We are the makers, problem solvers, and future world builders who are creating stronger, more sustainable communities. We don't just talk about progress...
-
Compliance Manager
3 weeks ago
Bengaluru, India LeadSquared Full timeLocation:BangaloreReports to:Director - ITPosition Overview:As an Information Security Compliance Manager at LeadSquared, you will play a critical role in overseeing and maintaining our information security compliance program. The ideal candidate will have at least8years of hands-on experience in managing compliance with ISO 27001, SOC 2, and HIPAA...
-
Sse-security & Compliance
7 days ago
Bengaluru, India CGI Group, Inc. Full time**Position Description**: - 4 years experience in Information security and risk management We are looking for Security and Compliance having experience in an (Information) Risk management, Control design role and Advanced understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 - Should have good understanding of cloud...
-
Security Field Officer and Marketing
4 weeks ago
Peenya, Bengaluru, Karnataka, India VULTURE SECURITY AND FACILITY SERVICES Full time**Job Summary** SECURITY FIELD OFFICER AND MARKETING contact person Suresh Ballekattappa Mobile: +91-XXXXXXXXXX **Responsibilities and Duties** We required Security Field Officer immediately with 1 to 2 years of experience in the same field. and daily check security guards in all the units for their security discipline and meet clients and take the...
-
Compliance Architect
7 days ago
Bengaluru, Karnataka, India Tata Consultancy Services Full timeMust-Have Strong knowledge on SCCM & Satellite server Knowledge on Patching solutions On-Prem Hosting Compliance Services organization who maintains security and compliance of Windows and Linux Servers Operating Systems Information Security requirements and mitigating risks following ITIL, Agile and Kanban methodologies. Good to Have Experience in...
-
Security Guard
6 days ago
Bengaluru, India Griffin security services Full timeWe are looking for a fit and attentive security guard to ensure that our Dhaba is secured. The security guard is responsible for recording the names of visitors & employees and apprehending any trespassers. To be successful as a security guard you must be alert and professional and ensures that no inappropriate actions take place. Responsibilities and...
-
Privacy Compliance Analyst
4 weeks ago
Bengaluru, India Allime Tech Solutions Full timeJob Summary :Privacy Compliance Analyst with experience in data security technologies such as Classification, DLP, DRM along with exposure to implementation of data privacy and security frameworks.A continuous learner who is self-driven, team player and zeal to bring security transformation by reducing the exposure surface.Key Responsibilities :- Lead the...
-
Security Assessment
3 weeks ago
Bengaluru, India NETSACH GLOBAL Full timeGreetings from Netsach - A Cyber Security Company.Currently we are hiring Security Assessment & Compliance Specialist with 3-6yrs. This is a full-time onsite opportunity in Dubai.Job Title: Security Assessment & Compliance SpecialistExp: 3-6yrsJob Location: Dubai OnsiteJob Type: FulltimeJob OverviewThe Security Threat Assessment & Compliance Specialist will...
-
Risk Security Compliance Analyst
2 weeks ago
Bengaluru, India Talent Ocean Full timeClient : MNCPayroll: Third partyBudget : As per marketstandardsExperience : 36 YearsNP : Immediate to April joinersonlyLocation : BangaloreWFORisk Security &Compliance AnalystCertification : ISO 27001 LI CISSP / CISM / CISA IAMConsultant JobResponsibilities: Implementation of ISMSacross the organization working in European time zone driving thetopics and...
-
Senior Security Governance, Risk, Compliance
4 weeks ago
Bengaluru, India Nutanix Full timeThe Opportunity Reporting to the Director Information Security, Governance, Risk, and Compliance, the Senior GRC Lead will contribute to the development and operational execution of the program, including risk management and compliance with standards and regulations such as ISO27001 and EU GDPR.Information Technology at NutanixYour Role· Support the...
-
Cyber Security Professional
4 weeks ago
Bengaluru, India Siemens Mobility Full time**Job ID**: - 369305**Company**: - Siemens Technology and Services Private Limited**Organization**: - Advanta**Job Family**: - Cybersecurity**Experience Level**: - Experienced Professional**Full Time / Part Time**: - Full-time**Remote vs Office**: - Office/Site only**Contract Type**: - Permanent**Role**:Cyber Security Professional** - Siemens founded...
-
3 Days Left: Compliance Manager
2 weeks ago
Bengaluru, India LeadSquared Full timeLocation: BangaloreReports to: Director - ITPosition Overview: As an Information Security Compliance Manager at LeadSquared, you will play a critical role in overseeing and maintaining our information security compliance program. The ideal candidate will have at least 8 years of hands-on experience in managing compliance with ISO 27001, SOC 2, and HIPAA...
-
Compliance Officer
6 days ago
Bengaluru, Karnataka, India S&P Global Full time**About the Role**: **Grade Level (for internal use)**: 11 **The Team**: The Compliance team dedicated to the Market Intelligence division serves in an advisory capacity to the organization on the design and execution of strategy, making risk-based decisions, and evaluating opportunities while ensuring adherence to S&P Global’s compliance policies and...
