11+ Physical security Jobs in Bangalore (Bengaluru) | Physical security Job openings in Bangalore (Bengaluru)

At Upswing, we are committed to building a robust, scalable & secure API platform to power the world of Open Finance.

We are a passionate and self-driven team of thinkers who aspire to build the rails to connect the legacy financial sector with financial innovators through a simple and powerful banking-as-a-service (BaaS) platform.

We are looking for motivated engineers who will be working in a highly creative and cutting-edge technology environment to build a world-class financial services suite.

About the role

As part of the DevSecOps team at Upswing, you will get to work on building state-of-the-art infrastructure for the future. You will also be –

• Managing security aspects of the Cloud Infrastructure 
• Designing and Implementing Security measures, Incident Response guidelines 
• Conducting Security Awareness Training
• Developing SIEM tooling and pipelines end to end for vulnerability/security/incident reporting 
• Developing automation and performing routine VAPT for Network and Applications
• Integrating with 3rd party vendors for the services required to improve security posture 
• Mentoring people across the teams to enable best practices 

What will you do if you join us?

• Engage in a lot of cross-team collaboration to independently drive forward DevSecOps practices across the org 
• Take Ownership of existing, ongoing, and future DevSecOps initiatives 
• Plan and Engage in Architecture discussions to bring in different angles (especially security angles) to the table
• Build Automation stack and tools for security pipeline 
• Integrate different security measures and pipelines with the SIEM tool
• Conducting routine VAPT using manual and automated workflows, generating and maintaining the report for the same
• Introduce and Implement best practices across teams for a great security posture in the org

You should have

• Curiosity for on-the-job learning and experimenting with new technologies and ideas
• A strong background in Linux environment
• Proven experience in Architecting networks with security first implementation
• Experience with VAPT tooling for Networks and Applications is required 
• Strong experience in Cloud technologies, multi-cloud environments, and best practices in Cloud 
• Experience with at least one scripting language (Ruby/Python/Groovy)
• Experience in Terraform is highly desirable but not mandatory
• Some experience with Kubernetes, and Docker is required 
• Understanding Java web applications and monitoring them for security vulnerabilities would be a plus 
• Any other DevSecOps-related experience will be considered

Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.

Base location: - Bengaluru - Must

Requirements: -

1. Mandatory - ISO 27001:2013 lead implementor certified
2. Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)
3. Good to have – CISA, CISM, Risk management certification, Privacy certifications.
4. Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.
5. This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.
6. Good documentation skills.
7. Develop, implement, maintain, review and continually improve Information Security policies.
8. Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
9. Manage and maintain a risk register / risk database along with risk treatment plans.
10. Good understanding of physical and environmental security.
11. Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.
12. Provide training to the employees on Privacy & Information Security Management System on regular intervals.
13. The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.
14. Mandatory: Good verbal and written communication skills. Eye for details.
15. Good presentation skills.
16. Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.

1) Determine client needs and expectations and participate in the development of the overall client service plan. Analyse, develop, and implement information security programs, including organizational design and key processes for our clients as per plans

2)Design and develop cyber security strategies and programs for large and complex organizations

3)Define and implement cyber risk management structures, governance models, organizational transformations in the areas of cyber security

4)Develop security policies, processes, procedures. Map controls and compliance requirements. Responsible for risk assessments, gap analysis (against standards and benchmarks), risk mitigation strategy development.

4)Roll out the GRC Cybersecurity controls framework while balancing the approach with end user experience and compliance

5)Develop and tailor approaches, methods and tools to support clients cyber risk programs and initiatives

6)Provide strategic and operational advice in the areas of safeguarding critical information. Identify areas requiring improvement in the client's business processes to enable preparation of recommendations. 7)Evaluate, implement and operationalize security controls, define metrics for measure performance and establish a framework for continuous monitoring and improvement and Play substantive role in internal and external client relationship and communication

8)Interact with CxOs to define the roadmap for GRC strategy.

9Help build Cyber Transformation practice by getting involved in areas beyond engagement delivery such as pre-sales, RFP response, solution designing, competency development and Go to market strategies

10)Create or help create though leadership content in the emerging areas of Cyber Strategy and Risk Transformation .

Immediate Joiners

• Minimum of 5+ years of experience in IT industry at VMware NSX Design/Implementation Projects.
• Minimum 3+ years of experience in industry leading load balancer and security products (Mandatory)
• Should have solid hands-on experience in VMware Avi, NSX V and/or NSX-T.
• Hands on installation and configuration experience with Base NSX-V & NSX-T Components, VTEP's, Load Balancer, LB Rules, Security components, etc.
• Strong understanding of and experience in TCP/IP, DNS, Http, SSL, DHCP.
• Proficiency in vSphere products and technologies like HA, vMotion, DRS, and Update Manager, Administration, etc would be a plus.
• Exposure to enterprise class architecture or implementation with suite of VMware products including vCenter, vSphere, SAN, RAID, Clustering, Consolidation, Load Balancing, etc.
• Troubleshooting and Debugging of VMware Architecture related issues.
• Strong understanding of Linux/Windows servers.
• Good to have some knowledge in vRA/vRO.
• Good to have Any Automation Experience with PowerShell/Python/Bash/Ansible and basic knowledge of VMware API’s.
• Good to have some knowledge of Kubernetes and Dockers.
• Succeed in a team environment.

Job description Senior Security Consultant

Roles and Responsibilities

Company will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills

Work profile of individual

• cyber security consulting team, individual’s primary role would be to get to the heart of customer issues, diagnose problem areas, design innovative solutions and facilitate deployment resulting in client delight.
• Will own and / Manage ISMS / ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS , Cyber Security, SOX ITGC on customer engagements
• Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
• Will be an active participant in internal / third party system security reviews and audits on customer engagements
• Will be an active participant in technical audits like VA / PT
• Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
• Will be responsible for implementation of new projects under Information Security Domain
• Will be able to manage document tracking and updating - policies, processes, procedures, templates, etc.
• Will plan the activities of configuration, conduct conference room pilots and will assist in resolving any queries related to requirements and Security control Design
• Will develop a proposal by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
• Will engage with clients and(or) application development teams for implementation of cyber security & data privacy by design and data protection controls.
• Will support the clients with ongoing design, implementation and maintenance of the data privacy framework for managing data protection risk including responding to legislation, devising and owning policies and training.
• Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.

Team work

• Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
• Individual would predominately work with off-shore engagement teams and relevant  teams on presale and cyber security delivery.
• Communication, written and verbal, with these teams would be expected.
• Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
• Team members would be required to handle multiple tasks at the same time.
• Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.

Desired Candidate Profile

• Bachelors
• Certifications (ISO 27001/ ISO 31000/ CISA/ CISSP/ CSX or equivalent and other relevant qualification/certification
• Experience : 8-10 years
  
  

Knowledge Required:

• Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
• Deep understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
• Good understanding of technical security like network security, operating system, encryption, use of tools and technologies for various processes like logical access control, network security, security monitoring etc.
• Sound knowledge of Internal Controls and Compliance. Must be able to recommend controls around people, process, and technology.
• Sound knowledge on IT controls (especially IT risks). Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
• Good knowledge on Privacy, Governance and reporting
• Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
• Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
• Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.

Additional Responsibilities:

• Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
• Good knowledge on software configuration management systems and license Management systems
• Awareness of latest technologies and Industry trends
• Logical thinking and problem solving skills along with an ability to collaborate
• Understanding of the financial processes for various types of projects and the various pricing models available
• Ability to assess the current processes, identify improvement areas and suggest the technology solutions
• One or two industry domain knowledge
• Client Interfacing skills
• Project and Team management

Job description – Information Security (Network)

Roles and Responsibilities

Company will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills

Work profile of individual

• As part of the company cyber security consulting team, individual’s primary role would be to work with ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS , Cyber Security, SOX ITGC on customer engagements
• Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
• Will be an active participant in internal / third party system security reviews and audits on customer engagements
• Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
• Will be responsible for implementation of new projects under Information Security Domain
• Will be able to manage document tracking and updating - policies, processes, procedures, templates etc.
• Will assist in development of proposals by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
• Will engage with clients and(or) application development teams for implementation of cyber security & data privacy by design and data protection controls.
• Will support the clients with ongoing design, implementation and maintenance of the data privacy framework for managing data protection risk including responding to legislation, devising and owning policies and training.
• Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.

Team work

• Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
• Individual would predominately work with off-shore engagement teams and relevant  teams on presale and cyber security delivery.
• Communication, written and verbal, with these teams would be expected.
• Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
• Team members would be required to handle multiple tasks at the same time.
• Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.

Desired Candidate Profile

• Bachelors
• Certifications (ISO 27001/ ISO 31000/ CISA/ CISSP/ CSX or equivalent and other relevant qualification/certification
• Experience : 3-5 years
  
  

Knowledge Required:

• Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
• Good understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
• Good understanding of technical security like network security, operating system, encryption, use of tools and technologies for various processes like logical access control, network security, security monitoring etc.
• Sound knowledge of Internal Controls and Compliance. Must be able to recommend controls around people, process, and technology.
• Sound knowledge on IT controls (especially IT risks). Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
• Good knowledge on Privacy, Governance and reporting
• Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
• Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
• Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.

Additional Responsibilities:

• Ability to assist in value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
• Good knowledge on software configuration management systems and license Management systems
• Awareness of latest technologies and Industry trends
• Logical thinking and problem solving skills along with an ability to collaborate
• Understanding of the financial processes for various types of projects and the various pricing models available
• Ability to assess the current processes, identify improvement areas and suggest the technology solutions
• One or two industry domain knowledge
• Client Interfacing skills
• Project and Team management

The Role

We are looking foran Information Security Analyst – Compliance to primarily strengthen our practice towards compliances such as HIPAA, HITRUST,etc. and ensure highest levels of security around sensitive data.

• Identifying new risks and performing risk assessments.
• Performing continuous gap analysis.
• Auditing the applications, configurations, and internal practices against standards such as HIPAA, HITRUST etc.
• Providing advice and implementing forward-thinking information security policies, procedures, and standards.
• Assisting several teams (internal and external) with best practicesand security consultations.
• Supporting with other information security activities as assigned.
• Ensuring the organizational compliance during audits and certification efforts.

Requirements:

• Demonstrated experience in implementing and maintaining security standards such as HIPAA, HITRUST, SOC2, ISO 27001 etc.
• Ability to understand and interpret legal, regulatory, and contractual compliance requirements.
• Experience in InfoSec policy creation and documentation.
• Ability to understand technology and pertaining risks.
• Knowledge on IT, Servers, SDLC, Database, etc.
• Experience working with / securing cloud-based applications is an add-on.
• 2+ years of experience.
• Excellent written and verbal communication skills.
• Relevant Security Certifications will be a good add-on.

• Establish, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Work directly with the business units to facilitate risk assessment and risk management processes
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Provide leadership to the enterprise's information security organization
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Conduct regular internal audits in compliance with applicable legal and contractual requirements, ISO 27001 and PCI DSS requirements and companies internal requirements
• Conduct regular Management reviews and update the management on information security aspects. The MRMs shall also focus on drawing Management attentions to the key areas for required management actions.
• CISO is also responsible to ensure customer audits as well as re-certification and surveillance audits and successful.
• Coordinate with relevant stakeholders to address the NC closures.
• CISO shall ensure the information incidents are responded and resolved on time to ensure compliance with legal and contractual requirements.

• Degree in business administration or a technology-related field required.
• Professional security management certification
• Minimum of 5 years of experience in a combination of risk management, information security and IT jobs
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and PCI DSS.
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Experience with contract and vendor negotiations and management including managed services.
• Specific experience in Agile (scaled) software development or other best in class development practices.
• Experience with Cloud computing/Elastic computing across virtualized environments.