11+ QMS Jobs in Bangalore (Bengaluru) | QMS Job openings in Bangalore (Bengaluru)
Apply to 11+ QMS Jobs in Bangalore (Bengaluru) on CutShort.io. Explore the latest QMS Job opportunities across top companies like Google, Amazon & Adobe.
What you will do:
- Working closely with the external auditors to achieve common goals
- Conducting Enabling Service Audit (HR, Admin, IT) once in 6 months for the verification of ISMS & QMS Standards
- Performing ISMS and Internal Audit
- Being part of the external Audits (ISMS, QMS & CMMI)
- Managing of implementation of ISMS
Desired Candidate Profile
What you need to have:- Strong communication and team building skills with proficiency at grasping new technical concepts quickly and utilizing the same in a productive manner
- Experience in ISO27001, Internal Audits, CMMI
Position Title: Manager – Security Operations Organization /Function: Manager is responsible for day to day operational and project delivery for a set of customers Relevant Experience: 10+ years of experience in security area and at least 2 years as Security manager Educational Qualification: BE/B.Tech/ME/M.Tech/Graduate/Master in any stream with excellent academic record
Must-have Skills: • Must know common security policy frameworks and possess knowledge of how security programs are run at mid to large scale companies • Must have managed a team to deliver “Managed Security Service” or “Security Operations Center” • Prior working Background in either SIEM tools (Splunk, ArcSight, QRadar, DNIF etc.) or Vulnerability assessment and Management tool (Qualys/Rapid7) and process • Has broader context and understanding of managed security services • Must have service mindset and empathy. Must deal with a level of ambiguity, chaos and apparent stubbornness from customers, and manage around it by thinking through the issue or request from the customer’s perspective to drive to a reasonable conclusion • Must have prior experience on Project Management • Must have prior experience of onsite-offshore delivery model and should have directly worked with US/European customers or colleagues • Must have ITIL process knowledge
Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.
Base location: - Bengaluru - Must
Requirements: -
- Mandatory - ISO 27001:2013 lead implementor certified
- Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)
- Good to have – CISA, CISM, Risk management certification, Privacy certifications.
- Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.
- This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.
- Good documentation skills.
- Develop, implement, maintain, review and continually improve Information Security policies.
- Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
- Manage and maintain a risk register / risk database along with risk treatment plans.
- Good understanding of physical and environmental security.
- Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.
- Provide training to the employees on Privacy & Information Security Management System on regular intervals.
- The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.
- Mandatory: Good verbal and written communication skills. Eye for details.
- Good presentation skills.
- Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.
Job description – Information Security (Network)
Roles and Responsibilities
Company will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills
Work profile of individual
- As part of the company cyber security consulting team, individual’s primary role would be to work with ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS , Cyber Security, SOX ITGC on customer engagements
- Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
- Will be an active participant in internal / third party system security reviews and audits on customer engagements
- Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
- Will be responsible for implementation of new projects under Information Security Domain
- Will be able to manage document tracking and updating - policies, processes, procedures, templates etc.
- Will assist in development of proposals by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
- Will engage with clients and(or) application development teams for implementation of cyber security & data privacy by design and data protection controls.
- Will support the clients with ongoing design, implementation and maintenance of the data privacy framework for managing data protection risk including responding to legislation, devising and owning policies and training.
- Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.
Team work
- Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
- Individual would predominately work with off-shore engagement teams and relevant teams on presale and cyber security delivery.
- Communication, written and verbal, with these teams would be expected.
- Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
- Team members would be required to handle multiple tasks at the same time.
- Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.
Desired Candidate Profile
- Bachelors
- Certifications (ISO 27001/ ISO 31000/ CISA/ CISSP/ CSX or equivalent and other relevant qualification/certification
- Experience : 3-5 years
Knowledge Required:
- Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
- Good understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
- Good understanding of technical security like network security, operating system, encryption, use of tools and technologies for various processes like logical access control, network security, security monitoring etc.
- Sound knowledge of Internal Controls and Compliance. Must be able to recommend controls around people, process, and technology.
- Sound knowledge on IT controls (especially IT risks). Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
- Good knowledge on Privacy, Governance and reporting
- Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
- Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
- Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.
Additional Responsibilities:
- Ability to assist in value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
- Good knowledge on software configuration management systems and license Management systems
- Awareness of latest technologies and Industry trends
- Logical thinking and problem solving skills along with an ability to collaborate
- Understanding of the financial processes for various types of projects and the various pricing models available
- Ability to assess the current processes, identify improvement areas and suggest the technology solutions
- One or two industry domain knowledge
- Client Interfacing skills
- Project and Team management
What are we looking for?
An enthusiastic individual with the following skills. Please do not hesitate to apply if you do not match all of it. We are open to promising candidates who are passionate about their work and are team players.
Key Responsibilities & expectations from the candidate
- Must have strong experience in Information Security Management system(ISMS), creation of policy, procedures and implementation.
- Operates as a key contributor to the RFP, Third-Party Risk assessment, cloud security assessment etc.
- Lead the strategic and tactical development of information security framework, risk management and new compliance initiatives
- Subject matter expertise in ISO 27001, SOC2, CCPA, CPRA, GDPR, PCI DSS and HIPAA.
- Must have a strong experience in the documentation process and reviewing MSA, SCC, SLA & DPA.
- Good knowledge of BCP/DR, Incident response, VA/PT and Audit methodologies of various compliance frameworks.
- Good knowledge of Access management, Network, Application Security, Encryption, Backup, Physical Security, ISMS Training & Awareness etc..
- Ability to deal with the customers and vendors on Security and privacy matters.
- Knowledge of Core IT processes, SDLC, network infrastructure will be useful.
Personal Attributes
- Good written, oral, and interpersonal communication skills.
- Ability to conduct research into IT security issues
- Ability to present ideas in business-friendly and user-friendly language.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Highly self-motivated and hardworking.
Qualification and certification
- Bachelor’s/master's degree in Security, Computer Science, Management Information Systems, Engineering or related field.
- Should be at least ISO 27001 lead auditor or lead implementer.
- 3+ years of related work experience in information security governance, risk and compliance (GRC) or relevant compliance roles in the SaaS industry.
What can you look for?
A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact, and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being here.
We are
It is a rapidly growing fintech SaaS firm that propels business growth while focusing on human motivation. Backed by Giift and Apis Partners Growth Fund II, Company offers a suite of three products - Plum, Empuls, and Compass. Company works with more than 2000 clients across 10+ countries and over 2.5 million users. Headquartered in Bengaluru, Company is a 300+ strong team with four global offices in San Francisco, Dublin, Singapore, New Delhi.
Way forward
We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status.
Job description Senior Security Consultant
Roles and Responsibilities
Company will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills
Work profile of individual
- cyber security consulting team, individual’s primary role would be to get to the heart of customer issues, diagnose problem areas, design innovative solutions and facilitate deployment resulting in client delight.
- Will own and / Manage ISMS / ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS , Cyber Security, SOX ITGC on customer engagements
- Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
- Will be an active participant in internal / third party system security reviews and audits on customer engagements
- Will be an active participant in technical audits like VA / PT
- Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
- Will be responsible for implementation of new projects under Information Security Domain
- Will be able to manage document tracking and updating - policies, processes, procedures, templates, etc.
- Will plan the activities of configuration, conduct conference room pilots and will assist in resolving any queries related to requirements and Security control Design
- Will develop a proposal by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
- Will engage with clients and(or) application development teams for implementation of cyber security & data privacy by design and data protection controls.
- Will support the clients with ongoing design, implementation and maintenance of the data privacy framework for managing data protection risk including responding to legislation, devising and owning policies and training.
- Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.
Team work
- Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
- Individual would predominately work with off-shore engagement teams and relevant teams on presale and cyber security delivery.
- Communication, written and verbal, with these teams would be expected.
- Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
- Team members would be required to handle multiple tasks at the same time.
- Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.
Desired Candidate Profile
- Bachelors
- Certifications (ISO 27001/ ISO 31000/ CISA/ CISSP/ CSX or equivalent and other relevant qualification/certification
- Experience : 8-10 years
Knowledge Required:
- Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
- Deep understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
- Good understanding of technical security like network security, operating system, encryption, use of tools and technologies for various processes like logical access control, network security, security monitoring etc.
- Sound knowledge of Internal Controls and Compliance. Must be able to recommend controls around people, process, and technology.
- Sound knowledge on IT controls (especially IT risks). Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
- Good knowledge on Privacy, Governance and reporting
- Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
- Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
- Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.
Additional Responsibilities:
- Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
- Good knowledge on software configuration management systems and license Management systems
- Awareness of latest technologies and Industry trends
- Logical thinking and problem solving skills along with an ability to collaborate
- Understanding of the financial processes for various types of projects and the various pricing models available
- Ability to assess the current processes, identify improvement areas and suggest the technology solutions
- One or two industry domain knowledge
- Client Interfacing skills
- Project and Team management
|
Desired Skills |
To have skills: · Proven technical expertise in cyber security domains, i.e. endpoint security, application security testing. · Knowledge and experience in public cloud solutions. · Knowledge on network security, networking concepts and architectural implementations. · Knowledge on vulnerability testing and define proper remediation’s. · Shell scripting experience - Shell/Bash/Python. · Working experience of Linux operation.
Desire to have skills: · One or more of the following cyber security certifications: CEH, CISSP, OSCP, SSCP CCSP. · Excellent problem solving, and follow-up skills. · Ability to convey technical security concepts to non-technical audiences. |
Information Security Specialist
Notice Period: 45 days / Immediate Joining
Banyan Data Services (BDS) is a US-based data-focused Company that specializes in comprehensive data solutions and services, headquartered in San Jose, California, USA.
We are looking Information Security Specialist who has the expertise and deep knowledge of Information security regulations, compliance, and SIEM tools, and the ability to develop, describe and implement Security Baselines and Policies.
It's a once-in-a-lifetime opportunity to join our rocket ship startup run by a world-class executive team. We are looking for candidates that aspire to be a part of the cutting-edge solutions and services we offer that address next-gen data evolution challenges.
Key Qualifications
· Design, deploy, and support Information Security Solutions provided by BDS
· Assist clients to carry out the IT Risk Management assessment on both on-prem and cloud platforms
· Provide subject matter expertise on IT security compliances during the security audits to meet various security governances.
· Research and strategic analysis of existing, and evolving all IT and data security technologies
· Establish baselines to define required security controls for all infrastructure components and application stack
· Follow latest vulnerabilities and threats intelligence updates across a wide range of technologies and make recommendations for improvements in the security baselines.
· Overseeing security event monitoring, understand the impact, and coordinate remediation efforts
· Create and optimize the SIEM rules to adjust the specification of alerts in responding to incident follow up
· Must be able to work a flexible schedule during off-hours
Key Skills & Qualification
· Minimum of 4 years relevant work experience in information/cyber security, audit, and compliance
· Certifications in any of technical security specialty (e.g., CISA, CISSP, CISM)
· Experience in managing SIEM products like Arcsight, Qradar, Sumo Logic, RSA NetWitness Suite, ELK, Splunk
· Exposure of the security audit tools on public cloud platforms
· Solid understanding of the underlying LINUX/UNIX and Windows OS security architecture
· Certified Ethical Hacker would be a plus
· Handling of Security audits is a must
· Proven interpersonal skills while contributing to team effort by accomplishing related results
· Passion for learning new technologies and the ability to do so quickly.
http://www.banyandata.com" target="_blank">www.banyandata.com
The Role
We are looking foran Information Security Analyst – Compliance to primarily strengthen our practice towards compliances such as HIPAA, HITRUST,etc. and ensure highest levels of security around sensitive data.
- Identifying new risks and performing risk assessments.
- Performing continuous gap analysis.
- Auditing the applications, configurations, and internal practices against standards such as HIPAA, HITRUST etc.
- Providing advice and implementing forward-thinking information security policies, procedures, and standards.
- Assisting several teams (internal and external) with best practicesand security consultations.
- Supporting with other information security activities as assigned.
- Ensuring the organizational compliance during audits and certification efforts.
Requirements:
- Demonstrated experience in implementing and maintaining security standards such as HIPAA, HITRUST, SOC2, ISO 27001 etc.
- Ability to understand and interpret legal, regulatory, and contractual compliance requirements.
- Experience in InfoSec policy creation and documentation.
- Ability to understand technology and pertaining risks.
- Knowledge on IT, Servers, SDLC, Database, etc.
- Experience working with / securing cloud-based applications is an add-on.
- 2+ years of experience.
- Excellent written and verbal communication skills.
- Relevant Security Certifications will be a good add-on.
Security Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting
Follow Cutshort