241 Conducting Security Audits jobs in Mumbai

About the role

As an Infrastructure Cloud Risk Assessment Manager, you are expected to have a solid understanding and experience of major cloud-native architectures, expertise in identity and access management, familiarity with various data encryption methods, and knowledge of cloud compliance regulations. You need to ensure availability, reliability, security and performance and resilient architecture to address customers/client business challenges and accelerate technology adoption to improve the product services. You need to ensure control on security by designing principles of applications hosted in public cloud (Azure, AWS, GCP, OCI). Technical understanding on zero-trust architecture and micro segmentation along with hands-on experience with SIEM (Security Information and Event Management) tools to proactively monitor, analyse, and respond to security incidents is an important aspect.

Key Responsibilities

Identifying Vulnerabilities

Understanding of cloud architecture review, and virtualization. Conduct cloud security assessments, across but not limited to the following domains:

* Network and Perimeter Security

* Data Protection and Backup Management

* Identity and Access Management

* Log Management and Monitoring

Analysis & Reporting

Identify and analyse the risks associated. Provide recommendations for the identified findings and develop the road-map. Contribute in creating and enforcing security policies, procedures, and best practices across the organization.

Implement Security Measures

Develop and implement robust security measures for cloud environments, ensuring the confidentiality, integrity, and availability of data. Contribute in creating and enforcing security policies, procedures, and best practices across the organization.

Collaborate

Work closely with cross-functional teams to integrate security controls seamlessly into cloud-based architectures and applications. Collaborate with other IT professionals, including network engineers, developers, and system administrators, to integrate cloud security measures into existing systems and processes.

Qualifications & Skills

Educational Qualification

Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with certifications such as CISSP, CISM, AWS Certified Security, etc.

Compliance

Assist in securing the IT landscape/ecosystem built on-premises and multi-cloud environment.

Technical Skills

Proficient in cloud security assessment, across all the deployment and service models IaaS, PaaS, SaaS. Experience with the cloud-native services across major cloud service providers (AWS, GCP, Azure, OCI).

Communication skills

Outstanding communication abilities. Ability to effectively communicate the required recommendations.

• Evaluate insurance applications and assess risk profiles for various insurance products.
• Determine appropriate policy terms, conditions, and pricing based on risk assessment.
• Analyze financial statements, loss history, and other relevant data to make underwriting decisions.
• Develop and implement underwriting guidelines and best practices.
• Collaborate with actuaries to ensure accurate pricing and reserving.
• Provide expert guidance and mentorship to junior underwriting staff.
• Communicate underwriting decisions and rationale clearly to agents, brokers, and clients.
• Monitor market trends and regulatory changes impacting underwriting.
• Identify opportunities for process improvement and efficiency gains in the underwriting function.
• Ensure compliance with all relevant insurance laws and regulations.

• Bachelor's degree in Finance, Economics, Business Administration, or a related field.
• Professional underwriting designations (e.g., AIC, CPCU) are highly desirable.
• Minimum of 5 years of experience in insurance underwriting, with a focus on complex risks.
• In-depth knowledge of various insurance lines and underwriting principles.
• Strong analytical, quantitative, and problem-solving skills.
• Proficiency in underwriting software and tools.
• Excellent communication, negotiation, and interpersonal skills.
• Ability to work independently and manage a workload effectively in a remote environment.
• Understanding of insurance regulations and compliance requirements.

• Underwrite complex insurance applications, assessing risk and determining coverage terms.
• Develop and implement effective underwriting policies and procedures.
• Mentor and guide a team of junior underwriters, providing training and support.
• Collaborate with actuaries and product development teams on pricing and policy design.
• Review and approve or deny insurance proposals based on risk evaluation.
• Monitor underwriting performance and identify areas for improvement.
• Ensure compliance with all relevant insurance laws and regulations.
• Build and maintain strong relationships with agents and brokers.
• Analyze market trends and competitor activities to inform underwriting strategies.
• Prepare reports on underwriting results and portfolio performance.

• Bachelor's degree in Finance, Business Administration, or a related field.
• Significant experience in insurance underwriting, with a focus on risk assessment.
• Strong knowledge of insurance products, legal requirements, and market dynamics.
• Excellent analytical, quantitative, and problem-solving skills.
• Proven leadership and team management capabilities.
• Effective communication and presentation skills.
• Proficiency in underwriting software and MS Office Suite.
• Professional certifications (e.g., CPCU) are a plus.

Job Summary
The AIML Security Risk Assessment Specialist will play a critical role in validating reports and making final risk assessments for AIML models used in various business applications and use cases. This role will work closely with the Digital Risk Management Portfolio team to ensure the security and integrity of AIML models, use case along with applications.

Key Responsibilities

• Risk Assessment: understand the business requirement, finalise the scope and perform end to end risk assessment. 
• Validate reports from various sources and make final risk assessments for AIML models, considering factors such as data quality, model performance, and potential security threats.
• Conduct Security Risk assessment for GenAI models, tools, and platforms risk assessment.
• Perform in-depth risk assessments of GenAI systems and associated data pipelines, both internally developed and third party.
• Evaluate the risk profile of different model architectures (e.g. transformer-based LLMs, multimodal models) and deployment types (cloud, edge, open-source, API-based)
• AIML Model Review: Review AIML models for potential security vulnerabilities, including data poisoning, model evasion, and adversarial attacks.
• Report Analysis: Analyse reports from AIML model testing and validation teams to identify potential security risks and provide recommendations for mitigation.
• Risk Classification: Classify risks associated with AIML models and provide recommendations for risk mitigation and remediation.
• Collaboration: Work closely with cross-functional teams, including data science, engineering, and security, to ensure secure AIML system development and deployment.
• Review AIML use cases and provide assurance/feedback/confirmation on feedback.
• Reasonable understanding on LLM security, Agentic and RAG security

Required Skills

• AIML Fundamentals: Strong understanding of AIML concepts, including machine learning, pipelines, model architecture deep learning, and natural language processing.
• Secure software development and MLOps (DevSecOps Principles)
• Hands-on experience with GenAI toolkits and APIs (e.g. OpenAI, Claude, Bard, LLaMA, Hugging face transformers.
• Security Expertise: Experience with security risk assessment, threat modelling, and vulnerability management.
• Analytical Skills: Excellent analytical and problem-solving skills, with the ability to interpret complex data and reports.
• Communication: Strong communication and collaboration skills, with the ability to provide clear and concise recommendations.

Experience

• Experience with AIML Security Frameworks: Familiarity with AIML security frameworks and guidelines Gartner / NIST 100 / ISO 42001
• Knowledge of Regulatory Requirements: Understanding of regulatory requirements, such as GDPR, HIPAA, or CCPA.
• Experience with Risk Management: Familiarity with risk management frameworks and methodologies, such as NIST or ISO 27001, ISO 31000.
• Experience overall in Information & cyber security domain
• Understanding of BFSI domain so that terms like DPSC, payments ecosystem, API banking, Cloud, IAM, application security etc in context of risk assessment and management.

Education 

• Bachelor's or Master's degree in Computer Science, Information Security, or related field.
• Minimum 7-15 years of experience with 2-3 years of experience* in AIML / GenAI security, risk management, or related field.
• CISA, CISM or at least AIML security certification 

This job description highlights the key responsibilities and required skills for an AIML / GenAI Security Risk Assessment Specialist role. The focus is on validating reports, making final risk assessments, and providing recommendations for risk mitigation and remediation.

About The Role : 

Job Title:

FIC Risk and Control Assessment (RCA)

LocationMumbai, India

Corporate TitleAVP

Role Description

The Business Control Unit (BCU) is a 1st Line of Defence (1st LoD) function within the front office created during the implementation of the Three Line of Defence (3LoD) programme. Its primary objective is to support the front office in executing Non-Financial Risk framework for its business line.

The primary responsibility of the candidate within the BCU would be to support the Risk and Control Assessment (RCA) process. The RCA is a key component of the Banks Non-Financial Risk (NFR) Framework to enable the effective profiling, monitoring, and management of Divisional NFR. The responsibilities would also include control testing, incident research, remediation and other ad hoc control initiatives and projects. Working closely with teams in and out of the division to understand risks impacting the group on a dynamic basis.

About The Role

The BCU team is principally responsible for:

- Identification and mitigation of non-financial risks (regulatory, conduct and systemic)
- Supporting the operations of an efficient supervisory and conduct framework.
- Ensuring the governance and remediation of a business audit portfolio
- Driving Change the Bank initiatives to support the control framework.

In addition to working closely with the business heads, the groups reach and interaction is broad, including engagement with the Corporate Relationship Management (Coverage) Divisional Control Officer (DCO) and those functions forming the 2nd and 3rd LoD, for example Compliance, Anti Financial Crime (AFC), Non-Financial Risk Management (NFRM), Legal, Group Audit and others. This role will be to support the Global BCU function in various capacities.

What well offer you

As part of our flexible scheme, here are just some of the benefits that youll enjoy

- Best in class leave policy
- Gender neutral parental leaves
- 100% reimbursement under childcare assistance benefit (gender neutral)
- Sponsorship for Industry relevant certifications and education
- Employee Assistance Program for you and your family members
- Comprehensive Hospitalization Insurance for you and your dependents
- Accident and Term life Insurance
- Complementary Health screening for 35 yrs. and above

Your key responsibilities

The Candidate within the team would be primarily responsible for RCA and would be required to-

- Collate and analyse contextual data and relevant data triggers (including read across from other assessments) to inform an accurate and up to date view of the Risk Profile as well as Emerging Risks.
- Update the Inherent Risk, Control Suite & Residual Risk rating and supporting rationale, liaising with Risk Types SMEs in their business.
- Consider the combined effectiveness of individual Key Controls, leveraging available Control Guardrail information, individual Control certification & assessment from Control Owners, and individual Control Assurance results for Control Suite ratings.
- Coordinating and incorporating Anti-Financial Crime and Compliance risk assessments within the business Risk Profile
- Coordinating and participating in quarterly US/ annual global RCA workshop to ensure Risks are discussed and mitigation decisions are documented in the RCA tool.
- Creating monthly RCA snapshot in the tool as a point-in-time Risk Profile for the division and coordinating capture of unresolved 2nd LoD challenges and obtain sign off from Risk Assessor.

Candidate would also be responsible for-

- Support Non-Financial Risk Councils (NFRCs).
- Support validation of DMA (Designated Market Activities) perimeter.
- Ensuring control inventory for Coverage is kept up to date.
- Support all aspects of Front Office Operational Risk Framework from an RCA perspective.
- Provide support for audit reviews and compliance testing.
- Creation and delivery of senior management reporting to support decision making.
- Provide analytical support to the BCU team and senior management decision making.
- Manage ad-hoc tasks as and when required.

Your skills and experience

- MBA in Finance from a premier institution with relevant experience
- Work experience in banking domain working on regulatory projects/ operational risk management.
- Strong interpersonal and excellent verbal and written communication skills. Experience in conducting and driving meetings with senior stakeholders.
- Able to work as part of a global team.
- Experience in managing the RCA process would be preferable.
- Strong computer skills, particularly in dealing with high volume of data, management of databases and Excel.
- Advanced exposure PowerPoint is must.
- Strong analytical skills and ability to formulate clearly and present information in a compelling manner.
- Confident to question the status quo business practice / existing control framework.

DEPARTMENT

Information Security

REPORTING POSITION

CISO

KEY RESPONSIBILITIES

Security Engineering:

Experience in review and /or implementation of technology components like networks, Infrastructure, security solutions like DLP, AD, end point security tools, Email Security, mobile device Security, proxy, firewall etc.

Review effectiveness of IT architecture, Data and User Security Controls, Cloud Security Assessment, Cryptography Controls, and other System Security Practices.

Conduct POCs for new Security Solutions, implementation of new Security Practices / Processes / Controls across organization, work closely with security partners and MSS vendors on day to day basis, and communicate updates

Should have good knowledge of various platforms / technologies and security controls (e.g. Firewall, proxy, load balancer, database, DLP, DRM, domain controllers, System Hardening, System Security Practices, Access Controls, Secure SDLC, Application Security etc.)

Conduct Review of all projects (e.g. new applications, system integration, secure architecture, confidential data requests, risk assessment etc.)

Security Operations Center (SOC) and Threat Intel:

The role will include complete governance and oversight on SOC processes, overseeing testing

Should understand of data protection techniques like encryption, vaulting, security in transit and at rest.

Analysing Security Advisories, identifying actionable with stakeholders & tracking closure.

Track vulnerabilities in the environment for remediation within timelines and ensure timely management reporting of all information security risks.

Involvement in SOC governance, to make sure all reported incident, advisories are actioned as per recommendations, review various reports, alerts generated by SOC

Regulatory Compliance:

Should have good knowledge of Indian IT laws, global security frameworks & regulatory requirements from IRDAI, RBI, SEBI etc.

Engage in Information security strategy and governance, risk and compliance, cyber resilience, information security transformation and co-sourcing, application and network security engagements.

Ensure Team is always audit / compliance ready, and support the internal / external audits.

REQUIRED QUALIFICATION AND SKILLS

Educational Qualifications:

Graduate, Post Graduate

Work Experience:

7+ Years of relevant experience in IT and Information Security

Certifications:

CISA, CISSP, CEH, ISO27001, BCMS, any security specific certificate will be added advantage .

Description

The BCU team is principally responsible for:

In addition to working closely with the business heads, the group’s reach and interaction is broad, including engagement with the Corporate Relationship Management (Coverage) Divisional Control Officer (DCO) and those functions forming the 2nd and 3rd LoD, for example Compliance, Anti Financial Crime (AFC), Non-Financial Risk Management (NFRM), Legal, Group Audit and others. This role will be to support the Global BCU function in various capacities.

What we’ll offer you

As part of our flexible scheme, here are just some of the benefits that you’ll enjoy

Your key responsibilities

The Candidate within the team would be primarily responsible for RCA and would be required to: -

Candidate would also be responsible for: -

Your skills and experience

How we’ll support you