217 Conducting Security Audits jobs in Mumbai

Job Summary
The AIML Security Risk Assessment Specialist will play a critical role in validating reports and making final risk assessments for AIML models used in various business applications and use cases. This role will work closely with the Digital Risk Management Portfolio team to ensure the security and integrity of AIML models, use case along with applications.

Key Responsibilities

• Risk Assessment: understand the business requirement, finalise the scope and perform end to end risk assessment. 
• Validate reports from various sources and make final risk assessments for AIML models, considering factors such as data quality, model performance, and potential security threats.
• Conduct Security Risk assessment for GenAI models, tools, and platforms risk assessment.
• Perform in-depth risk assessments of GenAI systems and associated data pipelines, both internally developed and third party.
• Evaluate the risk profile of different model architectures (e.g. transformer-based LLMs, multimodal models) and deployment types (cloud, edge, open-source, API-based)
• AIML Model Review: Review AIML models for potential security vulnerabilities, including data poisoning, model evasion, and adversarial attacks.
• Report Analysis: Analyse reports from AIML model testing and validation teams to identify potential security risks and provide recommendations for mitigation.
• Risk Classification: Classify risks associated with AIML models and provide recommendations for risk mitigation and remediation.
• Collaboration: Work closely with cross-functional teams, including data science, engineering, and security, to ensure secure AIML system development and deployment.
• Review AIML use cases and provide assurance/feedback/confirmation on feedback.
• Reasonable understanding on LLM security, Agentic and RAG security

Required Skills

• AIML Fundamentals: Strong understanding of AIML concepts, including machine learning, pipelines, model architecture deep learning, and natural language processing.
• Secure software development and MLOps (DevSecOps Principles)
• Hands-on experience with GenAI toolkits and APIs (e.g. OpenAI, Claude, Bard, LLaMA, Hugging face transformers.
• Security Expertise: Experience with security risk assessment, threat modelling, and vulnerability management.
• Analytical Skills: Excellent analytical and problem-solving skills, with the ability to interpret complex data and reports.
• Communication: Strong communication and collaboration skills, with the ability to provide clear and concise recommendations.

Experience

• Experience with AIML Security Frameworks: Familiarity with AIML security frameworks and guidelines Gartner / NIST 100 / ISO 42001
• Knowledge of Regulatory Requirements: Understanding of regulatory requirements, such as GDPR, HIPAA, or CCPA.
• Experience with Risk Management: Familiarity with risk management frameworks and methodologies, such as NIST or ISO 27001, ISO 31000.
• Experience overall in Information & cyber security domain
• Understanding of BFSI domain so that terms like DPSC, payments ecosystem, API banking, Cloud, IAM, application security etc in context of risk assessment and management.

Education 

• Bachelor's or Master's degree in Computer Science, Information Security, or related field.
• Minimum 7-15 years of experience with 2-3 years of experience* in AIML / GenAI security, risk management, or related field.
• CISA, CISM or at least AIML security certification 

This job description highlights the key responsibilities and required skills for an AIML / GenAI Security Risk Assessment Specialist role. The focus is on validating reports, making final risk assessments, and providing recommendations for risk mitigation and remediation.

Description

The BCU team is principally responsible for:

In addition to working closely with the business heads, the group’s reach and interaction is broad, including engagement with the Corporate Relationship Management (Coverage) Divisional Control Officer (DCO) and those functions forming the 2nd and 3rd LoD, for example Compliance, Anti Financial Crime (AFC), Non-Financial Risk Management (NFRM), Legal, Group Audit and others. This role will be to support the Global BCU function in various capacities.

What we’ll offer you

As part of our flexible scheme, here are just some of the benefits that you’ll enjoy

Your key responsibilities

The Candidate within the team would be primarily responsible for RCA and would be required to: -

Candidate would also be responsible for: -

Your skills and experience

How we’ll support you

• Monitor security alerts and investigate potential security incidents.
• Conduct vulnerability assessments and penetration testing.
• Develop and implement security policies and procedures.
• Analyze security threats and recommend mitigation strategies.
• Assist in the development of incident response plans.
• Perform security configuration reviews and audits.
• Contribute to security awareness training.
• Stay updated on emerging cybersecurity threats and technologies.
• Collaborate with IT teams on security best practices.

• Bachelor's degree in Computer Science, IT, or Cybersecurity.
• 2-4 years of experience in information security or cybersecurity.
• Relevant certifications (e.g., CISSP, CEH, Security+).
• Experience with SIEM, IDS/IPS, and endpoint security solutions.
• Strong understanding of network security principles.
• Excellent analytical and problem-solving skills.
• Effective communication and interpersonal abilities.

• Monitor security systems for potential threats and anomalies.
• Investigate and respond to security incidents and breaches.
• Conduct vulnerability assessments and penetration testing.
• Implement and maintain security controls and countermeasures.
• Develop and update security policies, procedures, and guidelines.
• Perform regular security audits and compliance checks.
• Analyze security trends and recommend improvements to the security posture.
• Collaborate with IT and development teams on secure system design and implementation.
• Provide security awareness training to employees.
• Stay current with emerging cybersecurity threats and technologies.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Proven experience in information security or cybersecurity roles.
• Strong understanding of cybersecurity principles, best practices, and frameworks (e.g., NIST, ISO 27001).
• Proficiency with security tools such as SIEM, IDS/IPS, firewalls, and EDR solutions.
• Experience with vulnerability assessment and penetration testing methodologies.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong communication and interpersonal skills.
• Ability to work effectively in both a remote and office environment.
• Relevant security certifications (e.g., CISSP, CompTIA Security+) are a plus.