70 Security Assessment jobs in India

IT Security & Compliance Lead

Location: Hyderabad

Experience: 5-8 years

Only Immediate Joiners.

Responsibilities

• IT Security, Compliance and Administration the Security/Compliance Analyst works in compliance with all written and approved policies, rules and regulations. This also includes the review and audit of all required data and evidences presented to both internal and external auditors. This position will play a key role in meeting and exceeding compliance to current and future IT narratives already in place. This position also includes providing security oversight and review of all security policies and adherence to those policies. The Security/Compliance Analyst will perform threat analyses and recommend adjustments to our current threat stance accordingly
• Specific Duties: (Describe the duties performed beginning with most important. For each duty, state frequency i.e. daily, weekly, or occasionally.)
• Duties Percent of Time Spent (may change as business needs dictate)
• Ensure compliance with current policies 25%
• Prepare and support internal and external audits 25%
• Review security policies and ensure compliance 25%
• Prepare current threats analyses and make recommendations 15%
• Miscellaneous duties as needed to support the IT Security, Compliance and Administration group 10%
• Assignment Review and Approval of Work: (Indicate who assigns work, how instructions are provided, and who reviews and approves work when completed.)
• Senior Manager of IT Security, Compliance and Administration assigns all work duties and provides general instructions.
• Responsibility and Decision-Making: (Briefly specify responsibility for making decisions.)
• Senior Manager of IT Security, Compliance and Administration assigns all work duties and provides general instructions. Main responsibility involves the compliance and security reviews. There is some reporting involved in this position.
• Equipment and Software Operation: (How much time is spent operating equipment? Indicate the types of equipment operated. Include specific hardware and software used and product achieved through usage.)
• MS Office is required, base knowledge of Microsoft Active Directory as is SharePoint also. Knowledge of most Anti-virus programs is a plus as is knowledge of security scanning programs such as Nexpose or Nessus.
• Relations with Others: (What contacts are made other than immediate co-workers and supervisors?)
• Position interacts with IT department personnel in relation to system issues. This person works with Business Analysts and Project Managers to schedule migrations. Interaction with the IT Helpdesk may be common.
• Hardest Part of Job: (Describe the most difficult or most complex part of the job.)
• Ensuring to ready for all audits and that the security stance is maintained to prevent malware intrusions
• Experience Necessary: (List minimum education or equivalent experience required performing job successfully; type and length of work experience, and any special courses required.)
• · Associate’s Degree or equivalent work experience.
• · At least 2 years’ experience in a compliance/admin role.
• · Experience with SharePoint 2010 and 2013
• · Experience with Microsoft Office Suite (Word, Excel, PowerPoint, Visio)
• · The ability to work with limited supervision.
• · Superior oral communication and interpersonal skills required.
• · Detail oriented individual with excellent work/time organizational skills, as well as analytical and problem solving skills, essential.
• · Take personal ownership (going beyond assigned tasks to make projects better, identifies and reports issues, demonstrates strong concern for client and initiatives)
• · Employee must be a team player with initiative and self-motivation; must be able to follow written and verbal instructions as well as interpret written policies; must be flexible to accept frequent change in priorities and possess the ability to coordinate tasks under critical time demands.
• Learning Period: (How long would it take a new employee to handle this job satisfactorily? What parts would take the longest to learn?)
• Employee could perform most tasks independently within 3 months. Detailed tasks take longer to learn, requiring assistance up to 3 months. Specific system interactions, interfaces and data processing impacts require the longest learning period.
• Additional Information: (List any information not previously described that would help someone better understand this job.)
• Documentation is a key process that must be maintained while in this role. Candidate must act as a subject matter expert to other groups and departments. Candidate must be proficient in the use of the following software:
• • Microsoft Office – Word, Excel and PowerPoint
• • Microsoft Visio
• • Other tools as identified

PATCH MANAGEMENT SERVICES

Install anti-virus, operating System and middleware Software (engine and signature file) updates according to Customer-approved security/risk patching policies and procedures.

Test anti-virus, operating System, and middleware Software updates prior to distribution according to Customer-approved security/risk patching policies and procedures.

Scan Customer Systems according to Customer-approved security/risk patching policies and procedures.

Apply critical/risk patches within four (4) hours of Customer approval as required in outbreak situations, according to Customer-approved security/risk policies and procedures.

Push anti-virus, operating System and middleware Software patches/updates to any contingency environments.

1. High Criticality: A vulnerability which if exploited may have a catastrophic or critical impact to the business if it were not to be mitigated through patching or other means.
2. Medium Criticality: A vulnerability which if exploited may have a significant impact to the business if it were not to be mitigated through patching or other means.
3. Low Criticality: A vulnerability which if exploited may have some impact to the business if it were not to be mitigated through patching or other means.

Job Title: Senior Security & Compliance Manager (Independent Contractor, Remote)

Company: US-based SaaS company

Location: Remote (Must work US hours, 6 AM – 2 PM Pacific Time or 9am - 5pm Eastern Time)

Compensation: $3,500–$4,500/month USD

The Senior Security & Compliance Manager will oversee the full lifecycle of Company's information security operations, including SOC 2 (BDO) and ISO 27001 audits, penetration and vulnerability testing, RFP security responses, and policy management. This role requires hands-on experience with security frameworks, vendor risk management, and compliance documentation.

You’ll work closely with Company's Legal, IT, and Engineering teams to maintain a secure and audit-ready environment aligned with industry standards.

Key Responsibilities

Audit, Certification & Governance

• Serve as internal lead for SOC 2, ISO AI, and ISO 27001 readiness, evidence collection, and auditor coordination.
• Maintain and update Company's Statement of Applicability (SOA) and control library.
• Manage security responses for client RFPs and due diligence questionnaires.

Security Operations

• Oversee penetration testing and vulnerability testing (Tenable.io) cycles; track and validate remediation.
• Maintain and enforce security-related policies, including access control, incident response, and DPA compliance.
• Conduct monthly IT security plan reviews and update internal reports.
• Manage change control, vendor security protocols, and breach notification procedures.

Risk & Asset Management

• Conduct and document monthly risk assessments, including:
• Review of Advanced Networks reports
• Permission changes and audit logs
• Data asset inventory
• Hardware asset management and secure disposal tracking
• Support vendor due diligence, reviewing risk scores, contracts, and compliance posture.

Documentation & Continuous Improvement

• Maintain a comprehensive repository of policies, risk assessments, and testing results.
• Recommend process or control improvements based on audit findings and security trends.
• Support Legal with client and regulator data protection obligations (GDPR, CCPA, etc.).

Qualifications

• 5+ years in information security, risk, or compliance (ideally within SaaS or regulated industries).
• Direct experience with SOC 2, ISO 27001, or similar control frameworks.
• Working knowledge of Tenable.io, or equivalent vendor risk platforms.
• Strong understanding of data protection, access control, and change management.
• Excellent writing and analytical skills; able to draft RFP responses and security documentation clearly.
• Certifications (preferred): CISA, CISSP, CRISC, or ISO 27001 Lead Implementer.

Please note, this role reports to Company's Head of Legal.

• Develop, implement, and maintain the organization's information security compliance program.
• Ensure adherence to relevant regulations, standards, and frameworks (e.g., ISO 27001, GDPR, HIPAA, NIST).
• Conduct regular internal security audits and assessments to identify compliance gaps and vulnerabilities.
• Develop and execute remediation plans for identified compliance issues.
• Manage external audits and certifications processes.
• Create and update security policies, procedures, and guidelines.
• Provide training and awareness programs on information security compliance to employees.
• Monitor and report on the status of compliance initiatives to senior management.
• Stay current with evolving security threats, vulnerabilities, and regulatory changes.
• Collaborate with IT, legal, and other departments to integrate security into business processes.
• Manage third-party risk assessments related to security compliance.
• Respond to security incidents from a compliance perspective.
• Develop and maintain incident response plans related to compliance breaches.

• Bachelor's or Master's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 7 years of experience in information security, with at least 3-4 years focused on compliance and risk management.
• In-depth knowledge of information security frameworks, standards, and regulations.
• Experience conducting security audits and gap analyses.
• Proficiency in risk assessment methodologies and tools.
• Excellent understanding of IT controls and security best practices.
• Strong analytical, problem-solving, and critical thinking skills.
• Exceptional written and verbal communication skills, with the ability to explain complex technical concepts.
• Relevant certifications such as CISSP, CISA, CISM, or CRISC are highly desirable.
• Ability to work independently and collaboratively in a fast-paced environment.
• Experience managing multiple compliance projects simultaneously.

• Develop, implement, and manage information security policies, procedures, and standards to ensure compliance with relevant regulations (e.g., GDPR, CCPA, HIPAA, ISO 27001, SOC 2).
• Conduct regular security risk assessments and vulnerability analyses to identify potential threats and weaknesses.
• Oversee the implementation and maintenance of security controls to mitigate identified risks.
• Lead internal and external audits, ensuring preparedness and facilitating audit processes.
• Develop and deliver security awareness training programs to employees across the organization.
• Monitor security incidents and breaches, managing response and remediation efforts.
• Work closely with legal, IT, and other departments to ensure alignment on compliance strategies.
• Stay abreast of evolving regulatory requirements, industry best practices, and emerging security threats.
• Develop and maintain comprehensive documentation for compliance processes and controls.
• Manage third-party vendor risk assessments to ensure their compliance with security standards.
• Prepare and present compliance reports to senior management and relevant stakeholders.
• Conduct periodic reviews of security policies and procedures to ensure their continued effectiveness and relevance.
• Establish key performance indicators (KPIs) to measure the effectiveness of the information security program.
• Champion a culture of security awareness and compliance throughout the organization.
• Manage data privacy initiatives and ensure adherence to data protection regulations.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master's degree preferred.
• 5-8 years of experience in information security, with a strong focus on compliance, risk management, and governance.
• In-depth knowledge of information security frameworks such as NIST Cybersecurity Framework, ISO 27001, SOC 2, PCI DSS, GDPR, and HIPAA.
• Experience in conducting security risk assessments and developing remediation plans.
• Proven ability to manage audit processes and interact with auditors.
• Excellent understanding of security technologies and controls.
• Strong analytical, problem-solving, and organizational skills.
• Exceptional written and verbal communication skills, with the ability to communicate complex compliance requirements clearly.
• Ability to work independently in a remote environment and manage multiple priorities effectively.
• Relevant security certifications such as CISSP, CISM, CRISC, CGEIT, or CISA are highly desirable.
• Experience with GRC (Governance, Risk, and Compliance) tools.
• Demonstrated ability to influence stakeholders at all levels of the organization.

Role Purpose:

Support the organisation’s security posture through monitoring, incident response coordination, and compliance activities. Work closely with IT operations, engineering, and leadership to ensure systems, data, and tools meet policy and risk standards

Key Responsibiliti es

• Safeguard cloud and on-premises infrastructure by implementing and maintaining robust security controls.
• Monitor Darktrace , SIEM , and other SOC tools to detect and respond to potential threats in real time.
• Investigate security incidents and coordinate with cross-functional teams to ensure effective resolution.
• Support the development, implementation, and continuous improvement of security policies and procedures.
• Contribute to compliance reporting , audit preparation , and maintenance of all related documentation, including risk registers and incident logs.
• Collaborate with the IT Operations team to strengthen access controls, endpoint protection, and data security measures.
• Partner with the Engineering team to secure cloud infrastructure and applications using tools such as CSPM, DAST, SAST, IAST, and SCA .
• Identify and assess vulnerabilities or misconfigurations, and ensure timely escalation for remediation.
• Escalate high-risk issues and potential breaches to the Technical Architect .
• Coordinate with the IT Operations Lead on endpoint management and access-related controls.
• Work closely with leadership when incidents require strategic or business-level decisions.

What We’re Looking For

• 3+ years of experience in security operations , SOC support , or a related field.
• Hands-on experience with Darktrace , SIEMs , or similar security monitoring tools.
• Understanding of IT compliance frameworks and risk management practices.
• Strong analytical, documentation, and communication skills.
• Ability to collaborate effectively with IT, engineering, and leadership teams.
• Keen attention to detail and proactive approach to security.

What You Need to Succeed

• Proactively escalate and resolve security alerts in a timely manner.
• Maintain strong audit and compliance readiness at all times.
• Minimize recurring or unresolved security incidents through effective follow-up and prevention.
• Ensure accuracy, clarity, and completeness in all reports and documentation.
• Continuously work to reduce exposure to known and potential risks.

Personal Attributes

• Strong analytical and problem-solving skills.
• High attention to detail and accuracy.
• Proactive, vigilant, and responsive under pressure.
• Collaborative and effective in cross-functional environments.
• Ethical, responsible, and confidentiality-driven.
• Clear and concise communicator.
• Continuous learner with a keen interest in emerging security trends.

“This is a fully remote role, and we welcome applications from candidates based anywhere in India"

About Client:

Our client is a global digital solutions and technology consulting company headquartered in Mumbai, India. The company generates annual revenue of over $4.29 billion (₹35,517 crore), reflecting a 4.4% year-over-year growth in USD terms. It has a workforce of around 86,000 professionals operating in more than 40 countries and serves a global client base of over 700 organizations.

Job Type: C2H

Role: Senior Infrastructure Security & Compliance Engineer

Experience: 8-12y

Work Location:Bangalore

Payroll on : People Prime World Wide

Notice :0-15days

Job Description:

Senior Infrastructure Security & Compliance Engineer (Zero-Touch GPU Cloud – GitOps-Driven Compliance & Resilience)

We are seeking a Senior Infrastructure Security & Compliance Engineer with 10+ years of experience in infrastructure and platform automation to drive the Zero-Touch Build, Upgrade, and Certification pipeline for our on-prem GPU cloud environment. This role is focused on integrating security scanning, policy enforcement, compliance validation, and backup automation into a fully GitOps-managed GPU cloud stack, spanning hardware → OS → Kubernetes → platform layers.

Key Responsibilities

• Design and implement GitOps-native workflows to automate security, compliance, and backup validation as part of the GPU cloud lifecycle.
• Integrate Trivy into CI/CD pipelines for container and system image vulnerability scanning.
• Automate kube-bench execution and remediation workflows to enforce Kubernetes security benchmarks (CIS/STIG).
• Define and enforce policy-as-code using OPA/Gatekeeper to validate cluster and workload configurations.
• Deploy and manage Velero to automate backup and disaster recovery operations for Kubernetes workloads.
• Ensure that all compliance, scanning, and backup logic is declarative and auditable through Git-backed repositories.
• Collaborate with infrastructure, platform, and security teams to define security baselines, enforce drift detection, and integrate automated guardrails.
• Drive remediation automation and post-validation gates across build, upgrade, and certification pipelines.
• Monitor evolving security threats and ensure tooling is regularly updated to detect vulnerabilities, misconfigurations, and compliance drift.

Required Skills & Experience

• 10+ years of hands-on experience in infrastructure, platform automation, and systems security.
• Primary key skills required are Python/Go/Bash scripting, OPA Rego policy writing, CI integration for Trivy & kube-bench, GitOps
• Strong knowledge and practical experience with:
• Trivy for container, filesystem, and configuration scanning
• kube-bench for Kubernetes CIS benchmark compliance
• Velero for Kubernetes-native backup and disaster recovery
• OPA/Gatekeeper for policy-as-code and admission control
• Deep understanding of GitOps workflows (e.g., Argo CD, Flux) and how to integrate security tools declaratively.
• Proven experience automating security, compliance, and backup validation in CI/CD pipelines.
• Solid foundation in Kubernetes internals, RBAC, pod security, and multi-tenant best practices.
• Familiarity with vulnerability management lifecycles and security risk remediation strategies.
• Experience with Linux systems administration, OS hardening, and secure bootstrapping.
• Proficiency in scripting languages such as Python, Go, or Bash for automation and tooling integration.
• Bonus:
• Experience with SBOMs, image signing, or container supply chain security
• Exposure to regulated environments (e.g., PCI-DSS, HIPAA, FedRAMP)
• Contributions to open-source security/compliance projects

• Seniority Level
• Mid-Senior level
• Industry
• IT Services and IT Consulting
• Software Development
• Employment Type
• Contract
• Job Functions
• Information Technology
• Skills
• Infrastructure Security
• Compliance Engineering