89 Security Audits jobs in Chennai

Job ID: 28788

Location: Chennai, IN

Area of interest: Governance, Risk Management & Compliance

Job type: Regular Employee

Work style: Office Working

Opening date: 8 Sept 2025

Job Summary

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

The successful candidate has a strong business acumen and understanding of "CFCC - Conduct, Financial Crime and Compliance Risk Analysis and Advisory". The candidate is highly skilled individuals with Practioners level experience in CFCC risk assessment and monitoring, business risk advisory, regulatory and policy interpretation & compliance management, issue and event management and change risk management with exposure to product development, regulatory technology and innovation, data and analytics led risk management practices. This is a global role covering across the SCB footprint in Asia, Africa, Middle East, Europe, and Americas, covering multiple Businesses from Retail Bank, Private Bank, Affluent & Wealth Management, Transaction Banking including Trade & Cash, Banking and Financial Markets Business.

The responsibilities includes, working across Business, Products, Clusters and Countries Compliance and Specialist teams to perform:

Key Responsibilities

• Risk Identification, Analysis and Assessment of CFCC Risks, measure exposure to those risks and design, build and recommend control framework to mitigate and manage those risks, to enable structural and thematic risk response or remediation.
• Risk monitoring of dynamic changes to risk and control environment, generate operational level insights to enable operational or tactical risk response or remediation.
• Perform targeted deep dive into material or emerging or unknown risk areas due to a change in threat profile or business strategy, to enable structural risk response or remediation.
• Manage issues and events as it occurs, perform root cause analysis and lessons learnt, remediate vulnerabilities, reduce exposures, fix gaps to improve control environment.
• Manage CFCC risks introduced due to business change, perform a holistic assessment of impact of those changes to Businesses, mitigate and manage those risks proactively, to enable a sustainable growth of business.
• Provide Business risk advisory in areas such as policy and regulation, business, or product change, to enable a sustainable growth of business.
• Provide actionable risk insights and recommendation actions & decisions to Business, Products, Clusters and Countries Compliance and Specialist teams for them to drive & deliver client aware and risk focused outcomes and decisions.
• Work with CFCC Product Owners in continuous improvement of products and services, build and innovate using reg tech and data analytical products.

Strategy

• Contribute materially towards the development, support, and implementation of the vision, strategy, and direction of the CFCC Professional Services team and in support of the Bank's strategic direction and growth aspirations.
• Responsible to work with CFCC Product & Professional Services colleagues, CFCC Coverage & Specialist Teams and Business Risk Managers to identify risks across the Bank and drive appropriate action.

Business

• Build and maintain an effective and constructive relationship with all CFCC Product & Professional Services colleagues, CFCC Coverage & Specialist Teams and Business Risk Managers that is based on trust, capability and integrity, providing timely, responsive and
• quality CFCC related advice and guidance to enable the business and functions to meet/ achieve their strategic tactical objectives.
• Support the integration of the Professional Services into the Bank's overall CFCC Risk Management strategy. This includes (but not limited to): taking ownership of incoming queries by not handling them off, taking a leading role in actively becoming the go-to person for all risk assessments and monitoring and ensuring Business advise provided is consistent and aligned to CFCC's advisory model.
• Work closely with CFCC Product & Professional Services colleagues, CFCC Coverage & Specialist Teams and Business Risk Managers, as well as other key stakeholders, to provide substantive oversight support and enable sustainable CFCC outcomes.
• Execute high standards of regulatory compliance and deliver key priorities and initiatives, aligned to the Professional Services performance scorecard.
• Advanced level Expertise on CFCC risks, respective Business and Product and Global regulatory frameworks.

Skills and Experience

Processes

• Analyse comprehensive impact of CFCC related risk and regulatory matters which has impact in SCB through quantitative and qualitative assessment.
• Establish workflows, build, and maintain effective processes / DOIs to perform Risk Assessments, Risk Monitoring and Risk Advisory, aligning with Group and relevant regulatory requirements.
• Independently perform deep dive reviews and thematic analysis to completion.
• Continuous improve and calibrate the processes, approaches, practices and methodologies.
• Supports efforts to ensure the effective management of CFCC matters management of regulatory issues that have a significant impact on the Bank and support relevant stakeholders to respond to regulatory questions. Collaborate with relevant Business, Risk and CFCC stakeholders to work towards holistic risk management across business, product, country, and cluster risks.

People & Talent

• Promote and contribute to an environment where knowledge exchange, continuous learning, agile, prioritisation, deadline management, streamlined workflows and collaborative work practices are the norm.
• Promote and embed a culture of openness, trust, and risk awareness, where ethical, legal, regulatory and policy compliant conduct is the norm.
• Execute through example, build, and influence the appropriate culture and values. Maintain strong relationships with the wider Professional Services team, Countries, Business and CFCC Risk Managers encouraging collaboration.
• Provide constructive development feedback at business, function, country, and individual level as appropriate on CFCC matters.
• Contribute materially to the exchange of knowledge, best practice and lesson learned across the network between Professional Services and CFCC colleagues especially in relation to regulatory risks and compliance with relevant regulations and internal policies/standards.
• Transmit, receive, and accurately interpret ideas, information, and needs through the application of appropriate communication behaviours.

Risk Management

• Deliver the defined aspects of the Professional Services role to support the Group's CFCC risk management approach and objectives.
• A full understanding of the risk and control environment for CFCC risks.
• Supports efforts to ensure the effective management of CFCC matters management of regulatory issues that have a significant impact on the Bank and support relevant stakeholders to respond to regulatory questions. Collaborate with relevant Business, Risk and CFCC stakeholders to work towards holistic risk management across client segments / products risks.

Governance

• Develop appropriate risk-based compliance framework for identifying, assessing, managing, monitoring, mitigating, and reporting CFCC risks.
• Develop or assist in developing and recommend appropriate Risk Assessment standards across CFCC risk types, meeting all Compliance requirements.
• Build in the identification and escalation of potential business CFCC related risks and issues to senior management through appropriate governance channels and the Quality Assurance framework.
• Support the management of end-to-end lifecycle of audit, assurance, and regulatory reviews, in relation to Professional Services, including tracking, remediation and preparing lessons learned from such reviews.

Qualifications

9+ overall working experience, Banking or Financial Institution or Regulator or Fintech or equivalent industry

• 3+ years in atleast one of the below

3+ years of advanced practitioner level experience in Conduct or Compliance or Financial Crime Risk management, and/or

Conduct & Compliance Risks

• Data Risk
• Conflict of Interest
• Non-Financial Regulatory Reporting
• Regulatory Conduct
• Market Conduct
• Client Conduct

Financial Crime Risks

• Anti-Money Laundering
• Anti-Bribery & Corruption
• Sanctions
• Fraud (Internal and External)

3+ years of advanced practitioner level experience in Business or Product or Operations Risk Management with exposure to Conduct or Compliance or Financial Crime or Control Oversight in a front or first-line role, and/or

2+ years of advanced practitioner level experience in adjunct or interconnected risk operations disciplines (e.g., Financial Crime Risk Surveillance Operations, Compliance Surveillance Operations)

Other important Experience:

• 3+ years of extensive experience

• Well versed with tools and techniques of analysing potential risk exposures

• Understanding of effective communication skills.
• Understanding of best practice risk assessment techniques and risk management frameworks.
• Understanding of the key features of relevant laws and regulations relevant to the Group
• Sound judgement on business practices, regulatory relationship management and reputational risk,
• Ability to balance both detail oriented and big picture perspectives.
• Ability to collaborate and work dynamically across functions.
• We value your practical and hands-on experience in the above domains .
• Any industry certifications in the CFCC domain are most welcome (e.g., ACAMS, ICA).
• Any industry certifications in the Business or Product domain are most welcome

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

About the company

Lexitas is a high growth company. The Company is built on a belief that having strong personal relationships with our clients, and providing reliable, accurate and professional services, is the driving force of our success.

Lexitas offers an array of services including local and national court reporting, medical record retrieval, process service, registered agent services and legal talent outsourcing. Our reach is truly national as well as international.

Lexitas is a MNC Company that has set up a subsidiary in Chennai, India – Lexitas India Pvt. Ltd. This Indian company will be the Lexitas Global Capability Center, helping build a world class IT development team, and over time serve as a Shared Services hub for several of the corporate functions.

For More Information -

This is a Full-Time Job located in Chennai, India.

Summary:

This position supports information security, privacy, risk and compliance programs and activities under the direction of the VP of Information Security or designated Information Security Manager. The position assists in developing and maintaining a comprehensive security program for Lexitas. Providing functional and technical support is important to maintain security posture and protection of electronically and physically stored information assets across our systems. Tasks include supporting design, implementation, configuration, documentation, and maintenance to mitigate risk to the business and its computing resources and assets, as well as collaborating with applicable providers, managing and monitoring tools, and facilitating applicable processes and procedures.

Key Roles and Responsibilities :

• Supports IT security, privacy, risk and compliance systems, processes, supporting activities, with the ability to lead activities and programs.
• Monitors computer networks and associated tools and provider services for security, privacy, risk and compliance issues
• Supports the project management, tracking, and documentation of Information, Privacy, Risk, and Compliance programs, processes, and activities
• Investigate security breaches and cybersecurity incidents.
• Documents security breaches and assesses impact.
• Performs and/or supports security tests, risk assessments, and audits to uncover network, application, and process vulnerabilities and provides guidance and training to ensure violations do not persist.
• Tracks and facilitates the mitigation of vulnerabilities to maintain a high security standard.
• Supports best practices for IT security, privacy and compliance.
• Performs and supports 3rd party vulnerability management and penetration testing.
• Research security enhancements and makes recommendations to management.
• Stays current on information technology trends and security standards.
• Prepares reports that detail security, privacy, and compliance risk assessment findings.
• Supports Security Operations Center functions including monitoring and supporting Incident Response activities.
• Supports all related IT Security, Privacy, Risk and Compliance policies and provides guidance to the business.
• Other Information Security, Privacy, Risk, and Compliance duties as required.

Skills and Abilities:

• Experience with computer network and application vulnerability management and penetration testing, and techniques.
• Solid understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
• Ability to identify and mitigate network and application vulnerabilities.
• Good understanding of patch management
• Proficient with various OS
• Excellent written and verbal communication skills
• Knowledge of firewalls, antivirus, and intrusion detection system concepts
• Ability to support and document areas of Information Security, Privacy, Risk, and compliance processes and programs.
• Ability to support incident response process.
• Experience directing 3rd Party providers in the areas of Information Security, Privacy, Risk and Compliance
• Support information security controls including physical and data security protecting the confidentiality, integrity and availability of information systems data.
• Preferred KSA’s:
• Strong working knowledge and experience with primary Information Security, Privacy, Risk, and compliance standards and frameworks such as NIST, SOC 2, HIPAA, PCI DSS, GDPR, etc.
• Experience administering information security software and controls.
• Experience supporting process for managing network and application security.
• Network and system administration experience a plus.
• Good understanding of Standard Information Security Baseline Frameworks, Business Continuity, and Disaster Recovery protocols and best practices.
• Exposure to ITIL (Incident/Change Management) – ITIL v3F preferred.
• Learns and monitors the business processes for the areas of primary support responsibility.
• Support annual Security Baseline Audits and execution of recommendations.
• As part of the technology team, performs “Help Desk” day-to-day tasks in support of Information Security, Privacy, Risk, and Compliance.

Education and Experience:

• Bachelor’s degree in computer science or related field strongly preferred.
• IAT Level-2 technical certification strongly preferred (Comp TIA Security+ or CISSP) or ability to obtain within first 90 days of hire.
• 5+ years’ experience performing role of Information Security Analyst or SOC
• Demonstrated experience in responding to, managing, and resolving security incidents.
• Experience with LAN/WAN networking concepts, IP addressing and routing concepts, Windows/Linux/Unix operating systems, Information Security concepts, and best practices.
• Experience with Windows/Linux/Unix operating systems, Information Security concepts, and best practices.
• Experience working with Security Information and Even Management (SIEM) system is a plus.

As a Principal Information Security Architect you will utilize your extensive cybersecurity knowledge including threat modeling, risk assessment, and security controls; expertise in secure software architecture design and security governance frameworks; proficiency in programming languages and security assessment tools.

Job Functions:

• Develop and communicate a strategic security vision and roadmap aligned with the organization's business objectives.
• Ensure that the security strategy guides security initiatives, technology choices, and risk management efforts.
• Design secure architectures for software systems and infrastructure, including threat modeling, security controls, and secure coding practices.
• Ensure that security designs are implemented consistently and meet industry best practices.
• Ensure compliance with industry regulations, standards, and internal security policies. Monitor and report on security compliance.
• Develop risk mitigation strategies, including security controls, incident response plans, and disaster recovery procedures.
• Ensure that the organization's workforce is educated about security risks and best practices.
• Lead and coordinate responses to security incidents, ensuring lessons learned are incorporated into security improvements.

Basic Qualifications:

• Bachelor's degree in a related field, such as computer science, information security, cybersecurity, or a related discipline
• 10 years of related experience in Information Security

Preferred Qualifications

• Master's degree in IT, Computer Science, information security, cybersecurity, or related field
• 12 years of related experience in Information Security
• Certification in relevant security domains (e.g., GDSA, CISSP-ISSAP, CISM, CISA)

Must be 18 years of age or older

Benefits
In line with our commitment to employee wellbeing, our total rewards benefits package is designed to support the physical, financial, and emotional health of our employees, tailored to meet their unique and evolving needs. Our approach considers our employees' whole selves, ensuring they can thrive both in and outside of work. Here are some of the benefits we offer, which may vary based on role, location, or hours worked:

• Healthcare (Medical, Dental, Vision)
• Paid Time Off, Volunteer Time Off, and Holidays
• Employer-Matched Retirement Plan
• Employee Stock Purchase Plan
• Short-Term and Long-Term Disability
• Infertility Treatment, Adoption and Surrogacy Assistance
• Tuition Reimbursement

These benefits are designed to enhance the health, protect the financial security, and provide peace of mind to our employees and their families.

Deluxe Corporation is an Equal Employment Opportunity employer:
All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, disability, sex, age, ethnic or national origin, marital status, sexual orientation, gender identity or presentation, pregnancy, genetics, veteran status or any other status protected by state or federal law.

Please view the electronic EEO is the Law Poster which serves to inform you of your equal employment opportunity protections as part of the application process.

Reasonable Accommodation for Job Seekers with a Disability:
If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to

Job Purpose
To provide a hassle free trading environment to the clients. Satisfying the clients by providing a timely assistance thereby generating revenue to the organization and goodwill. Launching of New products in the online trading platform to the customers for satisfying their various investment needs

Job Context & Major Challenges
Job Context
ABM has a daily turnover of over 1,000 crores and has been rapidly improving its market shares in the various segments it operates in. In the otherwise fragmented equity broking business, ABM has doubled it market share to over 1.6% of retail cash equity volumes in the last 18 months. The commodity market shares have also doubled during this period. ABM remains one of the largest distributor for BSLI and BSLAMC and the largest distributor for other manufacturing organisations within ABFSG. ABM brings value to other line of business within ABFSG and adds Rs ~ 25-30 Crores to the bottom line of BSLI / BSLAMC / ABFL / ABPE etc ABM works in a highly regulated environment with a host of regulators like SEBI, RBI, AMFI, FMC, IRDA etc. regulating it s day to day operations.In addition to the regulator ABM is also subject to close monitoring and inspection through various agencies like NSE / BSE / NCDX / MCX/ NSDL / CDSL etc. AABM has a daily turnover of over 1,000 crores and has been rapidly improving its market shares in the various segments it operates in. In the otherwise fragmented equity broking business, ABM has doubled it market share to over 1.6% of retail cash equity volumes in the last 18 months. The commodity market shares have also doubled during this period. ABM remains one of the largest distributor for BSLI and BSLAMC and the largest distributor for other manufacturing organisations within ABFSG. ABM brings value to other line of business within ABFSG and adds Rs ~ 25-30 Crores to the bottom line of BSLI / BSLAMC / ABFL

/ ABPE etc ABM works in a highly regulated environment with a host of regulators like SEBI, RBI, AMFI, FMC, IRDA etc. regulating it s day to day operations.In addition to the regulator ABM is also subject to close monitoring and inspection through various agencies like NSE / BSE / NCDX / MCX/ NSDL / CDSL etc. ABM also operates in a highly competitive market mainly in fragmented industry with ABML competition from major National Broking houses like ICICI Securities, HDFC Securities, Angel Broking, MOFSL etc. and a range of local Broking outfits. On the other hand ABMML competition is from Major Distribution Houses like NJ India Invest, Bajaj Capital Prudent, IIFL and a range of Banks (both Indian and MNC). . Product Management Process: The Product Management process includes planning and execution throughout the product lifecycle, including gathering and prioritizing product and customer requirements and working closely with Technical Team and vendor and customer satisfaction goals are met. Product Maintenance: Coordinating with vendors and dev elopers for managing change during the UAT and post implementation phase. Impact Analysis of the Change Requests on the system and follow up on bugs. It also includes Version up gradation and Product enhancement as and when required. Product Support: Product support involves a series of activities which includes Providing Technical and Functional assistance to Internet clients throughout the trading hours and having a dedicated customer care desk for handling all types issues/queries.

Key Result Areas
KRA (Accountabilities) (Max 1325 Characters)
Supporting Actions (Max 1325 Characters)
KRA1 Product Management- Include gathering the requirements from the clients perspective and from a business perspective, doing benchmarking, preparing BRD's, undergoes thorough checking of the products in UAT, coordinating with the vendor for rectifying the bugs and also explaining the requirements to them

KRA2 Product Maintenance: The functionality checking of Trading Platforms has to be carried out on a regular basis. Should ensure that we are providing absolute error free software to the clients. On the event of an issue, should coordinate with the Vendors directly or in directly, should escalate the issue to the higher authorities and ensures that the issue is resolved at the earliest. Clients must be communicated well about the issue and also should provide them some alternatives till the issue has been resolved

KRA3 Product Support Providing support to the clients includes both Technical and Functional Assistance of Trading. When a new product is launched or some up- gradation has been taken place in a product, ensures that clients are all aware of the changes by providing Product Demos to the PAN India Branches, providing a support desk for all clients/branches, sending mailers/teasers etc.

KRA4 Exchange Compliance regarding IBT Submitting the IBT Trade/Volume confirmation in NSE and BSE.

Role & responsibilities:

• Serve as the onsite cybersecurity lead and advisor for the client.
• Conduct security posture assessments, identify risks, and recommend appropriate controls.
• Guide the development and enforcement of security policies, standards, and procedures.
• Review and monitor client IT and security operations to ensure risk mitigation and compliance.
• Support the client during audits, compliance checks, and incident investigations.

• Advise on and oversee areas such as:

• Secure configurations and hardening

• Identity & Access Management (IAM)

• Vulnerability management & patch governance

• Network, endpoint, and cloud security

• Data protection & privacy controls

• Coordinate with the company's backend cybersecurity team for advanced needs such as:

• Threat intelligence and analysis

• Incident response and digital forensics

• Advanced penetration testing and vulnerability assessments

• Red/blue team exercises

• Prepare and present security reports, dashboards, and recommendations to client management.

• Act as a trusted security partner to both technical teams and business executives at the client site

Preferred candidate profile

• Bachelors degree in computer science.
• Relevant certifications such as CEH, CISSP, CISA, or ISO 27001 Lead Implementer.
• At least 5 years of experience in cybersecurity, regulatory compliance, or related roles.
• Strong knowledge of:
• Security frameworks (NIST CSF, ISO 27001, CIS Controls)
• Regulatory compliance (DPDP)
• Risk assessment and governance methodologies.
• Understanding of IT and security domains (networks, endpoints, cloud, applications).
• Hands-on experience with vulnerability management, penetration testing, IAM, and incident response.
• Strong communication and stakeholder management skills.

Preferred Skills:

• Ability to work independently onsite while effectively leveraging remote expert teams.
• Consultative mindset, able to translate technical risks into business impact and executive-level insights.
• Strong understanding of cybersecurity tools and frameworks.
• Analytical and problem-solving skills with attention to detail.

• An Information Security Analyst monitors and protects an organization's computer networks and systems from cyber threats and data breaches. Key responsibilities include implementing security software like firewalls and encryption, conducting vulnerability assessments and penetration tests, responding to and mitigating security incidents, developing security policies and best practices, creating disaster recovery plans, and educating employees on security awareness. They stay current with emerging threats and often collaborate with IT staff and management to enhance overall security posture.
• Key Responsibilities Monitoring and Detection: Continuously monitor networks for suspicious activity, potential breaches, and viruses.
• Vulnerability Assessment: Identify weaknesses in systems and networks through testing and analysis to prevent unauthorized access. .
• Incident Response: Investigate, respond to, and mitigate security incidents and cyberattacks to minimize damage.
• Implementation of Security Measures: Install and maintain security safeguards, including firewalls, encryption software, and antivirus programs.
• Policy Development: Create and enforce security policies, standards, and best practices for the organization. .Reporting: Prepare detailed reports on attempted attacks, security breaches, and security metrics for management and stakeholders.
• Disaster Recovery: Develop and help implement disaster recovery plans to ensure continued IT operations during emergencies.
• Employee Education: Train employees on cybersecurity awareness, proper security procedures, and best practices to prevent attacks.
• Research and Awareness: Stay updated on the latest cybersecurity trends, technologies, and emerging threats by consulting external sources and industry publications.
• Essential Skills
• Technical Proficiency: Deep knowledge of computer networks, operating systems, security tools, and programming languages like Python and JavaScript.
• Analytical Skills: Ability to quickly process large datasets to identify security vulnerabilities and patterns.
• Communication Skills: Strong ability to explain complex technical information clearly to both technical and non-technical audiences.
• Problem-Solving: Aptitude for diagnosing issues and developing effective mitigation techniques for security threats.
• Attention to Detail: Meticulous in monitoring systems and reviewing security measures for potential gaps.
• Tamil candidates only

Job Type: Full-time

Pay: ₹340, ₹1,167,607.61 per year

Benefits:

• Food provided

Work Location: In person

Must have experience with core cybersecurity operations and one or more cyber security tools/process areas (e.g. network security, end point security, email security, cloud security, attack simulation, cyber threat modelling etc.)

Company Overview:

ORO Labs is a well-funded B2B startup founded by industry veterans. Our SaaS solution is an AI-based procurement orchestration platform that's dramatically improving business processes for employees, purchasing personnel, and suppliers, and it's gaining rapid traction among global multi-nationals. ORO's smart procurement workflows help organizations increase business agility and transparency, shortening cycle times while seamlessly increasing accuracy and compliance for the enterprise

Role Overview
:

The Director - Infosec is a senior leadership role responsible for developing, implementing, and overseeing the overall information security strategy to protect ORO's data, systems, and technology infrastructure from cyber threats and security risks.

This role will report to the CTO and work closely with the compliance team to support the organization's security goals, primarily focusing on responding to RFPs, vendor assessments, and customer inquiries related to security practices.

This person will play a vital role in building customer trust by addressing security-related questions and maintaining transparency in security processes.

Key Responsibilities
:

• Develop, implement, and enforce information security policies, procedures, and standards aligned with business goals and regulatory requirements
• RFP and Vendor Assessment Management: Lead the response process for RFPs and vendor assessments, ensuring the company's security posture aligns with customer expectations and requirements
• Lead and manage the organization's information security program to safeguard confidentiality, integrity, and availability of information assets
• Customer Engagement: Act as the primary point of contact for customer inquiries around security, explaining security processes and addressing customer concerns during the sales and assessment processes
• Collaborate with leadership, IT, legal, compliance, and business units to communicate security risks and influence decision-making
• Apply a policy-driven approach in all engagements, maintaining alignment with industry standards and best practices.
• Collaborate with the compliance team to ensure adherence to security frameworks and regulatory requirements such as ISO 27001 and SOC 2.
• Assist in internal and external security audits, ensuring the organization meets compliance and security standards
• Stay abreast of the latest cybersecurity technologies, and regulatory changes to adapt the security strategy proactively

Skills and Qualifications
:

• Experience: At least 14+ years of progressive experience in information security roles, including leadership positions.
• Technical Expertise: Knowledgeable in information security concepts, protocols, and compliance frameworks such as ISO 27001 and SOC 2.
• Excellent communication and stakeholder management skills, capable of influencing executive decision-making
• Experience in risk management, security operations, incident response, and vulnerability management
• Deep knowledge of cybersecurity frameworks, standards, and regulatory requirements.
• Project Management: Skilled in prioritizing and managing multiple projects simultaneously, ensuring timely and organized responses to RFPs and assessments.
• Attention to Detail: Strong attention to detail and commitment to accuracy in all security responses.

Education
:

Bachelor's degree in Information Security, Computer Science, or a related field preferred but not required.

Information Security Analyst

ROLE DESCRIPTION SUMMARY

SES's Cyber Security Center Teamis focused on improving SES's security posture through security monitoring, vulnerability management, monitoring and analytic tools, and actively seeking out and addressing security concerns. An Information Security Analyst must be aware of the enterprise's security goals, policies, procedures, and guidelines, and be actively working towards upholding those goals.

PRIMARY RESPONSIBILITIES / KEY RESULT AREAS

• Monitor and analyze security logs, system logs, and network traffic for security events.
• Assist various teams in configuring diverse devices for logging.
• Perform in-depth root cause investigation and analysis.
• Conduct incident response to security events and incidents.
• Address security concerns in a way that is consistent with applicable policies, plans, and processes.
• Analyze, triage, aggregate, escalate, and report on security events, including investigation of anomalous activity and responses to cyber incidents.
• Document security processes to create playbooks and other documentation based on best practices and policy.
• Research and suggest improvements for the corporate security posture.
• Present security-related material in meetings.
• Work to ensure assigned tasks and projects are completed on time.

COMPETENCIES

• Having good organizational skills and able to manage multiple tasks.
• A willingness to engage and coordinate with others in the Threat Management team.
• Employing good communication skills to coordinate with your team and others at SES.
• Having a willingness to dig into details and seemingly unglamorous tasks.
• Have strong logical analysis skills focused on details.
• Strong critical thinking/analytic skills, creativity, and a personal desire for quality.

QUALIFICATIONS & EXPERIENCE

• Must Have

• Two-year college degree in a technical field of study or equivalent work experience

• Technical knowledge and practical experience in networking, remote network access, network connected devices, network service software, and troubleshooting techniques.
• Experience working in a SOC or similar environment.
• Experience with reviewing IDS/IPS, EDR, firewall, OS, application, and other logs for security purposes.
• Competence in data sorting, manipulation, and correlation.
• Experience utilizing a Security Information and Event Management (SIEM) system to identify security issues for remediation, make rule modifications, make improvements in log handling, and perform data extraction for further analysis.
• Experience with threat and vulnerability management, penetration testing, vulnerability assessments, and vulnerability mitigation.

• Conduct comprehensive analysis of threat data obtained from proprietary and open-source threat intelligence resources for potential and known.

• Nice to Have

• Experience in the with using various aspects of enterprise security architecture including SIEMs, EDR, and similar software.

• Familiarity with a variety of OSes including Microsoft Windows, Linux, and network appliance operating systems.
• Experience manipulating data with Microsoft Excel and document writing in Microsoft Word.
• Knowledge of a scripting language such as BASH, PowerShell, Python, etc.
• One or more of the following security certifications: Security+, CEH, CYSA+, GCIA, GSEC, GCIA, GMON and GCDA.

SES and its Affiliated Companies are committed to providing fair and equal employment opportunities to all. We are an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, gender, pregnancy, sex, sexual orientation, gender identity, national origin, age, genetic information, protected veteran status, disability, or any other basis protected by local, state, or federal law.

For more information on SES, click here.