דרושים Rc - Mena Fs Risk Conduct Review Specialist Manager ב-Ey ב-India, Thiruvananthapuram

As a Senior, you will engage with clients to assess, validate and enhance Responsible AI frameworks and AI governance models, ensuring they align with regulatory expectations and ethical standards. You will lead multi-disciplinary teams on engagements, delivering high-quality outputs and exceptional service to our clients. The role involves evaluating AI systems for fairness, transparency, accountability and robustness, while also helping clients implement governance structures that support trustworthy AI adoption.

You will be responsible for:

• Design and implement robust data governance frameworks
• Designing and implementing AI governance frameworks tailored to client needs.
• Advising clients on regulatory developments and best practices in AI risk management.
• Performing assessments of AI models and algorithms to ensure compliance with Responsible AI principles.
• Collaborating with cross-functional teams to embed ethical AI practices into business processes.
• Contributing to innovation in AI domain and contributing to thought leadership in the Responsible AI space.

Your key responsibilities

• Develop a tailored data governance framework aligned with the client’s business objectives.
• Define governance operating models, including roles (e.g., data stewards, owners) and workflows.
• Draft data governance policies, data quality standards, and metadata management guidelines.
• Recommend and support implementation of data governance tools (e.g., Collibra, Informatica, Alation).
• Define data quality metrics, monitoring processes and remediation workflows.
• Help establish governance bodies (e.g., Data Governance Council) and define escalation paths, decision rights and accountability structures.
• Set up dashboards and reporting mechanisms to track governance KPIs.
• Develop and implement AI governance frameworks and policies aligned with organizational goals, regulatory requirements and emerging global standards.
• Conduct risk assessments and impact analyses for AI systems to ensure ethical and responsible deployment.
• Help define and roll out AI use case intake, approval and review processes.
• Support the development of lightweight, scalable governance for AI and ML systems (e.g., internal checklists, documentation templates, model cards).
• Collaborate with cross-functional teams including data science, legal, compliance and IT to identify high-risk AI systems to ensure AI use aligns with existing regulations and risk frameworks.
• Support in monitoring AI systems for fairness, transparency, accountability and bias mitigation to embed responsible AI practices.
• Help bridge technical and non-technical stakeholders on responsible AI issues.
• Contribute to identifying or piloting open-source tools or third-party platforms that support AI fairness, auditability or monitoring.
• Build awareness across the organization by developing training materials, FAQs and resources on responsible AI practices.
• Conduct training and awareness programs on responsible AI principles and practices.
• Conduct workshops or sessions for teams deploying or developing AI to embed ethics-by-design principles early in the pipeline.
• Support audits and assessments of AI systems to ensure compliance with internal and external standards.
• Stay updated on emerging AI regulations, standards and best practices to inform governance strategies.
• Stay abreast of regulatory changes and advancements in AI Governance techniques.
• Contribute to multiple assignments and related initiatives.
• Develop strong working relationships with the client and onshore client teams.
• Coach junior team members, enabling them to meet their performance goals and successfully grow their careers.

Skills and attributes for success

• Familiarity with database management and data analysis tools.
• Experience in system implementation/fine-tuning, cloud deployment and project management.
• Strong understanding of AI/ML technologies and their societal implications.
• Knowledge of ethical AI principles, data privacy, and regulatory landscapes.
• Excellent communication and stakeholder engagement skills.
• Analytical mindset with the ability to assess complex systems and identify risks.
• Proactive and adaptable in a fast-evolving technological environment.
• Exceptional command over spoken and written English.
• Globally mobile and flexible to travel to onsite locations at a short notice.
• Highly analytical, organised, and meticulous consulting skills; attention to detail and quality assurance.
• Demonstrate strong project management skills, inspiring teamwork, and responsibility with engagement team members.
• Ability to multi-task, work well under pressure with commitment to deliver under tight deadline.
• Strong organizational skills with ability to prioritize effectively.
• Work experience in similar industry (Big 4 preferred).
• Good to have experience in Risk Management or other Risk Consulting engagements.
• The job would require travel (Over 50%) to client locations in Middle East and North Africa such as Dubai, Kuwait, Riyadh, Doha, etc.

To qualify for the role, you must have

• Bachelor’s or Master’s degree in Computer Science, Data Science or a related field.
• Experience AI/ML, tech risk, data governance, or compliance, with at least 2 years involving AI-related governance or ethical reviews.
• Knowledge of data governance, data management, risk management and compliance.
• Familiarity with AI/ML lifecycle and model governance tools.
• Background in policy development or AI initiatives.
• 3 to 5 years of relevant experience working with business consulting firms.
• A valid passport for travel.

Preferably, you may also have

• Experience in SQL and Python.
• Certifications in AI ethics, data privacy or risk management.
• Experience / certifications in Data Governance, Data Management, Cloud Data Architecture or Data Engineering.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around.
• Opportunities to develop new skills and progress your career.
• The freedom and flexibility to handle your role in a way that is right for you

Key Responsibilities

• Lead and manage a team of 5–8 professionals, including Senior Consultants and Analysts, in delivering high-quality Financial Services and Risk Management engagements aligned with client objectives.
• Provide subject matter expertise on capital market instruments, focusing on pricing and risk assessment of fixed income, equity, FX, interest rate, credit, and derivative products.
• Take ownership of project planning and execution, ensuring timely delivery, quality assurance, and effective communication with stakeholders.
• Oversee and ensure the quality of deliverables, providing guidance and final review to maintain high standards.
• Serve as the primary point of contact for mid-level client stakeholders, managing expectations and ensuring satisfaction.
• Stay current with financial market developments and regulatory changes to inform strategic recommendations.
• Adapt to diverse projects involving model audits, validation, and development, demonstrating flexibility and domain expertise.
• Mentor and coach junior team members, fostering a culture of continuous learning and performance excellence.

Must-have:

• Bachelor’s degree in quantitative finance, Financial Engineering, Mathematics, Physics, Statistics, Engineering or other numerical subjects from a reputable institution.
• 6–8 years of experience in financial services, consulting, or risk management, with exposure to pricing, valuation, or quantitative modeling of financial instruments.
• Strong understanding of risk analytics, including hedge effectiveness.
• Proficiency in at least one programming or analytical language (e.g., Python, VBA, MATLAB).
• Familiarity with financial data platforms and tools (e.g., Bloomberg, Refinitiv, Numerix).
• Excellent analytical, communication, and documentation skills.
• Proven ability to manage multiple projects and deliver results in a fast-paced, client-facing environment.

Preferred:

• Professional certifications such as FRM, CFA, or PRM.
• Experience with at least one pricing/risk management system (e.g., Calypso, Murex, Bloomberg).
• Exposure to quantitative and qualitative analysis of risk exposures, including scenario analysis and stress testing.
• Proven team management skills, including mentoring and developing junior staff.
• Willingness to travel for client engagements as required.

As a global leader in assurance, tax, transaction, and consulting services, we’re using the finance products, expertise, and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities, and creative freedom to make things better.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career.
• The freedom and flexibility to handle your role in a way that’s right for you.

Assistant Director, Risk Management

The role of the Conflicts sub-function in RMS is to identify and address potential conflicts of interest of new or existing engagements.

This opportunity will enable the professional to help the firm and its client serving professionals in making right decisions with respect to engagement acceptance, in sync with EY internal compliance policies and regulatory framework. This role will assist in evaluating the risks associated with each engagement and suggest ways to mitigate them. As a conflicts management professional, this opportunity enables to assesses internal EY relationships with the parties involved and provides safeguards to address the threat of potential conflict to an acceptable level. The process also identifies certain matters that need to be considered, or complied with, from an independence perspective, as well as other professional ethical standards and legal or regulatory requirements.

Technical Expertise:

• Develop process understanding around identifying and addressing conflicts of interest at EY and support team in managing service delivery, KPIs and client expectations.
• Builds up significant domain expertise on conflict checking and other related RMS processes and tools
• Coordinates the implementation of Global Delivery Services (GDS) support to conflict checking process across multiple customers.
• Develops comprehensive knowledge of each Service Line, Industries and local characteristics to demonstrate the ability to link-up conflict of interest situations with the rendered services.
• Builds and manages existing and future development of Conflict Checking team at GDS.
• Proposes suggestions and solutions for improvements to processes. identifies and reports best practices within area of focus.
• Manage operational, financial, and strategic responsibilities and projects, primarily including (but not limited to) areas like data governance, turnaround time (TAT), reporting, invoicing, financial planning, KPI benchmarking, headcount planning and process efficiency.
• Develop and implement a robust early warning system re process KPIs and benchmarks that can enable a zero-surprise delivery.
• Coordinates training schedules for new and existing members of the GDS conflict checking team.

Client Management

• Consults with or escalates conflict checks to Area Conflicts Leaders or Sub Area Conflict Coordinators on a timely basis
• Assist leadership in meeting agreed Service Level Agreements (SLA)
• Assist in managing the client’s expectation through a robust client management framework
• Regular Connect with leadership and senior stakeholder and independently lead conversations and maintain strong relationship.
• Sharing regular reports such as KPIs, other ad hoc reports with leadership and stakeholders.

People Management

• Responsible for performance management and appraisal process for the team
• Governing efficiency and productivity of the team members on a day-to-day basis. Ensures adherence to conflict checking work-flow protocol and tools
• Liaising with L&D team and recommend training requirements of the team to develop their technical and other soft skills
• Coaches and mentors team members for professional development and their career growth.
• Conduct team meeting and focus group discussions at regular intervals to ensure a positive and thriving work environment.
• Liaise with recruitment team and partner in hiring process to ensure an optimal pool of resource as well as enabling exceptional onboarding experience for people.

Skills and attributes for success

• Exceptional and proven customer service skills, including responsiveness and commitment to quality.
• Proficient in active listening, capturing key points effectively, and providing clear, concise responses to inquiries.
• Advanced capabilities in project management, with hands on experience in managing a variety of time-sensitive projects, both internal and external, with a track record of effective coordination.
• Outstanding in verbal communication, adept at crafting professional written materials, and proficient in creating and delivering engaging presentations.
• Unwavering commitment to ethical standards, integrity, and professional values.
• Resilient and driven, with an ability of thriving under pressure and adeptly handling multiple tasks in dynamic environments.
• Exceptional team-building spirit, interpersonal skills, and leadership acumen, with experience in guiding larger teams.
• Good awareness of overall business and economic environment at a country-level and at a global level.
• Demonstrate strong problem-solving skills, including creativity and innovative thinking
• Bring innovation to improve processes and work products, and have the ability to learn/adapt quickly when required
• Proven management experience with large teams, overseeing 40-50 individuals.
• Ability to work well in a team and committed to nurturing a harmonious work environment.
• Global mindset, with the ability to engage effectively in diverse, international settings.
• Strong analytical aptitude, paired with a methodical approach to problem-solving.
• Skilled in addressing and resolving team inquiries and serving as a key contact in escalation protocols.

To qualify for the role, you must have

• Post-graduate degree from a reputed institute.
• Preferably an International Certificate in Enterprise Risk Management or similar.
• Relevant experience of 10+ years and more in the same domain or related profile
• Candidates with exposure to handling international customers/client interaction would be preferred.
• Compliance functions in Big 4 or other professional service organizations
• Demonstrated ability to execute against project plans and expectations
• Well-developed analytical, interpersonal, and communication (both verbal and written) skills in English
• Advanced MS Office knowledge (especially in excel, presentation (ppt's)
• Proficient research & analytical skills with knowledge of databases

Ideally, you’ll also have

• Knowledge on difference between risk advisory and risk management
• Presentation skills, including public speaking and presentation creation using PowerPoint or a similar program
• Critical thinking skills with the ability to independently solve problems with data

Technologies and Tools

Experience in MS office suites like Microsoft 365, MS excel, PowerPoint.

What you can look for

• A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment
• A team which has its foundation in the core values of trust, respect and teaming. The team which focuses on supporting its colleagues to excel in their respective domains and provides avenues to help acquire and demonstrate new skills.
• Opportunities to work with Global Executive risk management teams on strengthening and monitoring compliance framework

What we offer

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across six locations – Argentina, China, India, the Philippines, Poland and the UK – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership : We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Your key responsibilities

As part of the role, the candidate is expected to:

• Perform comprehensive GRC assessments and audits.
• Provide expert advice on corporate governance structures and practices.
• Develop and implement risk management strategies aligned with client objectives.
• Advise on compliance with legal and regulatory requirements.
• Deliver engagements efficiently, ensuring high quality and adherence to timelines.
• Identify and recommend process improvements to enhance governance and compliance.
• Lead business development initiatives, such as proposal writing and lead generation.
• Have an in-depth understanding of the various industry risks/ issues / trends and end-to-end business processes.
• Always comply with the firm’s quality and risk management policies
• Manage multiple assignments and related project teams.
• Maintain excellent rapport and proactive communication with the client
• Mentor and coach junior team members, enabling them to meet their performance goals and successfully grow their careers
• Manage the engagement budgets and support superiors in developing marketing collaterals, business proposals and new solution / methodology development

Skills and attributes for success

• Exceptional command on spoken and written English
• Globally mobile and flexible to travel to onsite locations at a short notice
• Highly analytical, organised and meticulous consulting skills
• Demonstrating and applying strong project management skills, inspiring teamwork and responsibility with engagement team members
• Ability to multi-task, work well under pressure with commitment to deliver under tight deadline
• Strong organizational skills with ability to prioritize effectively
• Attention to detail and quality assurance
• Proficient in MS-Office Suite, data analysis & validation

To qualify for the role, you must have

• Bachelor’s degree or relevant professional qualification (CA, ACCA, CS).
• Minimum of 3 years' experience in GRC roles working across Financial Institutions ideally
• A valid passport for travel.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

As part of our Risk Consulting, you will be joining the Digital Risk Consulting Team.

Your key responsibilities

• Architect, deploy, and manage complex services on one or more major cloud platforms (AWS, Azure, GCP), optimizing cloud resources for performance and cost-efficiency.
• Design, implement, and manage scalable and resilient cloud infrastructure using Terraform, developing reusable infrastructure modules and ensuring consistent deployment across environments.
• Possess strong hands-on experience in deploying, configuring, and troubleshooting Kubernetes environments (on-premise/cloud), and experience in deploying and scaling microservices applications on K8s clusters.
• Implement and manage security best practices for cloud infrastructure and applications, embedding DevSecOps principles.
• Possess strong hands-on experience on configuration management tools (Ansible, Puppet, Chef, etc.).
• Lead and architect large-scale cloud migration initiatives, including re-platforming and re-architecting applications.
• Design and execute strategies for upgrading existing infrastructure, platforms, and applications with minimal downtime and risk.
• Contribute significantly to Responses for Proposals (RFPs) and Requests for Information (RFIs), articulating technical solutions and value propositions.
• Provide expert guidance and solutioning, leading technical discussions with various stakeholders, business groups, and senior leadership.
• Mentor and lead a team of DevOps engineers, fostering their technical growth and ensuring adherence to architectural standards.

Skills and attributes for success

• Experienced in information technology/security risk management or risk consulting.
• Proven experience conducting risk assessments, spot checks, and thematic reviews in a complex, regulated environment.
• Familiarity with IT governance frameworks, secure architecture principles, SDLC and regulatory expectations (e.g. ISO27001, NIST, OWASP).
• Practical understanding of modern IT environments, including cloud platforms (Azure, AWS, GCP, OCI) and enterprise technologies such as Microsoft 365.
• Exposure to risk considerations across software development, platform engineering, or infrastructure is highly valued.
• Familiarity with DevSecOps and secure CI/CD practices in Cloud

To qualify for the role, you must have

• 4 - 9 years of overall work experience in IT
• Knowledge of, and experience with DevSecOps concepts
• Knowledge and experience with Agile practices and tools
• Experience in the technical areas of:
• Python - intermediate
• CI/CD stack - intermediate
• SQL - intermediate
• Terminal/CLI - intermediate
• Terraform - intermediate
• Config management - intermediate
• Container management (EKS/docker) - intermediate
• ITIL - intermediate
• Infrastructure paradigm - SaaS/PaaS/IaaS
• Excellent communication skills with consulting experience preferred
• A valid passport for travel.

Ideally, you’ll also have

• A bachelor's or master's degree in B. TECH/B. E, MS, MBA in accounting or a related discipline.
• ISO27001 LA/LI
• Certified in Risk and Information Systems Control (CRISC)
• Other cloud/architecture/security or risk-related qualifications are an advantage.
• CISSP (Certified Information Systems Security Professional)

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

Oracle Security Design and ITAC – Senior

As part of our Risk Consulting Service Line, you will be part of the team performing reviews and assessment of Oracle Security Design and IT Application Controls testing for Oracle ERP solutions for various clients across the MENA region. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also involve in identifying potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team.

We are seeking a highly motivated and experienced Oracle Security Senior to perform our technical reviews and assessment of complex Oracle ERP security design control reviews and assessment projects. The ideal candidate must possess deep technical expertise in Oracle ERP solutions including Oracle Fusion Cloud applications etc., strong technical skills, and a proven track record of working and delivering high-quality work for Oracle solutions. This role requires excellent communication and client management abilities.

Your key responsibilities

• Perform technical review in the Oracle Security Design, implementation of Oracle ERP and Oracle Cloud solutions.
• Review technical specifications and design documents.
• Expertise on coding standards and best practices for Oracle Solutions.
• Conduct technical design control review sessions and provide guidance to the team & serve as a technical point of contact for clients and stakeholders
• Expertise in Oracle Integration Cloud (OIC), Oracle Analytics Cloud (OAC), and other related Oracle Cloud technologies.
• Experience in Implementations (Oracle EBS/Financials – GL, AP, AR, CM, FA, Projects Costing, Contracts & Billing in Fusion and R12)
• Strong understanding of Oracle Fusion Cloud security and access controls.
• Experience with data migration and conversion strategies
• Manage client expectations and ensure client satisfaction.
• Proactively find ways to improve client systems, and processes that improves their technical environment
• Perform control testing for both ITAC & ITGC as per the client scope and requirement.
• Contribute to the Risk Consulting team as a key member and assist with facilitating practice wide training (Oracle ITGC/ Oracle ITAC /Oracle Pre & Post Implementation reviews) curriculum.
• Work closely with onshore, cross-functional teams and develop strong relationships across the organization, especially with Onsite team.

Skills and attributes for success

• Minimum 3 years of experience in Oracle Solution security design, review and implementation.
• Bachelor’s or Master’s degree in computer science, Information Technology, or a related field.
• Extensive experience in Oracle Integration Cloud (OIC), including designing and developing complex integrations.
• Strong understanding of OIC Adapters (Database, Oracle ERP, HCM, and SCM Cloud Adapters).
• Hands-on experience in OIC process automation, orchestration, and monitoring. Developing OIC connections, integrations, and lookups for seamless data exchange across Oracle Cloud applications.
• Experience in Fusion ERP modules across Finance, SCM, HCM, and Projects.
• Proficient in Oracle Technologies like OTBI, BIP/XML Publisher, SQL, PL/SQL, and Oracle Reports.
• Experience in Web ADI and Knowhow in Payroll Fast Formulas, Proven ability to integrate with third-party providers.
• Experience in Data Migration using FBDI (File-Based Data Import) Templates, Knowledge of data models and web services in Oracle EBS/Cloud. Experience in Data Loading/Conversions using Data Loader (HDL) and Spreadsheet Loaders.
• Hands-on experience in Documentation, writing Technical Specs, Test Scripts, SIT, UAT, Code Reviews, Deployments, and SDLC Change Management processes.
• Strong expertise in Oracle Fusion Cloud technical components, including OTBI, BIP, SQL, PL/SQL, and REST APIs.
• Experience in performance tuning of Fusion Applications. Oracle Analytics Cloud (OAC) is highly desirable.
• Strong team player, highly motivated, with excellent communication and interpersonal skills.
• Knowledge of Oracle EBS, Oracle Financials, Oracle Cloud Infrastructure (OCI) services and architecture.
• Experience with DevOps practices and tools, such as Jenkins, Docker, and Kubernetes.
• Familiarity with Agile methodologies and tools like JIRA.
• Basic Experience with machine learning and AI integration in Oracle Cloud applications.
• Knowledge of security best practices and compliance standards in cloud environments.

To qualify for the role, you must have

• Should have hands on experience and strong knowledge on technical activities performed in EBS and Fusion covering all key modules of Finance, SCM and HCM
• Must have valid passport with minimum 6 free pages and should be willing to travel on short term for client site work assignments especially to Middle East as and when required depends on project requirements.
• Excellent communication, presentation skills and consulting mindset
• Client handling experience.
• Willing to work in MENA Shift timings (Sunday to Thursday).
• A valid passport for travel.
• Minimum Education Qualification
• Oracle certified professional

Ideally, you’ll also have

• A bachelor's or master's degree (B.TECH/B.E/M.TECH/MBA-Finance)
• Core experience in Oracle Solutions design and implementation functions.
• Minimum 3-5 years of relevant experience working in Oracle Financials (EBS /Fusion)
• Experience in at least one full life cycle implementation, with at least one implementation on EBS or Fusion Financials.
• Experience in a client-facing delivery role.
• Experience in major industry sectors like retail, government, energy, real estate, oil & gas, power & utilities.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

TEM Manager – DevSecOps

As part of our Cyber Security team, you will build and manage a secure cloud/on-prem platform while ensuring seamless development, build and deployment capabilities. You will be responsible for the security assessment of infrastructure, database and applications, setting up processes and guidelines. You will work closely with DevOps, Architects and Developers and QA to build highly reliable and secure products. You shall also perform in-depth analysis of security test results and create report that describes findings, exploitation procedures, risks and recommendations.

Your key responsibilities

• Expertise managing large scale applications
• Understanding of OWASP SAMM, NIST SSDF, BSIMM frameworks.
• Ability to perform current state DevSecOps assessments, identify gaps and provide recommendations to the client.
• Experience with building an end-to-end DevSecOps program.
• Deep experience with CI/CD, DevSecOps automation
• Experience with Lean product development and agile software development principles and process
• Convey complex technical security concepts to technical and non-technical audiences including executives.
• Strong knowledge of OWASP Top 10 web and the ability to effectively communicate methodologies and techniques with development teams
• Ability to automate DAST/SAST solutions and reporting
• Support SDLC and agile environments with application security testing and source code reviews.
• Provide technical leadership and advise to junior team members on secure SDLC and DevSecOps engagements and Work closely with client development teams
• Develop automated solutions that mitigate risks throughout the organization.
• Support business development activities

Skills and attributes for success

• Experience with performing manual and automated SAST assessments.
• Experience with performing threat modeling and secure design reviews.
• Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl etc.) updated and familiarized with the latest exploits and security trends.
• Familiarity with dynamic web application vulnerability scanning tools and services (Acunetix, HP WebInspect, IBM AppScan, BurpSuite, IBM AppScan)
• Familiarity with static code analysis tools and services (CheckMarx, Fortify Static Code Analysis tool, Veracode, Coverity, IBM AppScan Source)
• Experience in developing a DevSecOps CI/CD pipeline completely using open-source tools.
• Experience with SCM tools like Github, Gitlab, Bitbucket and their ability to integrated with CI/CD pipelines by using webhooks, actions, etc.
• Experience with implementing different phases of CI/CD like secret scanning, SAST, SCA, DAST, Infrastructure as code, compliance as code, vulnerability management.
• Experience with container security tools.
• Optimizing the pipeline to produce the best results and ability to plan a maturity model for the DevSecOps program.
• Understanding of web-based application vulnerabilities (OWASP Top 10).
• Experience with scripting / programming skills (e.g., Python or PowerShell or Java or Perl etc.).

To qualify for the role, you must have

• BE/ B.Tech/ MCA.
• Minimum of 10 years of work experience in application security, Secure SDLC and DevSecOps.
• Certifications: Mandatory to have any one of the below certifications,
  • Azure Security Architect (Az-500)
  • AWS security speciality certification (SCS-C01)
• Knowledge of Windows, Linux, UNIX, any other major operating systems.
• Strong Excel and PowerPoint skills.

Other recommended skills and certifications

• Project management
• Certifications: CSSLP, CISSP, Certified DevSecOps Professional

What we look for

A candidate who can design and build a complete DevSecOps programme and work around a maturity model, optimizing the pipeline to integrate the best tools according to the client requirement.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you