דרושים Business Analyst - Channel ב-Ge Healthcare ב-India, Bengaluru

Essential Responsibilities

Roles and Responsibilities :

3. Product cybersecurity development responsibilities:

• Assess the privacy and cybersecurity state of the product and define product roadmapfeatures/enhancementswith stakeholder approval
• Responsible for security architecture and coordination of product development for cybersecurity features and enhancements
• Assess product components and SBoM integrated into the product
• Perform defect management for cybersecurity issues
• Identify operational responsibilities and adherence to cloud standards for cloud- based products
• Responsible for Product and Security Manual and MDS2 documentation

4. In coordination with the PSL, own and deliver GEHC Product Cybersecurity Standard artifacts, which includes:

• Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs
• Create Design Engineering Privacy and Security (DEPS) artifacts for privacy and security risk assessments to engage in domain-specific product threat modeling, attack surface analysis, risk management and reduction
• Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments
• Lead product Security Technical Design Reviews
• Along with the product LSD, responsible for the GEHC Product Cybersecurity Standard compliance and other pertinent standards and process.

6. Works with the GEHC Product Security team and QARA on released product life-cycle, including:

• Participate in post-market product vulnerability monitoring
• Participate as an Subject Matter Expertise to determine product vulnerability impact, investigation, and risk assessment.
• Responsible for product vulnerability mitigation and design change.
• Responsible for GEHC vulnerability tool update to ensure accurate customer communication.

8. Provide technical expertise on customer concerns, complaints, and CSO escalations.

9. Create/Maintain responsible product records within GEHC product cybersecurity tools.

10. Active involvement in DoD RMF submission process and maintenance.

Educational Qualifications:

• Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math)
• 3+ years of progressive experience as adevelopment/cybersecurityengineer or scientist/researcher working with a cybersecurity skill set.

Desired Characteristics:

• Sound technical and domain experience in at least two cybersecurity functional technology areas.
• Technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.).

Inclusion and Diversity

Ourare designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support.

Roles and Responsibilities

• With oversight from Managers and other senior team members, perform audit work and test internal controls by reviewing and documenting relevant evidence to conclude on the design and operational effectiveness of controls and the overall control environment.

• Collaborate with colleague across the globe, adaptability and strong understanding of global business practices are key attributes for success for this position.

• Participate in meetings with key client contacts and stakeholders to review key concepts, gaps or issues with risk management and control design elements, support and conclusions.

• Adapt testing approach based on risks identified.

• Assess documentation, processes, methods, policies, costs, and other factors to determine if assigned scope areas are operating in accordance with established and relevant controls and in a way that adequately mitigates identified risks.

• Prepares clear and well-organized audit work documentation within an automated
  workflow that clearly documents root cause, work performed, investigation
  summaries, and recommendations.

• Present initial audit observations to the IA leadership and audit stakeholders, as required.

• Embrace an equitable and inclusive environment where people can bring their full selves to work and unlock their greatest potential and contributions to the team.

• Stay abreast of new and emerging regulations & trends that impacts the risk landscape and rapidly adjust audit plan or procedures accordingly.

Required Competencies

• Internal Control Knowledge: Ability to understand and assess the design, implementation, and operating effectiveness of internal controls.

• Project Management: Contributes to the planning and execution of planned audits.

• Root Cause Analysis: Ability to identify the root cause of an issue, demonstrating awareness of various root cause analysis techniques, such as the “5 why’s” test.

• Writing: Ability to document in a clear, concise, and logical manner process understanding (i.e., narratives/flow diagrams), risks, control descriptions, and test results (i.e., symptoms). Ability to analyze evidence and document findings in a structured and coherent way.

• Conflict Management Negotiation: Ability to handle difficult situations with diplomacy and tact and negotiate with management as appropriate to ensure key findings and follow-up actions are agreed upon.

• Influence: Ability to build trust and support with auditees

• Data Analysis and Business Intelligence Knowledge: General understanding of data and analytics techniques used in analyzing large volumes of data, ability to conduct simple data analysis using excel functions.

• Data Visualization: General understanding of data visualization techniques and their application

Required Qualifications

• A Bachelor's or Master’s degree in Accounting, Finance, Business Administration or "STEM" (Science, Technology, Engineering or Mathematics) Majors

• Two to five years of relevant internal audit or equivalent experience in industries such as Manufacturing, Medical Devices, Technology, Consulting or Financial Services.

• Ability to travel internationally and domestically approximately 15-20%.

Desired Characteristics

• CPA/CA, CFA or other professional certification is desired.

• Audit/risk management, data analytics experience or exposure is preferred.

• General knowledge of legal, regulatory and compliance requirements.

• Excellent listening, verbal, written and presentation communication skills.

• Lean Process orientation; Passion to help improve operations continuously

• Strong project management and organization skills.

• Problem solving skills that demonstrate logical and analytical thought processes.

• Know how to use technology and data to get things done.

• Ability to flex personal style according to the context of a situation to drive engagement with all stakeholders.

total rewardsare designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support

Roles and Responsibilities

In this role, you will:

•Work with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents.
•Be responsible for providing technical leadership and defining, developing, and evolving security within software in a fast-paced and agile development environment using the latest secure software development technologies and infrastructure.
•Work with Cyber Security Leaders and SMEs to understand product requirements
•Translate security requirements / vision into a prioritized list of user stories, completing work according to required timelines and quality standards
•Assist security champions in completing Threat Modeling and Architecture Risk Analysis on product features
•Perform Security Code Reviews, Vulnerability Analysis and research on application code
•Coach and mentor developers to implement cryptography solutions securely (PKI, Code Signing, Stored Secrets, et cetera)
•Engage subject matter experts in successful transfer of complex domain knowledge
•Apply principles of Secure SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security
•Provide guidance and advice on writing secure code that meets standards and delivers desired functionality, using the technology selected for the project
•Understand application security methodologies and frameworks
•Leverage GE Digital's tailored Secure SDL practice into specific engineering engagements
•Research new application security technologies and implement them to improve application security.
•Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development
•Promote best practices based on OWASP, SANS Top 25, and the GE Digital SDL.

•Write fuzz scenarios to see the break network protocol suites such as TCP/IP, IPv6, UDP, TLS, DTLS

•Ability to automate attack scenarios to avoid repetitive work.

•Good to have experience in Bluetooth/Wifi or any radio based attacks.

•Good to have experience in Rest API security testing and recommending best practices while opting for OAuth or OpenId connect

•Having experience working on IoT platform will be beneficial.

Required Skills

•Professional expertise with Kali Linux, Metasploit, Meterpreter.

•Hands-on experience in Windows/Linux and network security.

•Execute Scans using tools such as Nessus, Burp, Fortify/Coverity, Splunk etc.

Education Qualification

Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) with a minimum of 3+ years of experience in systems security, product / OT security and application security.

Desired Characteristics

•Certifications – OSCP, CCSP.

•Languages – C/C++/Java/Python/Ruby

•Proven experience in breaking the vulnerable boxes.

•Adaptable to learn new skills or technologies as per business needs.

•Detailed working knowledge of two modern programming languages, such as java, python, or ruby
•Good written and oral communication skills and successful security consulting background.
•At least 2 years of security consulting involvement with development team(s) that delivered software-based services
•Experience in developing secure applications
•A high energy and a result-oriented attitude/approach, with an understanding of release timelines and the need to enable development teams, not slow them down
•Experience with Security Development Lifecycle processes such as Threat Modeling desired
•Contribute to and lead discussions and communications within the team and outside, including customers and other business units
•Excellent knowledge of Object Oriented Analysis and Design, Software Design Patterns and coding principles
•Hands-on Experience with developing cloud-deployed applications that utilize oath 2
•Hands-on experience with developing RESTful web services
•Mobile Architecture experience, designing, developing, and integrating solutions.
•Experience with penetration testing tools, ability to replicate security defects uncovered by groups such as GE's red team
•Good understanding of security tools and technologies to facilitate secure development

Inclusion and Diversity

Ourare designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support.

Roles and Responsibilities

• Site/region strategy and execution of manufacturing finance activities, coordinating planning, pacing, and closing activities. Own P&L and balance sheet activities, including cost accounting, inventory controls (PI, Revals, standards, variances, etc.), product fulfillment and COGS booking, functional costs, VCP/BCP, P&E, etc.

• Broadening knowledge of theories, practices and procedures in own discipline to execute functional policy/strategy; still developing functional knowledge and skills.

• Basic understanding of key business drivers; uses this understanding to accomplish own work. Good understanding of how work of own team integrates with other teams and contributes to the area.

• May have some autonomy to make decisions within a defined framework. Resolves issues in situations that require good knowledge and judgment within established procedures. Consults more senior team members for issues outside of defined policy/parameters.

• A job at this level requires good interpersonal skills. For customer facing roles, develops strong customer relationships and serves as the interface between customer and GE. Explains technical information to others.

Required Qualifications

• For roles outside of the USA- This role requires basic experience in the Finance & Manufacturing Operations. Knowledge level is comparable to a Bachelor's degree from an accredited university or college ( or a high school diploma with relevant experience).

• For roles in USA - Bachelor's degree from an accredited university or college (or a high school diploma / GED with at least 6 years of experience in Job Family Group(s)/Function(s)).

Desired Characteristics

• Strong oral and written communication skills. Ability to document, plan, market, and execute programs.

are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support.

Roles and Responsibilities

• Own development of cyber security artifacts including threat model and lead discussion on identifying mitigations.
• Assist the Engineering teams in triaging and identification of fix for detected product vulnerabilities.
• Interact with internal / external teams to co-ordinate security and privacy assessments which includes VAPT to determine compliance and security posture.
• Regularly monitor the cyber security vulnerabilities in the 3rd part libraries used in the product and ensure those vulnerabilities are addressed in a timely manner
• Respond to Cyber Security Inquiries for GE HealthCare and OEM Products
• Respond to customer complaints related to Cyber Security issues in the products
• Document security artifacts based on GE HealthCare Quality System
• Assess the security for software/Product architecture – guide the product architects to ensure security is built into at the design level itself.
• Verify that security and privacy requirements defined in the security plans, policies, and procedures are followed and protection measures are functioning as intended.
• Assist business units in the development and implementation of product security and Privacy practices including policies, standards, guidelines, and procedures.
• Assess SAST and DAST reports, analyse the findings and work with development teams to fix the findings
• Security Point of Contact for development teams to ensure GEHC SDLC principles are adhered

Desired Experience

• Bachelor’s degree in engineering
• Should have 7+ years of development and security experience which includes application security, mobile security, network security, OS security and Cloud Security.
• Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing and deployment.
• Good understanding of AWS services, specifically related to security.
• Experience in designing security solutions.
• Strong knowledge of Microsoft STRIDE Threat Model tool and framework
• Hands-on experience in execution and review of Static & Dynamic Code Analysis reports and ability to discuss with development teams for true positives.
• Experience and knowledge of penetration testing methodologies and tools.
• Knowledge of information system architecture and security controls (e.g., firewall, specialized appliances)
• Sound understanding of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA
• Willingness to learn new technologies and work on security for varied products.
• Understanding of NIST 800-53, NIST CSF, ISO27001 standards

Preferred Skills

• Exposure to privacy requirements - HIPAA, GDPR, DPDP Act
• Excellent Cyber Security capabilities
• Strong knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response
• Understanding of security by design principles and architecture level security concepts
• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
• Ability to relate cyber security incidents from cross-industries.
• Good to have security certifications like CompTIA Security+, CEH

Roles and Responsibilities

• For all assigned controls, schedule and attend walkthroughs to develop a deeper understanding of Company’s IT assets and how they support Business Processes, test, and document the results based on work paper guidance or review as assigned.
• Take responsibility of the quality of deliverables to ensure they meet or exceed established standards. Overall accountability of the quality of the documentation the Role holder produces will rest with the Role holder.
• Escalate all identified defect to the IT SOx Manager. Participate in the discussion with the Control/ Process Owners in confirming if identified defects are control deficiencies and agreeing with remediation actions and timelines.
• Ensure, impact is assessed for all identified deficiencies, including identifying mitigating controls, if any.
• Support report out to Leadership teams regarding the status of the progress vs plan as requested.
• Ensure, all assigned deficiency remediation testing is completed, and remediated control is evaluated for the design and operational effectiveness and is reviewed before it could be closed.
• Anything else that the IT SOx Manager requests in furtherance of program execution and/ or enhancement.

Required Qualifications

• 5 plus years of experience in IT audit, IT SOX compliance, or a related field.
• Bachelor's degree from an accredited university in Information Systems, Accounting, Finance, Computer Science, or a related field.
• In-depth knowledge of IT general controls and related scoping and testing techniques, including the following control areas:
  • Access management
  • Change management,
  • IT operations,
  • System development life cycle (SDLC),
  • Third-party SOC reports,
  • Application controls,
  • System interface controls,
  • Key report / IPE validation testing.
• Familiarity with risk and control frameworks (e.g., COSO, COBIT, NIST, ISO).
• Experience drafting IT risks, controls, testing procedures, deficiencies, and remediation recommendations.
• Experience participating in the annual SOX compliance cycle, including process walkthroughs, control testing, workpaper quality assurance, control remediation and certification processes.
• Experience reviewing control testing work for quality assurance.
• Integrity: Accepting and adhering to high moral, ethical, and personal values in decisions, communications, actions and when dealing with others.
• Self-starter/Independent- shows initiative and works responsibly even without close supervision
• Quick learner- shows ability to absorb and apply new knowledge.
• Is fluent in English, both written and verbal.

Desired Characteristics

• Progressing toward receiving Certified Information Systems Auditor (CISA) or equivalent certification.
• Experience with project planning, status tracking, and reporting.
• Strong communication, interpersonal, analytical, and problem-solving skills, with service and collaborative attitude
• Has very good understanding of risks and controls and is able to apply it in the context of achieving business objectives and overall SOx certification requirements.
• Adaptable/ Flexible: Ability to work beyond role boundaries or with uncertainty & fluid situations- able to embrace change in response to new information, unexpected or different circumstances and ambiguous situation.

Inclusion and Diversity

Ourare designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support

Roles and Responsibilities

• With oversight from Managers and other senior team members, perform audit work and test internal controls by reviewing and documenting relevant evidence to conclude on the design and operational effectiveness of controls and the overall control environment.

• Collaborate with colleague across the globe, adaptability and strong understanding of global business practices are key attributes for success for this position.

• Participate in meetings with key client contacts and stakeholders to review key concepts, gaps or issues with risk management and control design elements, support and conclusions.

• Adapt testing approach based on risks identified.

• Assess documentation, processes, methods, policies, costs, and other factors to determine if assigned scope areas are operating in accordance with established and relevant controls and in a way that adequately mitigates identified risks.

• Prepares clear and well-organized audit work documentation within an automated
  workflow that clearly documents root cause, work performed, investigation
  summaries, and recommendations.

• Present initial audit observations to the IA leadership and audit stakeholders, as required.

• Embrace an equitable and inclusive environment where people can bring their full selves to work and unlock their greatest potential and contributions to the team.

• Stay abreast of new and emerging regulations & trends that impacts the risk landscape and rapidly adjust audit plan or procedures accordingly.

Required Competencies

• Internal Control Knowledge: Ability to understand and assess the design, implementation, and operating effectiveness of internal controls.

• Project Management: Contributes to the planning and execution of planned audits.

• Root Cause Analysis: Ability to identify the root cause of an issue, demonstrating awareness of various root cause analysis techniques, such as the “5 why’s” test.

• Writing: Ability to document in a clear, concise, and logical manner process understanding (i.e., narratives/flow diagrams), risks, control descriptions, and test results (i.e., symptoms). Ability to analyze evidence and document findings in a structured and coherent way.

• Conflict Management Negotiation: Ability to handle difficult situations with diplomacy and tact and negotiate with management as appropriate to ensure key findings and follow-up actions are agreed upon.

• Influence: Ability to build trust and support with auditees

• Data Analysis and Business Intelligence Knowledge: General understanding of data and analytics techniques used in analyzing large volumes of data, ability to conduct simple data analysis using excel functions.

• Data Visualization: General understanding of data visualization techniques and their application

Required Qualifications

• A Bachelor's or Master’s degree in Accounting, Finance, Business Administration or "STEM" (Science, Technology, Engineering or Mathematics) Majors

• Two to five years of relevant internal audit or equivalent experience in industries such as Manufacturing, Medical Devices, Technology, Consulting or Financial Services.

• Ability to travel internationally and domestically approximately 15-20%.

Desired Characteristics

• CPA/CA, CFA or other professional certification is desired.

• Audit/risk management, data analytics experience or exposure is preferred.

• General knowledge of legal, regulatory and compliance requirements.

• Excellent listening, verbal, written and presentation communication skills.

• Lean Process orientation; Passion to help improve operations continuously

• Strong project management and organization skills.

• Problem solving skills that demonstrate logical and analytical thought processes.

• Know how to use technology and data to get things done.

• Ability to flex personal style according to the context of a situation to drive engagement with all stakeholders.

total rewardsare designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support