Join the Bloomreach GIST (Global Information Security & Technology) team as an Associate Security Analyst and help protect our e-commerce environment from threats, vulnerabilities, and sophisticated attackers. Your work will have a significant impact on numerous customers across various e-commerce verticals and hundreds of millions of online users. As a core member of our globally distributed 24/7 Security Operations Team, you can work full-time from our India offices or from home.

Your job will be (but not limited to)

● To Monitor, analyze & interpret security/system/application/infrastructure logs for events, configuration irregularities & potential incidents
● To leverage security tools, custom built dashboards and/or proactive identification approaches to detect anomalous activities
● Monitoring Cloud infrastructure for security-related events
● Monitoring threat/vulnerability landscape and security advisories, coordinate and escalate as appropriate
●To work with application security teams, product specialists, GRC, legal teams on active incidents and/or investigations
● To participate in a major incident call, document incident report summaries
● To document, follow and execute standard operating procedures (SOPs)
● Documenting/Managing/maintaining & following use cases, playbooks and/or knowledge base articles
● To work on incidents, requests related to security
● Owning responsibilities within a shift with a positive mindset towards growth & upskilling

Professional experience, skills & requirements

● 2+ years of hands on experience as part of a 24*7 Security Operations team OR a starter with equivalent degree/specialization in the area of Cyber Security with a proven project dealing in the new age landscape (SaaS platform Security, SecOps, API/Container Security, Threat Intel/Hunting, Vulnerability Management).
● Hands on experience or deep knowledge on usage of SIEM, SOAR, EDR ( modules like TI, VM, DLP)
● Exposure or experience in using any of CSPM tools (SentinelOne, Falcon Horizon, Wiz,Sysdig,Prisma cloud,MS Defender)
● Exposure or experience in assessing, interpreting & managing vulnerabilities using relevant tools.
● Knowledge of either AWS or GCP is must
● Should possess positive attitude to participate, own & drive tasks for POCs for various tools
● Understanding of risk framework
● Ability to assess emerging trends & threats in cyber security space
● Should possess good analytical, problem-solving, and interpersonal skills. Should be able to apply & provide logical reasoning
● Knowledge of NIST framework, OSINT standards, MITRE ATT&CK framework & cybersecurity incident lifecycle is an advantage. Beginner level of understanding is mandatory
● Mandatory to work in a 24/7 rotation shift & weekends
● Possess excellent command on communication in English being a good listener, speaker & reader 

Your success story will be:

In the first 30 days you will

● Understand the roles & responsibilities of SOC team, in-scope vs out of scope tasks
● Read & understand SOPs, Policies & working procedures of the team
● Shadow peers in day to day work, overlook tickets, alerts, incidents, understand the current state of ongoing projects/enhancements etc

In the next 30 days you will (60 days from start)

● Start owning incidents, tasks as independent contributor with a peer shadowing you
● Participate in incident related calls, cross team/department meetings
● Handle SIEM/SOAR/EDR events

In the next 30 days you will(90 days from start)

● You will start documenting or tweaking existing SOPs, process document
● You will bear responsibilities of representing team in forums/meetings/discussions
● You will start managing shift alone when needed
● You will adapt yourself to service improvement mindset and contribute to overall success of the team

 Job Summary

We are seeking a highly motivated QA Automation Engineer to design, develop, and maintain automated testing frameworks while ensuring the quality of SaaS and eCommerce applications.

The role requires strong expertise in Salesforce and SAP systems, hands-on experience with automation tools, and a solid understanding of end-to-end business workflows. The ideal candidate is proactive, detail-oriented, and collaborative, with a focus on continuous improvement in an Agile environment.

What You'll do:

Automation & Test Execution

• Develop and maintain automated test scripts using Selenium, Playwright, or APEX.
• Design scalable automation frameworks for Salesforce and SAP integrations.
• Create and execute test cases including functional, regression, sanity, smoke, and exploratory testing.
• Identify automation opportunities to improve efficiency and reduce manual effort.

E-Commerce & Integration Testing

• Perform end-to-end testing across Salesforce (Sales, Service, Commerce Cloud) and SAP (FICO, BRIM, MM, GRC).
• Validate eCommerce workflows: product catalog, search, cart, checkout, pricing, promotions, and order management.
• Test integrations between Salesforce, SAP, and external systems (e.g., payment gateways).
• Ensure accurate data flow and business process validation across systems.

API, Performance & CI/CD

• Design and maintain API test automation for REST services using Postman/SOAP UI.
• Execute performance testing using JMeter or LoadRunner.
• Integrate automated test suites into CI/CD pipelines (Jenkins, GitLab CI/CD).

Defect Management & Quality Assurance

• Identify, log, track, and retest defects to ensure timely resolution.
• Perform production smoke testing post-deployment to ensure system stability.
• Maintain test suites (Smoke, Sanity, Regression) for optimal coverage.

Agile Collaboration & Test Management

• Participate in Agile ceremonies (Sprint Planning, Stand-ups, Grooming).
• Collaborate with developers, product owners, and stakeholders for requirement clarity and testability.
• Maintain test data, ensure environment readiness, and keep Jira updated with accurate statuses and comments.

Continuous Improvement & Mentorship

• Continuously improve testing processes, tools, and frameworks.
• Maintain clear documentation of test strategies and execution.
• Mentor team members and promote automation best practices.

Technical Skills

• Strong programming skills in Java or Python.
• Proficiency in JavaScript/TypeScript.
• Experience with Selenium, Playwright (preferred), and APEX.
• Expertise in API testing and performance testing tools.

Integration & Tools

• Strong understanding of SaaS applications and end-to-end integration testing.
• Experience with CI/CD tools (Jenkins, GitLab CI/CD) and version control (Git).
• Experience with Jira or similar tools.

What you bring:

Experience: Proven experience as a Test Automation Engineer or similar role with
hands-on experience in automated testing of Salesforce / SAP systems.

Technical Skills:

• Proficiency in modern web technologies (JavaScript/TypeScript).
• Strong programming skills in Java/ Python
• Hands-on experience with testing tools like Selenium, Playwright, APEX
• Good to have experience in Playwright.
• Expertise in API testing tools (Postman, SOAP UI) and performance testing (JMeter, LoadRunner).
• Integration Testing: Familiarity with SaaS applications and full-stack integration testing.

Tools & Platforms:

• Experience with CI/CD tools (Jenkins, GitLab CI/CD, CircleCI).
• Knowledge of version control systems like Git
• Preferred Qualifications:
• Familiarity with Agile/Scrum methodologies.
• Experience working in B2B SAAS Company.
• Expertise in security testing methodologies.

#LI-VG1

#LI-Hybrid

Role Overview:

The IT SOX Director is responsible for the end‑to‑end ownership of the SOX compliance program, covering IT General Controls (ITGCs), IT Application Controls (ITACs), automated controls, and Business / Financial Reporting SOX. This role partners closely with Information Security, IT, and Finance to ensure effective control design, testing, remediation, and continuous improvement in support of SOX Sections 302 and 404.

Key Responsibilities:

1. IT SOX Program Leadership & Strategy:

• Own and lead the end‑to‑end IT and Financial Reporting SOX program, ensuring effective design, operating effectiveness, remediation, and continuous improvement.
• Oversee SOX compliance for:
• IT General Controls (ITGCs), IT application controls, and automated controls across existing and new systems supporting financial reporting.
• Lead financial reporting risk assessments to determine SOX scope for new or changed business processes

1. Risk Assessment, Scoping & Control Design

• Lead annual and ongoing IT risk assessments to determine SOX scope for existing systems, new applications, platforms and technology changes
• Lead annual and ongoing risk assessments to determine SOX scope for existing and new financial reporting process; Manage the review of design and operating effectiveness of the process

1. SOX Testing Oversight & Issue Management:

• Oversee the design and operating effectiveness reviews of:
• ITGCs and ITACs across scoped systems and platforms
• Business and financial reporting controls across in‑scope processes
• Direct and guide the team through all phases of SOX testing, including planning, walkthroughs, testing, review, and reporting.

• Perform quality reviews of testing results to ensure accuracy, completeness, and audit readiness, and drive timely completion of in‑house SOX testing.
• Prepare IT and business process owners for external SOX audits, walkthroughs, and inquiries.
• Review SOC 1 Type II reports, assess control implications, and coordinate discussions with relevant process owners including Complementary User Entity Controls.
• Support identification, evaluation, and remediation of SOX deficiencies in partnership with stakeholders.

1. Audit & Stakeholder Management

• Coordinate and support external auditor requests, including walkthroughs, evidence submission, and issue resolution.
• Build strong working relationships with IT, Engineering, Information Security, and Finance Controllers to ensure smooth SOX execution.

1. Process Improvement, Automation & Transformation

• Identify and implement opportunities to automate IT and SOX controls, reduce manual effort, and increase auditor reliance.
• Drive standardization and quality of SOX documentation, including process flows, Risk & Control Matrices (RCMs), system diagrams, and role matrices.
• Promote continuous improvement through effective use of SOX tools, GRC platforms, AI tools, and data analytics. 

1. Team Leadership & Talent Development

• Lead, coach, and mentor the in‑house SOX team, fostering technical excellence and accountability.
• Set clear performance expectations, review work quality, and develop a high‑performing compliance culture.
• Support capability building and succession planning within the SOX function. 

1. Regulatory & Industry Awareness

• Stay current with SOX, PCAOB, COSO, and IT risk management standards, including emerging focus areas (eg: AI)
• Monitor regulatory developments and proactively adapt the SOX program to meet changing expectations

Skills required:

• Strong working knowledge of ITGC, ITAC, Key data reporting testing and financial reporting SOX
• Ability to interpret and leverage SOC 1 / SOC 2 reports, including evaluation of CUECs and sub‑service organizations
• Strong working knowledge on SOX scoping for IT applications/platforms and financial reporting process
• Strong understanding of COSO Internal Control Framework and alignment of IT controls to financial reporting risks
• Solid understanding of IT environments including ERP systems, cloud platforms, dev Ops, change pipeline and cloud controls
• Proven ability to lead, coach, and manage inhouse SOX teams
• Clear, concise communication of IT and financial reporting risks and control issues to senior management and audit committee

Education Qualification required:

• CA/CPA/IT or MBA Engineering graduates/Certified Information System Auditor/ with 10 to 15 years of IT SOX experience. The candidate should also possess reasonable business SOX experience.
• In-depth expertise in the COSO framework, PCAOB standards, and IT control environments.
• Demonstrated success leading large-scale, complex SOX programs within public company settings.
• Strong ability to engage and influence senior leadership and external auditors.

Company Summary

Zeta Global is a data-powered marketing technology company with a heritage of innovation and industry leadership. Founded in 2007 by entrepreneur David A. Steinberg and John Sculley, former CEO of Apple Inc and Pepsi-Cola, the Company combines the industry’s 3rd largest proprietary data set (2.4B+ identities) with Artificial Intelligence to unlock consumer intent, personalize experiences and help our clients drive business growth.

Our technology runs on the Zeta Marketing Platform, which powers ‘end to end’ marketing programs for some of the world’s leading brands. With expertise encompassing all digital marketing channels – Email, Display, Social, Search and Mobile – Zeta orchestrates acquisition and engagement programs that deliver results that are scalable, repeatable and sustainable.

Zeta Global is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of race,

gender, ancestry, color, religion, sex, age, marital status, sexual orientation, gender identity, national origin, medical condition, disability, veterans status, or any other basis protected by law.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Zeta Global Recognized in Enterprise Marketing Software and Cross-Channel Campaign Management Reports by Independent Research Firm.

https://www.forbes.com/sites/shelleykohan/2024/06/1G/amazon-partners-with-zeta-global-to-deliver- gen-ai-marketing-automation/

https://www.cnbc.com/video/2024/05/06/zeta-global-ceo-david-steinberg-talks-ai-in-focus-at-milken- conference.html

https://www.businesswire.com/news/home/20240G04622808/en/Zeta-Increases-3Q%E2%80%GG24-Guidance

https://www.prnewswire.com/news-releases/zeta-global-opens-ai--data-labs-in-san-francisco-and-nyc- 300S45353.html

https://www.prnewswire.com/news-releases/zeta-global-recognized-in-enterprise-marketing-software-and-cross-channel-campaign-management-reports-by-independent-research-firm-300S38241.html

Here's a summary of the role:

If you're a compliance professional who believes that the best controls are the ones that run themselves — this one's for you.

As a Compliance Engineer on our Continuous Controls Assurance team, you'll sit at the intersection of compliance, engineering, and business process — your mission being to make compliance a living, automated reality rather than a periodic exercise. You'll inject compliance directly into how the business operates, building the evidence, signals, and automation that lets us prove we do what we say we do.

This role is particularly suited to candidates who have worked across compliance frameworks and technical environments — whether in SaaS companies, cloud-native organisations, or forward-thinking internal audit and GRC functions — and who are comfortable translating control requirements into code, pipelines, and data.

You'll play a central role in maturing our controls assurance program, moving us from point-in-time testing toward continuous, automated monitoring that scales with the business.

Here's a breakdown of what you'll do:

• Design and build automated controls — translate control objectives across frameworks such as SOC 2, ISO 27001, and PCI DSS into automated tests, scripts, and monitoring logic embedded in business and technical processes
• Own continuous controls monitoring — develop and maintain pipelines that continuously collect, evaluate, and surface control evidence, flagging exceptions and deviations in near real-time
• Embed compliance into the SDLC and business operations — partner with Engineering, DevOps, and business teams to integrate compliance checkpoints, policy-as-code, and configuration validation into CI/CD pipelines and operational workflows
• Bridge GRC and Engineering — translate compliance requirements into technical specifications, and translate system behaviour back into auditable evidence — acting as the connective tissue between the two disciplines
• Maintain the controls evidence repository — ensure control evidence is automatically captured, timestamped, and stored in a format that supports internal review and external audit
• Support audit and assurance activities — provide automated evidence packages for external audits, reducing manual effort and improving audit quality and speed
• Identify and close assurance gaps — conduct control gap assessments, recommend improvements, and own the remediation pipeline through to closure
• Collaborate on policy and standard development — ensure that policies are written in a way that can be operationalised and tested, feeding back where policy language creates ambiguity in controls design

These are the essentials you'll need to get an interview:

• Experience in a compliance, GRC, or information security role within a SaaS or cloud-native organisation
• Hands-on experience with one or more compliance frameworks — SOC 2, ISO 27001, PCI DSS, or similar
• Demonstrated ability to automate compliance processes — using scripting (Python, Bash, or similar), APIs, or tooling such as Drata, Vanta, Tugboat Logic, or equivalent
• Familiarity with cloud environments (AWS, GCP, or Azure) and the controls that govern them
• Strong analytical skills — able to decompose a control objective into testable, measurable components
• Excellent written communication — able to produce clear control narratives, test procedures, and evidence documentation

It would be great if you had these too, but we'll support you if you don't:

• Experience with policy-as-code tools (e.g. Open Policy Agent, Conftest, Checkov, or AWS Config Rules)
• Exposure to CI/CD platforms (e.g. GitHub Actions, GitLab CI, Jenkins) and how compliance gates can be embedded within them
• Familiarity with SIEM, log management, or observability tooling in a controls assurance context
• A background that spans both technical and compliance disciplines — e.g. a developer who moved into GRC, or a compliance analyst who learned to code
• Relevant certifications such as CISA, CISSP, CCSP, AWS Security Specialty, or equivalent

Okta is scaling internal AI and automation across the company—from employee productivity to building differentiated AI-native products. To make that scale real, we’re building platforms that democratize agent and automation development: secure, reliable building blocks that let teams ship AI-powered workflows faster, safely, and with confidence.

As a Staff Product Manager, AI & Automation Platform, you’ll lead product strategy and execution for the platform layer that enables internal builders (engineers, automation developers, analysts, and power users) to create and run agents, automations, and integrations—while meeting Okta’s high bar for security, reliability, compliance, and operational rigor. You’ll partner closely with your Bangalore Engineering POD and collaborate deeply with US-based product, security, and engineering stakeholders.

What you’ll bring :

Product Leadership and Platform Experience

• 8+ years of product management experience, with meaningful time owning platform products(developer platforms, internal platforms, infrastructure, integration/iPaaS, workflow automation, data platforms, or security platforms).
• Proven ability to deliver platforms that enable other teams to build products (strong “product for builders” intuition)
• Demonstrated success building products from scratch (0–1), including discovery, MVP definition, launch, and rapid iteration based on user feedback.
• Working knowledge of agentic/automation ecosystems: orchestration, tools/connectors, prompt/runtime considerations, evaluation, and iteration loops.
• Comfort partnering with engineering to make tradeoffs across usability, scalability, cost, and governance 
• Experience shipping products in environments with high security/compliance expectations.
• Strong grasp of concepts like RBAC/ABAC, audit logging, secrets management, data controls and operational reliability

What you will do : 

Own the platform product strategy

• Define the vision, roadmap, and success metrics for an AI & Automation Platform that enables internal teams to build, test, deploy, and operate agents and automations at scale
• Identify the highest-leverage platform capabilities(e.g., orchestration, connectors, governance, observability) that reduce time-to-value for internal AI initiatives.
• Translate company priorities into clear platform outcomes: adoption, reliability and security, developer velocity and cost efficiency

Build a “democratized” builder experience

• Deliver a cohesive builder journey across personas: engineers, automation developers, business ops, and internal product teams

Drive capabilities such as: 

• Reusable components (templates, agent patterns, workflow primitives)
• Connector ecosystems (SaaS + internal systems)Sandboxing and safe testing and demo environments
• Self-service onboarding and documentation

Make security and reliability built-in, not bolted-on

Partner with Security, IAM, and GRC stakeholders to ensure the platform supports:

• Policy-based access controls, secrets management, and least privilege
• Data handling standards (classification, retention, audibility)
• Guardrails for tool use, identity, and approvals (human-in-the loop where needed)
• Customer Zero
• Establish operational excellence: SLOs/SLIs, incident response expectations, resilience, and 
• observability across agent and automation execution.

Lead through influence across geographies

• Operate as the “connective tissue” between Bangalore execution and US stakeholder alignment.
• Run crisp product rituals: discovery, roadmap reviews, quarterly planning, and cross-functional decision forums.
• Drive alignment across multiple internal teams and dependencies without direct authority

Nice to have

• Experience with enterprise identity/security patterns (e.g., SSO, provisioning, authorization models
• Familiarity with integration platforms, workflow engines, or API ecosystems.
• Experience in building internal platforms in a large global company with strong compliance 

  #LI_Hybrid

  # P24740_3366445

About the team & role:

• The Information Security organisation advances the overall state of security at Rubrik through critical initiatives and the coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams at Rubrik to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our systems, provides awareness education to teams on security best practices for data protection, and ensures data sharing relationships with third parties in order to securely protect Rubrik information.

• We are seeking a Senior Security Engineer to bridge the gap between traditional Security Operations and modern Data Engineering. You will be responsible for the day-to-day health of our SIEM ecosystem while simultaneously contributing in transition toward a Security Data Lake architecture. This is a hands-on, high-impact role that leverages Programming, Cloud Warehouses and AI to defend a global multi-cloud footprint.

What you’ll do?

• SIEM Administration: Handle day-to-day operations of market-leading SIEM platforms (e.g., Splunk, Sentinel, or Chronicle). This includes log ingestion from a variety of sources like Network devices, 3rd party vendor APIs,  Cloud Services, Webhooks etc..  parsing/normalisation to a common schema, health monitoring checks,  User access management and Cost Monitoring.
• Security Data Lake Operationalisation: Develop and maintain the infrastructure/Platform that moves security telemetry from raw sources into Snowflake, BigQuery, or Databricks. Tune/Optimise Ingestion at Scale for cost efficiency and  Enable SOC team and Threat Detection team to leverage the Security Data lake for their Search and Analytics workloads. 
• AI & Agentic Automation: Proactively integrate AI tools and LLMs into daily workflows; develop AI agents to automate Tier 1/2 SecOps tasks like Incident Investigation and Response.
• Cross-Team Collaboration: Partner with global teams across time zones and manage Stakeholder communication.

Experience you'll need:

• Experience: 5+ years in Security Ops and Engineering, focusing on  Security Data management and Automation.
• SIEM and SOAR Mastery: Hands-on experience with at least one market-leading SIEM (Splunk, Microsoft Sentinel, Elastic) and SOAR platform (Palo Alto XSOAR, Splunk SOAR).
• Cloud Data Warehousing: Practical experience administering or developing within Snowflake, BigQuery, and/or Databricks. Prior experience in building/maintaining data platforms that can manage  50-100 TB/day data is a big plus.
• Programming: Strong proficiency in Python and Shell scripting.
• Data Engineering Knowledge: Understanding of Cloud warehouse and  Lakehouse concepts, Open Table formats and Search engines for a composable Security Data stack.
• Cloud Infrastructure: Solid experience in one major cloud (AWS/GCP/Azure); Multi-cloud familiarity is a major plus.
• AI Fluency: Demonstrated experience or strong inclination towards utilising various AI tools to significantly enhance effectiveness (force multiplier) and solve complex business problems, particularly within SecOps and GRC domains.
• Nice to have
  • Exposure to Cloud Logging frameworks and best practices for Security Telemetry ingestion.
  • Familiarity with container orchestration (Kubernetes/EKS/GKE).
  • Interest/experience in building AI-driven security workflows.
  • Knowledge of modern CI/CD patterns and DevOps security integrations.
  • Experience with Terraform or other IaC tools.

Lead Security & Compliance

Location: Bengaluru, India
Work Model: 5 days work from office
Company: interface.ai
Function: Engineering / Security & Compliance
Reports to: VP Engineering / Security & Privacy Leadership

About the Role

We are looking for a Lead Security & Compliance professional to help strengthen interface.ai’s security, compliance, privacy, and risk programs in India.

This is a hands-on, execution-focused role for someone who can work closely with Engineering, Cloud Infrastructure, Product, Legal, Sales, and Customer teams to ensure our AI products, cloud systems, and internal controls meet the security and compliance expectations of banks, credit unions, and regulated financial institutions.

You will play a key role in driving security governance, compliance readiness, customer due diligence, audit support, cloud security controls, risk assessments, and security-by-design practices across the organization.

This role is ideal for someone who has strong security and compliance fundamentals, understands SaaS/cloud environments, is comfortable with financial services or regulated customers, and can operate in a fast-paced startup environment with high ownership.

What You Will Do

As Lead Security & Compliance, you will be responsible for:

• Support and drive company-wide security, privacy, and compliance initiatives across products, engineering, cloud infrastructure, and internal systems.
• Help implement and maintain security policies, procedures, standards, and control frameworks.
• Support compliance programs related to SOC 2, ISO 27001, GLBA, FFIEC, and other applicable customer or regulatory requirements.
• Partner with Engineering and Cloud Infrastructure teams to embed secure architecture, DevSecOps, access controls, encryption, logging, monitoring, and vulnerability management practices.
• Conduct risk assessments across cloud infrastructure, applications, data flows, vendors, and internal processes.
• Support cybersecurity incident response planning, documentation, investigation, and post-incident improvements.
• Work with Sales, Legal, Product, Compliance, and Customer Success teams to respond to customer security questionnaires, audits, RFPs, due diligence requests, and banking compliance reviews.
• Maintain and improve internal security documentation, audit evidence, control mappings, and compliance artifacts.
• Help drive privacy-by-design and security-by-design principles across product and AI initiatives.
• Track remediation plans for audit findings, security gaps, vulnerabilities, and compliance risks.
• Collaborate with global stakeholders across India and the US to ensure security and compliance practices scale with the company’s growth.
• Promote a proactive security culture across engineering and business teams.

Requirements

• 7+ years of experience in information security, cybersecurity, compliance, risk management, cloud security, or security engineering.
• Experience working in SaaS, fintech, banking, financial services, AI/technology, or other regulated environments.
• Strong understanding of security and compliance frameworks such as SOC 2, ISO 27001, GLBA, FFIEC, NIST, CIS, or similar frameworks.
• Hands-on experience with cloud security controls, preferably in AWS environments.
• Good understanding of access management, data security, encryption, vulnerability management, logging, monitoring, endpoint security, and incident response.
• Experience supporting audits, customer security reviews, vendor risk assessments, and compliance evidence collection.
• Ability to work with Engineering, Infrastructure, Product, Sales, Legal, and Customer-facing teams.
• Strong documentation, communication, problem-solving, and stakeholder management skills.
• Comfortable operating in a fast-paced, high-growth startup environment with shifting priorities.
• High ownership mindset, attention to detail, and ability to drive closure without heavy process.
• Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field.

Preferred Qualifications

• Experience working with banking, credit union, fintech, lending, mortgage, payments, or financial services customers.
• Experience in AI, SaaS, cloud-native, or enterprise software companies.
• Exposure to privacy, data protection, and customer data handling requirements.
• Familiarity with DevSecOps, secure SDLC, threat modeling, application security, and cloud infrastructure reviews.
• Experience with tools related to GRC, vulnerability management, SIEM, cloud security posture management, IAM, and audit management.
• Certifications such as CISSP, CISM, CCSP, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, CISA, or Security+.
• Experience working with globally distributed teams, especially India-US engineering and leadership teams.

What We Are Looking For

We are looking for someone who is:

• Hands-on and execution-oriented, not just policy-focused.
• Comfortable working directly with engineering and infrastructure teams.
• Strong in security and compliance fundamentals.
• Able to balance customer trust, regulatory expectations, and startup speed.
• Detail-oriented in audits, evidence, controls, and documentation.
• Clear and confident in communication with both technical and non-technical stakeholders.
• Resourceful, AI-fluent, and able to use modern tools to improve speed and productivity.
• Excited to build security and compliance foundations for a high-growth AI company serving regulated financial institutions.

Why Join interface.ai

• Join a Series A, profitable, high-growth AI company with strong product-market fit.
• Work on security and compliance for AI products used by banks and credit unions.
• Help build trust, privacy, and security foundations for a platform serving millions of banking customers.
• Be part of a fast-paced startup culture with high ownership, autonomy, and impact.
• Work closely with engineering, product, infrastructure, legal, sales, and leadership teams.
• Build in a mission-driven company that is helping democratize financial wellness through AI.

Work Environment

This is a Bengaluru-based, 5-day work-from-office role. We are looking for someone who thrives in an in-person, high-energy startup environment and can collaborate closely with engineering, product, and leadership teams.

The Challenge

Due to rapid growth and increased demand for our Privacy, Security, Data Governance, GRC, Third-Party Risk, Ethics and Compliance, and ESG platform, OneTrust is seeking a Senior UX Designer to join the User Experience Design team within our dynamic Research and Development team.   

This team continually improves the usability, design, and overall experience of OneTrust offerings, including web applications and other products and services. It is an excellent opportunity to improve the experience of an exceptionally wide range of users around the world.   

Your Mission 

Purpose of the Job :

As members of 6sense’s Security department, the Security Engineering team protects the platform across application, infrastructure, and cloud domains. The Vulnerability Operations function ensures that vulnerabilities are identified, triaged, validated, and remediated in a consistent, timely, and risk‑based manner. Senior Security Engineers work closely with Engineering, CloudOps, Product, and GRC teams to operationalize vulnerability management processes, build automation, standardize workflows, and ensure secure-by-default practices. 

Responsibilities & Accountabilities :

• Ensure vulnerability management tools (e.g., Wiz, Invicti, Rapid7, GHAS, Ox) are correctly configured for appropriate coverage and accurate detection. 
• Perform hands-on triage, validation, and root cause analysis of vulnerabilities across AppSec, InfraSec, and CloudSec. 
• Track and report vulnerability status against SLAs, escalating to engineering owners as needed. 
• Build and maintain dashboards, filters, reports, and triage scripts to support visibility and automation. 
• Assist engineering teams in reproducing and remediating vulnerabilities, providing actionable guidance. 
• Support the bug bounty program operations (not ownership), including validation and coordination with engineering teams. 
• Conduct security reviews and threat modeling for high-risk systems or changes. 
• Participate in initiatives that holistically address systemic or multi‑domain vulnerabilities. 
• Contribute to development of automated security testing pipelines for validation of fixes. 
• Participate in on-call or off‑hours incident response related to critical vulnerabilities and time‑sensitive patches. 
• Contribute to quarterly OKRs and security engineering roadmap initiatives. 

Performance Measurement :

• Understands 6sense’s product, architecture, cloud footprint, and environment in depth. 
• Takes ownership of vulnerability triage and prioritization while escalating where required. 
• Proactively identifies and escalates AI/ML‑related vulnerabilities or misconfigurations in systems integrating LLMs or automated decisioning. 
• Meets tight deadlines and SLAs for vulnerability response and validation. 
• Maintains accurate and up-to-date triage scripts, documentation, dashboards, and workflows. 
• Participates in weekly 1:1s and skip levels; provides clear progress updates. 
• Supports security engineers and development teams with accurate, actionable analysis. 
• Effectively participates in incident response and post‑incident remediation. 

Educational and Experience Requirements :

• 5+ years of experience in security engineering across vulnerability management, AppSec, CloudSec, or InfraSec. 
• Experience with vulnerability tools (e.g., Wiz, Rapid7, Invicti, GHAS, SAST/DAST) and triage workflows. 
• Understanding of cloud security (AWS preferred) and modern microservices architectures. 
• Experience identifying and mitigating AI/ML‑related security risks, including model abuse, prompt‑injection vulnerabilities, and risks introduced by LLM‑based features. 
• Experience with scripting/automation (Python, Bash, JavaScript, etc.). 
• Experience working directly with engineering teams to address vulnerabilities. 
• Familiarity with frameworks such as OWASP, NIST, CIS Benchmarks, MITRE ATT&CK. 
• Experience with IaC security (Terraform, CloudFormation, Pulumi) preferred but not required. 

Preferred Qualifications :

• Bachelor's degree in a related field 
• Relevant industry certifications, such as AWS, CNCF, and GIAC are highly desirable 

Competencies and Behaviors :

• Establishes strong credibility with engineering partners. 
• Maintains a professional, outcome-focused demeanor. 
• Advocates for vulnerability and security best practices. 
• Works independently on complex triage and analysis tasks. 
• Manages competing priorities effectively, escalating when appropriate. 
• Communicates clearly across technical and non-technical audiences. 
• Maintains accuracy, attention to detail, and documentation hygiene. 

About the role

The Governance, Risk, and Compliance Analyst is responsible for assisting in assessing third-party risk across Samsara’s new and existing systems and building automated workflows to support a scaling program.

You take Security seriously, but understand there is a business to operate and strive to build low friction solutions and decisions made in close partnership with others. On a typical day, you might work with Samsara’s legal or procurement team to discuss an ongoing review of a vendor, build and refine AI enabled workflows to scale the vendor risk program, and collaborate with teams in engineering to collect evidence for an upcoming audit.

This is a hybrid role based in Bengaluru. We are open to candidates currently residing anywhere within India; however, relocation assistance will not be provided.

You should apply if:

• You want to impact the industries that run our world: Your efforts will result in real-world impact – helping to keep the lights on, get food into grocery stores, reduce emissions, and most importantly, ensure workers return home safely.
• You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development, countless opportunities to experiment and master your craft in a hyper growth environment.
• You’re energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers.
• You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-calibre team that will encourage you to do your best. 

In this role, you will: 

• Work with the local Senior Manager of Security Engineering to provide programmatic updates and communicate both program, third-party, and technical risk to the broader Information Security leadership team
• Drive automation and efficiency in the TPRM program through the use of third-parties, such as Zip and Vanta, and creating native solutions; ensuring security reviews and reassessments scale with company growth.
• Partner with Procurement, Legal, and Privacy to ensure vendor risks are identified, documented, and mitigated throughout the vendor lifecycle.
• Champion, role model, and embed Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) as we scale globally and across new offices

Minimum requirements for the role:

• 3+ years of experience in the governance, risk, and compliance space
• Experience implementing or maintaining vendor-risk programs
• Experience performing security and maturity assessments
• Supporting the creation or maintenance of risk registers, compliance inventories, and control mappings across internal and external systems
• Ability to work with systems teams to collaboratively implement security controls across a diverse range of systems, such as Okta, Slack, Salesforce, and internal tooling
• Professional experience coordinating and interacting with external auditors, internal engineering teams, business stakeholders, senior leadership, and security operations teams on procurement activities, audit controls and compliance requirements
• Experience conducting vendor risk assessments, including reviewing security certifications, penetration tests, and policies.
• Strong understanding of vendor integration risks and permission scoping across SaaS platforms (eg. Slack, Google Workspace, and Salesforce)
• Ability to translate complex technical findings and requirements into clear business risks and requirements to non technical stakeholders.

An ideal candidate also has:

• Experience working with NIST Cybersecurity Framework profiles, SOC 2, ISO 27001, or similar frameworks
• Experience creating workflows through automation and AI assitance
• Experience working within common GRC and procurement platforms such as Zip and Vanta.
• Experience managing high volumes of vendor requests and competing priorities.
• Prior assessment experience in the Software-as-a-Service industry

#LI-hybrid 

 Who We Are: 

Headquartered in New York City, Take-Two Interactive Software, Inc. is a leading developer, publisher, and marketer of interactive entertainment for consumers around the globe. We develop and publish products principally through Rockstar Games, 2K, and Zynga. Our strategy is to create hit entertainment experiences, delivered on every platform relevant to our audience through a variety of sound business models. Our pillars - creativity, innovation, and efficiency - guide us as we strive to create the highest quality, most captivating experiences for our consumers. The Company’s common stock is publicly traded on NASDAQ under the symbol TTWO. For more corporate and product information please visit our website at http://www.take2games.com.

The Challenge :

The Employee Relations Specialist will conduct investigations into workplace concerns across India and the broader APAC region, supporting positive employee engagement by providing guidance and recommendations to resolve employee concerns. This role will work closely with the HR Business Partners, Legal and Compliance teams to promote equity, company values and accountability in the workplace and to respond appropriately and fairly to employee concerns. Though the Employee Relations Specialist will focus on resolving investigations, complaints and disciplinary actions, they will also provide pragmatic HR advice and assist the broader team with other employment issues and cross functional efforts, described below.

What You’ll Take On:

• Conduct prompt and thorough investigations into sensitive employee relations issues across India and the broader APAC region, and make objective recommendations based on findings. Actively collaborating with the Internal Committee (IC) or the Grievance Redressal Committee (GRC) as required. The investigative process includes: conducting investigatory interviews, collecting/reviewing relevant evidence, writing investigation reports, and delivering debriefs with relevant stakeholders.
• Ensure consistent application of ER policies and procedures.
• Formally respond to sensitive concerns and allegations as required by internal processes and/or external agencies.
• Foster effective relationships with HR teams, Business Leaders, and Employment Legal.
• Coach HR Business Partners and Managers on how to appropriately manage and resolve performance concerns.
• Partner with team members throughout the People organization to communicate and educate on policies, procedures, and compliance.
• Support training and building policy content on ER compliance issues.
• Prepare employee separation notices and related off-boarding documentation.
• Analyze ER trends and conduct root cause analysis; Provide periodic reports to Human Resources Director and VP Global HR.
• Maintain various confidential HR records.
• Support employees with the Reasonable Adjustments process.

What You Bring :

• 2-4 years of relevant experience or an equivalent combination of education and experience.
• Knowledge of Indian regional laws and regulations relative to labor and employment issues, including but not limited to the POSH Act, Industrial Disputes Act, and state-specific Shops and Establishments Acts.
• Familiarity with, or a willingness to research and understand, labor regulations across other APAC countries to support regional ER cases is highly desirable.
• Ability to effectively communicate with people at all levels and from various backgrounds; Strong interpersonal skills.
• Modeling respectful and empathetic behavior in difficult and uncomfortable situations surrounding an investigation.
• Strong analytical and problem-solving ability.
• Strong advocate for fairness, diversity, and inclusion.
• Proven ability to handle multiple projects and meet deadlines.
• Good judgment with the ability to make timely and sound decisions.
• Creative, flexible, and innovative team player.
• Excellent written and verbal communication skills.
• Proven ability to effectively present information and respond to questions from employees, candidates, and groups of managers.
• Proficient in Google Suite, and HRIS systems; Workday and Navex experience a plus.

What We Offer You: 

• Great Company Culture. We pride ourselves as being one of the most creative and innovative places to work, creativity, innovation, efficiency, diversity and philanthropy are among the core tenets of our organization and are integral drivers of our continued success.
• Growth: As a global entertainment company, we pride ourselves on creating environments where employees are encouraged to be themselves, inquisitive, collaborative and to grow within and around the company.
• Work Hard, Enjoy Life. Our employees’ bond, blow-off steam, and flex some creative muscles – through corporate boot camp classes, company parties, our Office gaming spaces, game release events, monthly socials, and team challenges.
• Benefits. Benefits include, but are not limited to; Discretionary bonus, Provident fund contributions, 1+5 medical insurance + top up options and access to Practo online Doctor consultation App, Employee assistance program, 3X CTC Life Assurance, 3X CTC Personal accident insurance, childcare services, 20 days holiday + statutory holidays,
• Perks. Gym reimbursement up to INR1150 per month, wellbeing program with the chance to earn up to $93 per annum, charitable giving program, access to learning platforms, employee discount program’s plus free games and events!

• Please be aware that Take-Two does not conduct job interviews or make job offers over third-party messaging apps such as Telegram, WhatsApp, or others. Take-Two also does not engage in any financial exchanges during the recruitment or onboarding process,and the Company will never ask a candidate for their personal or financial information over an app or other unofficial chat channel. Any attempt to do so may be the result of a scam or phishing exercise. Take-Two’s in-house recruitment team will only contact individuals through their official Company email addresses (i.e., via a com email domain). If you need to report an issue or otherwise have questions, please contact Careers@take2games.com.*
• As an equal opportunity employer, Take-Two Interactive Software, Inc. (“Take-Two”) is committed to fostering and celebrating the diverse thoughts, cultures, and backgrounds of its talent, partners, and communities throughout its organization. Consistentwith this commitment, Take-Two does not discriminate or retaliate against any employee or job applicant because of their race, color, religion, sex (including pregnancy, sexual orientation, and gender identity), national origin, age, disability, and genetic information (including family medical history), or on the basis of any other trait protected by applicable law. If you need to report a concern or have questions regarding Take-Two’s equal opportunity commitment, please contact Careers@take2games.com. 

#LI-Hybrid

Responsibilities

We are looking for an exceptional Senior Automation Engineer to join our growing team. Embedded within the Product organization, you will lead the design and delivery of AI-powered automations that eliminate inefficiencies, amplify productivity, and enable our Product and Security teams to focus on high-value work and deliver meaningful business outcomes.

In this role, you will also be responsible to:

• Build AI-powered automation solutions. Design, implement, and maintain scalable, AI-driven automations that meaningfully improve productivity and efficiency across Product and Security processes.

• Drive process excellence. Identify and eliminate inefficiencies in Product and Security workflows, document best practices, and establish standards that support long-term operational health.

• Collaborate with stakeholders. Lead and participate in discovery and solution design sessions with Product and Security teams, ensuring automations are tightly aligned with business goals and user needs.

• Champion AI adoption. Actively explore and integrate AI capabilities into automation workflows, staying at the forefront of what's possible with tools like Workato and emerging AI technologies.

• Share knowledge. Document solutions, processes, and best practices to support team learning, onboarding, and ongoing maintenance.

• Invest in growth. Dedicate time to self-directed learning and research to stay current with AI and automation trends, continuously deepening your technical expertise.

• Develop the team. Mentor and guide junior engineers, fostering a culture of technical excellence, AI curiosity, and continuous improvement.

Requirements

Qualifications / Experience / Technical Skills

Required

• A background in information systems, computer science, engineering, or equivalent industry experience.
• 6+ years of experience in software engineering or technical consulting roles, with a focus on Workato or other integration platforms
• Ability to define and create architectures that are scalable and extensible, according to business requirements, environments, and limitations, adhering to standards, best practices
• Experience in enterprise integration tools like Workato, Mulesoft, Snaplogic, Deel Boomi, Oracle Integration Cloud, Tibco etc.
• Working experience with RESTful APIs, OAuth authentication, policies, api management, etc.
• Working experience with SQL in any RDBMS.
• Experience with Gen AI, such as OpenAI, Anthropic, and others, and Vector databases
• Experience working on projects using agile methodologies and experience in product management tools such as Jira 
• Experience building software and designing distributed solutions.
• Ability to work in the EMEA timezone (2pm to 11pm IST)

Ideal

• Experience in security and grc automations
• Experience in incident and change management processesExperience with AWS basic administration
• Experience in implementing integration projects involving complex enterprise systems (e.g., SAP, Oracle, Dynamics) and cloud business apps (e.g., Workday, NetSuite, Salesforce).
• Coding experience in Java/Python/Ruby, with knowledge of SOAP/XML, is considered a plus.
• Understanding of security best practices for integration and data handling.
• Experience in user experience (UX) design is a plus.

Soft Skills / Personal Characteristics

• Strong written and oral communication skills in English, enabling effective communication of complex technical concepts to diverse audiences.
• Technologically adept and quick to grasp new systems and concepts
• Collaborative team player with a proactive mindset, always seeking continuous improvement opportunities.
• Adaptability to thrive in a dynamic startup environment, coupled with proactive, outside-the-box thinking.
• Strong analytical and problem-solving skills.

(REQ ID: 2632)

Overview of Role

As 66degrees continues its rapid growth, we are seeking a hands-on, highly technical IT Operations Manager to build and manage our internal IT Operations function. This is a critical management role responsible for the stability, integrity, and operational excellence of our core information technology systems.

Reporting to the Director/VP of Technology, you will take ownership of our cloud infrastructure, hardware assets, and our comprehensive portfolio of SaaS business applications, along with the team members dedicated to each of these IT subsets. You will build and mentor a team of talented IT engineers, establish and manage operational processes, and serve as the key escalation point for all IT Operations. The ideal candidate is a player and coach with a deep technical understanding of modern infrastructure and SaaS management, capable of leading a team, guiding technical strategy, and getting hands-on with the work when the need arises.

Key Responsibilities

Team Leadership & Management

• Build, manage, and mentor a high-performing IT Operations team, including Cloud Engineers, SaaS Administrators, and Subject Matter Experts (SMEs).
• Foster a culture of collaboration, innovation, and continuous improvement, providing professional development and growth opportunities for team members.
• Serve as the primary escalation point for the IT Operations team, providing technical guidance and resolving complex IT business issues.
• Develop and maintain Standard Operating Procedures (SOPs), and best practices for our global IT department.

Cloud Infrastructure Operations

• Oversee the administration, maintenance, and optimization of all internal Cloud Platform environments.
• Lead discussions with various teams regarding their use of internal cloud infrastructure to advise on best practices and methods to automate the provisioning and management of cloud resources.
• Ensure the availability, security, and cost-efficiency of our cloud infrastructure, including Compute Engine, GKE, Cloud Storage, BigQuery, Vertex AI, Gemini Enterprise, NotebookLM Enterprise, and others.
• Oversee the implementation of robust IAM policies, network security (VPCs, VPNs, firewalls), monitoring via the Cloud Operations suite, and logging.

SaaS & Business Systems Operations

• Lead the administration, integration, and optimization of our core corporate SaaS portfolio, including Google Workspace, Salesforce, Rippling, Atlassian, Slack, Google Partner Tools, Office 365, ChurnZero, Ramp, Asana, WiseStamp, EasyDMARC, GoDaddy, and others.
• Design and enforce a comprehensive Identity and Access Management (IAM) strategy using Rippling IT, including automated user provisioning/de-provisioning (SCIM, JIT) and adherence to the Principle of Least Privilege.
• Oversee the development and maintenance of our integration strategy, leveraging iPaaS solutions like Workato, Google Apps Script, and custom scripts to build robust, automated workflows between business systems.
• Partner with business departments (HR, Sales, Marketing) to understand their needs and own the technical implementation of their core platforms, while collaborating with team members to define shared platform ownership and accountability.

Collaboration, Strategy, Security

• Partner closely with the Security Operations team to implement "as-a-service" best practices, manage our MDM solution, and gather evidence for compliance audits.
• Collaborate with global teams on infrastructure initiatives and the rollout of internal frameworks, such as Dev vs. Prod delineation.
• Evaluate, select, and manage relationships with key IT vendors and service providers, ensuring they meet performance and contractual expectations.
• Partner with the Security team for GRC buildout (Drata) and Trust Center buildout (SafeBase).

Required Qualifications

• 8-10 years of progressive experience in IT Operations or Systems Engineering, including at least 4 years in a direct management capacity leading and mentoring technical teams.
• Strong leadership and English communication skills, with a proven ability to bridge time zones and cultural nuances while managing remote/offshore resources..
• Extensive experience managing a large portfolio of enterprise SaaS applications and implementing enterprise-wide IAM strategies using a central IdP (e.g., Rippling or Okta).
• Proven ability to architect high-level strategy and manage teams while remaining technical enough to execute alongside them and provide direct hands-on support.
• Technical proficiency in Infrastructure as Code (IaC), specifically using Terraform to automate cloud infrastructure management.
• Hands-on experience with enterprise integrations, either through scripting (Python, Bash, Google Apps Script) or via an iPaaS platform (Workato preferred).
• Deep expertise in Mobile Device Management (MDM) for at-scale corporate assets, BYOD environments, and Chrome browser management.
• Extensive hands-on experience across the entire Google stack, including GCP infrastructure at scale and advanced Google Workspace administration.
• Strong understanding of ITIL v4 frameworks, particularly in Change Management and Incident Response within a high-growth environment.
• Experience with CLI tools such as gCloud, GAM, Git, Docker, Homebrew, and others.

Preferred Qualifications

• Industry-recognized IT certifications (e.g., CompTIA A+, Network+, Security+, ITIL 4, CCNA, RHCSA, CCNP, PMP, CISM).
• Prior experience thriving in the fast-paced environment of a technology consulting or professional services firm.
• Experience establishing internal governance and access controls for Enterprise AI tools (e.g., Gemini Enterprise, Vertex AI, or NotebookLM).
• Proven track record of reducing manual IT service desk tickets by 30%+ through the implementation of "Low-Code/No-Code" automation or advanced iPaaS recipes.
• Direct experience partnering with SecOps through SOC2, ISO 27001, or HIPAA compliance audits using automated GRC platforms like Drata.
• Practical experience moving an organization toward a Zero Trust security model.
• Familiarity with Lifecycle Management (LCM) transitions, moving from manual onboarding to fully automated "Zero-Touch" provisioning.
• Experience applying Agile or Kanban methodologies to internal IT Operations to manage sprint cycles for SaaS integrations and infrastructure projects.
• Prior experience managing the IT side of Mergers and Acquisitions, including domain migrations, SaaS consolidation, and tenant-to-tenant transfers.

Overview of the Role

As 66degrees continues its rapid growth as a premier Google Cloud professional services partner, the security of our internal systems, employee identities, and client data is our top priority. We are seeking a hands-on, highly technical Manager of Security Operations (SecOps) to be the foundational leader of our new dedicated internal InfoSec operational function.

Reporting directly to our U.S. Director who leads our broader IT, IAM, and current Security infrastructure you will take ownership of our day-to-day security operations across a global workforce of 550+ employees. You will build and manage security monitoring processes, lead incident response for security alerts, enforce compliance frameworks, and serve as an escalation point and mentor for our global teams. The ideal candidate is someone who is both admin and security trained at scale.  We are looking for a person who can write a script to automate an alert in the morning and present a risk dashboard to leadership in the afternoon on new threat vectors.

Key Responsibilities

Security Monitoring & Incident Response

• Build, own and manage the daily operations of our security toolset (SIEM (Google SecOps or Splunk), EDR/XDR (SentinelOne), Email Security, Cloud Security, and Endpoint Security (Rippling MDM) Posture Management.
• Serve as the primary incident lead for system security events; investigate, contain, and remediate alerts, and lead post-incident post-mortems as they are requested.
• Develop, document, and maintain security playbooks and standard operating procedures (SOPs) for securing and hardening of our various solutions within the 66degrees tech stack.

Vulnerability & Posture Management

• Conduct continuous vulnerability scanning and coordinate patching/remediation cycles across endpoints, networks, and cloud environments (GCP, Azure, AWS).
• Partner closely with the U.S. Director to operationalize, enforce, and refine Zero Trust, Device Trust, Browser Trust, and Identity and Access Management (IAM) policies.
• Monitor, harden, and secure our core business applications such as but not limited to Google Workspace, Google Cloud Platform (GCP), Slack, Salesforce, and Rippling environments against misconfigurations, and unauthorized access.

Leadership & Global Enablement

• Act as the security subject matter expert and internal escalation point for the IT Service Desk team located in India, along with the broader global company teams.
• Train and upskill global teams on how  to perform "Tier 1" security triage (e.g., investigating phishing reports, basic malware alerts, account lockouts, and how to avoid IT worker scandals), creating a scalable company security framework.
• Foster a culture of security awareness across the company by leading regular employee training and simulated phishing campaigns (KnowBe4). Along with always advising on the principle of least privilege way of thinking.

Compliance & Risk

• Lead the technical GRC Buildout (Drata), Trust Center Buildout (SafeBase), evidence gathering, and control enforcement for external audits and compliance frameworks (e.g., SOC 2, ISO 27001).
• Assist the go-to-market and legal teams by filling out client security questionnaires and vendor risk assessments, directly accelerating our sales cycles.
• Track and report on key SecOps metrics (Time to Detect/Respond, patch compliance, etc.) to IT leadership

Required Qualifications

• Experience: 8-12+ years of progressive experience in Information Security, IT Security, or Security Operations, with at least 2-3 years in a team lead or management capacity.
• Cloud/SaaS Expertise: Deep technical understanding of Google Workspace administration and security, as well as cloud infrastructure security (specifically Google Cloud Platform / GCP).
• SecOps Engineering: Hands-on experience building, configuring, monitoring, and responding to alerts in EDR platforms (e.g., CrowdStrike, SentinelOne), SIEM platforms (e.g., Splunk, Google SecOps), and IAM platforms (e.g., Rippling, Okta, GCP, Entra, Azure, AWS, GWS).
• Compliance: Experience operating within compliant environments and supporting audits for SOC 2 Type II or ISO 27001 frameworks. Along with experience setting up and managing a GRC platform (e.g., Drata, Ostendio).
• Scripting: Proficiency in scripting (Python, PowerShell, Bash, or Google Apps Script) to automate repetitive security tasks and API integrations.
• Communication: Excellent English communication skills, with a proven ability to bridge time zones and cultural nuances while managing remote/offshore resources.

Preferred Qualifications

• Industry-recognized security certifications such as CompTIA Security+, CISSP, CISM, CCSP, or GCIA.
• Google Cloud Professional Cloud Security Engineer certification is highly desired.
• Google Cybersecurity Certificate is highly desired.
• Previous experience working in a professional services, consulting, or managed services firm.
• Previous experience building an at scale internal security team.

We are seeking a highly motivated, detail-oriented, and proactive Senior IT Compliance Analyst to support Yext’s security assurance activities with customers, vendors, and internal teams. This role is responsible for responding to product security-related questions, completing security assessments and audit inquiries, and reviewing security and contract language to ensure compliance with Yext’s standards.

The ideal candidate will collaborate closely with Legal, Sales, and Security teams to ensure accurate, timely, and customer-focused responses while maintaining a strong compliance posture. They will bring deep knowledge of security frameworks, exceptional communication skills, and the ability to partner across business and technical teams to strengthen the organization’s overall security posture.

What You'll Do

Governance

• Contribute to the development and maintenance of IT & Security policies, standards, and controls.
• Support the annual control attestation process and provide the required evidence.
• Measure, track, and report on security metrics and key performance indicators (KPIs).
• Ensure ongoing alignment with regulatory and industry compliance requirements (e.g., SOC 2, HIPAA, GDPR, NIS2).
• Support responses to cyber insurance questionnaires by leveraging existing security controls, certifications, and policies.

Risk & Compliance Management

• Conduct risk assessments across systems, applications, and vendors, documenting and tracking outcomes.
• Collaborate with IT, Legal, and Security teams to design and implement mitigation strategies.
• Maintain a centralized repository of standardized security questionnaire responses and keep them current with implemented controls.
• Manage responses to client questionnaires and third-party audit inquiries with accuracy and professionalism.
• Serve as a key point of contact for clients, auditors, and external stakeholders on security-related matters.
• Prepare and provide audit-ready evidence for internal and external audits (SOC 2, SOX, ISO 27001, etc.).
• Partner with control owners to create and track corrective action plans, ensuring timely remediation.
• Identify and implement process improvements to increase efficiency in audit preparation, risk assessments, and responses.
• Provide actionable recommendations to management on enhancing security and compliance practices.

What You Have

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Engineering, or related field; or equivalent experience.
• 5+ years of experience in information security, with a strong focus on audit and compliance management.
• Demonstrated experience conducting risk and compliance assessments.
• Proven success in managing client security questionnaires and third-party audits.
• Familiarity with industry and regulatory compliance frameworks (SOC 2, SOX, ISO 27001, NIST CSF, HIPAA, GDPR).
• Experience with GRC tools and technologies (e.g., OneTrust, SecurityScorecard, Bitsight, Archer, or similar).
• Advanced written and verbal communication skills, with the ability to engage confidently with executives, clients, and auditors.
• Professional certifications such as CISA, CRISC, CISM, CISSP, or CDPSE preferred.

Bonus Points

• Governance & Compliance Expertise – Deep knowledge of regulatory and industry frameworks (SOC 2, SOX, ISO 27001, NIST CSF, HIPAA, GDPR, NIST AI RMF).
• Risk Management – Ability to evaluate risks and support effective remediation strategies.
• Audit & Assessment Skills – Skilled in managing and supporting audits, assessments, and assurance activities.
• Client & Stakeholder Engagement – Strong ability to build trust and deliver timely, accurate responses.
• Communication – Excellent written and verbal skills; able to present technical issues clearly to non-technical audiences and executives.
• Cross-Functional Collaboration – Works effectively across IT, Security, Legal, and business teams.
• Project & Time Management – Strong organizational skills with the ability to balance multiple priorities.
• Continuous Improvement – Identifies opportunities to streamline assurance and compliance processes.
• Technical Acumen – Familiarity with GRC platforms (e.g., OneTrust, SecurityScorecard, Bitsight, Archer) and security tooling.
• Leadership & Influence – Capable of guiding stakeholders and influencing decisions.

Perks and Benefits

At Yext, we take pride in our diverse workforce and prioritize creating an engaged and connected working environment. Our ambitious mission is to transform the enterprise with AI search, and we know that to achieve that, we need a global team of innovators, visionary thought leaders, and enthusiastic collaborators passionate about making a meaningful impact in the world and contributing to an extraordinary culture.

We believe that people do their best when they feel their best — and to feel their best, they must be well-informed, fuelled, and rested. To ensure our employees are at their best, we offer a wide range of benefits and perks, including:

• Performance-Based Compensation: We offer an attractive bonus structure and stock options for eligible positions.
• Comprehensive Leave Package: Our leave package includes Paid Time Off (PTO), Parental Leave, Sick Leave, Casual Leave, Bereavement Leave, National Holidays, and Floating Holidays to ensure a healthy work-life balance.
• Health & Wellness Offerings: We provide medical insurance with 7L coverage, including enhanced parental and outpatient department (OPD) coverage for you, your spouse, two dependent children, and two parents (as applicable and subject to eligibility requirements).
• Relocation Benefits: We offer relocation assistance and an allowance to eligible candidates to help ease your transition.
• World-Class Office & Building Amenities: Our office has a top-notch infrastructure, including gaming rooms, a plush pantry, and breakout areas.

#LI-RK1

Role Summary 

The Third Party Risk Management (TPRM) function is responsible for establishing and operating the enterprise framework for identifying, assessing, and overseeing risks arising from third party relationships, including outsourced service providers, banking partners and other critical vendors. The function supports regulatory compliance, operational resilience, and sound risk governance across the full third party lifecycle. 

The Lead, Third Party Risk Management is an execution role responsible for delivery of core TPRM oversight activities for higher risk and critical vendors, with a specific focus on third party business continuity and recovery evidence review, vendor related incident monitoring and escalation, and structured review of vendor security assessment materials. The role works in close partnership with Business Continuity, Incident Management, Information Security, Technology, and other risk and business stakeholders to ensure third party risk issues are consistently documented, escalated where required, and driven to closure through defined governance processes. 

Primary Duty and Responsibilities 

• Provide oversight for third party risk activities related to higher risk and critical vendors, ensuring consistent application of TPRM standards across business continuity, incident management, and security review domains. 

• Map third parties to the processes and services they support, in order to enable appropriate application of risk controls, resilience requirements, and regulatory oversight for the most critical vendors supporting critical services.  

• Coordinate and oversee third‑party business continuity evidence review (e.g., BCP ownership/maintenance, recovery objectives, recovery approach) and ensure identified gaps are escalated through the defined pathway.  

• Drive delivery management across assigned TPRM initiatives and workstreams, including planning, dependency management, progress tracking, and issue resolution, to ensure timely and consistent execution of TPRM priorities.  

• Oversee third‑party incident monitoring and escalation tracking, ensuring incidents are appropriately documented, routed to relevant stakeholders, and driven to resolution with clear ownership and audit-ready records 

• Perform and support structured review of vendor security assessment materials for higher‑risk vendors, including SOC reports, security questionnaires, certifications, and control evidence, synthesizing findings into clear outcomes and required follow‑up actions.  

• Partner closely with Business Continuity, Incident Management, IT, Procurement, and other business stakeholders to ensure third‑party risk issues are effectively integrated into governance processes and resolved through defined escalation paths. 

• Contribute structured inputs to management‑level reporting on third‑party risk posture, incident trends, and remediation progress, supporting effective oversight and decision‑making. 

• Perform additional duties as required to support the Third‑Party Risk Management team and enhance Payoneer’s enterprise resilience and risk management capabilities. 

Education and/or Experience 

• Bachelor’s degree required; preferred background in IT, business or law. 

• 5-7 years of experience in Third Party Risk Management, Vendor Management, Risk Management, GRC, or related fields. 

Qualifications 

• Experience operating in a regulated, multinational environment with governance and audit expectations. 

• Strong judgment and ability to make decisions across operational and technology related risk topics 

• Demonstrated ability to lead cross‑functional execution, prioritize work, and unblock dependencies. 

• Clear executive communication and ability to produce decision‑focused materials for governance forums. 

• Proven ability to structure work, prioritize effectively, and engage senior stakeholders 

• Clear and concise communication skills suitable for management and governance forums 

• Able to operate independently and influence stakeholders across functions and regions. 

Technical Skills 

• Proficiency in Microsoft Word, Excel, and PowerPoint. 

• Strong capability to lead and track multistakeholder delivery across parallel workstreams (plans, dependencies, milestones, risks/issues, closure discipline).  

• Strong reporting skills: produce management ready summaries and progress views for governance forums, based on structured evidence and tracking outputs. 

Certificates or Licenses 

• Preferred but not required (e.g., CTPRP, CRISC, CISA, CBCP, BCI (CBCI/AMBCI/MBCI), CISM, or other relevant industry certifications). 

#LI-SS2

Here’s a summary of the role:

Looking to lead high-impact projects that transform how global organizations manage governance and compliance? This role puts you at the center of enterprise technology implementations, where you’ll own delivery, engage senior stakeholders, and drive real business outcomes.

You’ll bring your project management expertise to lead complex implementations, guide clients through change, and ensure successful adoption of solutions. If you enjoy working closely with customers, influencing decisions, and delivering measurable value—this is the role for you.

Here’s a breakdown of what you’ll do:

• Lead end-to-end project delivery for enterprise technology implementations
• Manage scope, timelines, risks, and stakeholder communication to ensure successful outcomes
• Act as a trusted advisor to clients, aligning solutions with business and compliance needs
• Drive client engagement, including workshops, training, and adoption strategies
• Partner with internal teams on solutioning, pre-sales, and delivery execution
• Identify opportunities to expand and grow client accounts through value-driven recommendations

These are the essentials you’ll need to get an interview:

• 5+ years of recent, hands-on Project Management experience
• Proven experience delivering large-scale technology implementations in enterprise environments
• PMP (or equivalent Project Management certification)
• Strong client-facing experience with the ability to manage senior stakeholders
• Excellent communication and influencing skills (presentations, workshops, stakeholder alignment)
• Experience managing end-to-end project lifecycle (planning, execution, rollout, adoption)

It would be great if you had these too, but we’ll support you if you don’t:

• Experience in GRC (Governance, Risk & Compliance) or related domains
• Exposure to entity management systems or similar platforms
• Strong business process improvement/problem-solving mindset
• Familiarity with AI tools or workflow optimization approaches

Here’s a summary of the role:

Ready to build real-world AI solutions that actually make an impact?

You’ll take cutting-edge AI and GenAI concepts—like copilots, agents, and intelligent workflows—and turn them into scalable, production-ready systems used across sales, finance, customer success, and more. If you enjoy hands-on backend engineering, working with APIs, cloud platforms, and LLMs, and transforming ideas into high-performing AI-driven products, this role puts you right at the center of innovation.

Here’s a breakdown of what you’ll do (not all of it, just the important stuff):

• Build and scale backend services, APIs, and integrations that embed AI/GenAI into enterprise systems (CRM, ERP, BI)
• Develop LLM-powered solutions such as RAG pipelines, copilots, agents, and automation workflows
• Take AI solutions from concept to production—design, build, test, deploy, and monitor
• Collaborate with architects and business stakeholders to turn requirements into practical AI implementations
• Create and manage data pipelines to enable reliable, high-quality AI workflows
• Ensure solutions are secure, scalable, observable, and aligned with best practices

These are the essentials you’ll need to get an interview:

• 5+ years of experience in software or solutions engineering with production systems
• Strong programming skills in Python, Java, C#, or Node.js
• Hands-on experience with APIs, integrations (REST/webhooks), and backend development
• Practical experience working with LLMs/GenAI tools (e.g., OpenAI, LangChain, or similar)
• Experience with cloud platforms (preferably AWS), CI/CD, and containerization
• Solid understanding of AI/GenAI concepts like prompt engineering, RAG, or agents
• Ability to translate technical solutions into business impact and collaborate across teams

It would be great if you had these too, but we’ll support you if you don’t:

• Experience integrating AI into CRM, ERP, or analytics platforms
• Familiarity with MLOps/LLMOps concepts such as model lifecycle and monitoring
• Exposure to machine learning or data analytics tools (e.g., Scikit-learn, dashboards)
• Experience working in global or distributed teams
• Knowledge of AI governance, security, and responsible AI practices

So, what’s the role all about? 

As a member of the Cloud Security team, a successful Specialist Cloud Security Engineer will need to be self-sufficient to collaborate effectively with multiple teams, such as Application Support, Infrastructure Operations, DevOps, Product R&D, Security teams, customers and 3rd party auditors.  This role will hold the responsibility to implement, manage, and operate the various technical tools that NiCE uses to secure and protect the NiCE Cloud. A strong technical background is required, with expectations for broad experience in security controls such as Vulnerability Management, Incident Response, CNAPP, SIEM, IAM, Threat Hunting, and other similar technologies, as well as the ability to provide consulting services to other teams within the organization.  A successful candidate in this role will also be able to work in a production cloud environment to collect and curate audit evidence and explain it to anyone who asks for it.  Strong communication skills are essential, and experience with Governance, Risk and Compliance (GRC) is a big plus! 

How will you make an impact?  

• You will directly impact the success of the NiCE cloud business by ensuring all customer and auditory security requirements are met and demonstrated. 
• A diverse, merit-driven work environment which rewards a growth mindset and encourages innovation and continued professional development; 
• The opportunity to work in a global, highly skilled, passionate workforce to deliver world-class service and products to market. 
• Competitive pay and excellent benefits. 
• Generous PTO policies. 
• A highly focused security & compliance team which is collaborative, supportive, experienced, and driven to help everyone from the individual to enterprise to our customers realize the success for which they aim. 

 Have you got what it takes?  

•  8+ years of experience with Information Security;
• University-level degree in Information Security, Computer Science or other related field;
• knowledge of incident response, vulnerability management, cloud security, and other related topics;
• A burning curiosity to learn as much as you can about the NiCE cloud environment and the services and products we offer our customers as well as the existing security infrastructure we have in place today;
• Excellent communications skills to work collaboratively with security team members and operations and development teams around the world;
• Strong organization and prioritization skills to enable independent work in order to achieve tactical and strategic security goals;
• Advanced education, training or experience with security and compliance;
• Experience working with work tracking tools such as JIRA, ServiceNow, or others.

 What’s in it for you? 

Join an ever-growing, market disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NiCE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NiCEr! 

 Enjoy NiCE-FLEX!  

At NiCE, we work according to the NiCE-FLEX hybrid model, which enables maximum flexibility: 2 days working from the office and 3 days of remote work, each week. Naturally, office days focus on face-to-face meetings, where teamwork and collaborative thinking generate innovation, new ideas, and a vibrant, interactive atmosphere. 

Requisition ID:  9540
Reporting into: Technical Manager
Role Type: Individual Contributor 

Here’s a summary of the role

Love working directly with customers and delivering impactful training experiences?

In this role, you’ll help customers unlock the full value of a leading SaaS product by delivering engaging, high-quality training sessions. You’ll work with a diverse set of clients—from SMBs to enterprise—guiding them through product capabilities, driving adoption, and ensuring an exceptional customer experience.

If you enjoy presenting, interacting with clients, and being at the forefront of customer success, this role is for you.

Here’s a breakdown of what you’ll do

• Deliver engaging product training sessions (1:1, group, and webinars) to global customers
• Drive product adoption by enabling customers to effectively use key features
• Build strong client relationships and ensure high customer satisfaction (CSAT)
• Manage a high volume of scheduled training sessions daily with strong time management
• Collaborate with Customer Success and onboarding teams to support customer lifecycle
• Track training outcomes and continuously improve delivery quality

These are the essentials you’ll need to get an interview

• 3–5 years of experience in customer training, enablement, or client-facing roles
• Proven experience delivering training sessions (virtual/classroom/webinars)
• Strong communication, presentation, and facilitation skills
• Ability to manage multiple sessions and schedules effectively
• Experience working directly with customers and handling live interactions
• High customer focus with the ability to adapt training based on audience needs
• Strong time management and organizational skills

It would be great if you had these too (nice to have)

• Experience in SaaS, product-based, or technology environments
• Familiarity with tools like Salesforce, Gainsight, or webinar platforms
• Exposure to upselling or identifying customer growth opportunities
• Experience working with global customers across segments

What makes this role exciting?

• Work with a wide range of global clients (SMB → Enterprise)
• Be part of a high-impact, customer-facing role driving real product adoption
• Join a fast-paced, collaborative training team with strong visibility
• Opportunity to build expertise in SaaS products and customer success

Role Overview
You’re a Salesforce Business Analyst who loves turning messy, complex business needs into clean, scalable Salesforce solutions. In this role, you’ll be the key link between stakeholders and the Salesforce engineering team, owning requirements end-to-end across Service Cloud, Sales Cloud and Experience Cloud.

You’ll spend your time understanding how the business really works, designing smart configurations using objects, flows and automation, and making sure what gets built in Salesforce is clear, testable and delivers real value. You’ll work in a global, Agile environment, partnering with teams across APAC, EMEA and the US, and have a direct impact on the quality, reliability and usability of the Salesforce platform that powers the business.

Here’s a breakdown of what you’ll do (not all of it, just the important stuff)

• Lead requirement discovery across Service Cloud, Sales Cloud and Experience Cloud, and translate needs into Salesforce-led solutions.
• Turn business requirements into clear, testable user stories in Jira, with strong acceptance criteria and supporting documentation.
• Collaborate closely with Salesforce developers and testers to reduce ambiguity, minimise rework and keep delivery on track.
• Review and refine Salesforce configuration (objects, fields, flows, validation rules, automations) to align with business processes and data model.
• Support and sometimes execute testing, ensuring stories meet the definition of done and are ready for deployment.

These are the essentials you’ll need to get an interview

• At least 3 years working specifically as a Salesforce Business Analyst (not just a general BA role).
• Hands-on experience with Salesforce Service Cloud and Sales Cloud, including configuration, standard/custom objects, flows and data model.
• Solid understanding of Salesforce automation tools (Flows, Process Builder, validation rules) and how they support end-to-end business processes.
• Ability to read and interpret Salesforce metadata and understand core deployment concepts enough to explain technical constraints and options to stakeholders.
• Experience working in Agile teams using Jira for managing user stories, subtasks and acceptance criteria.
• Strong written and verbal communication skills, with the ability to work independently and drive clarity among diverse stakeholders.

It would be great if you had these too, but we’ll support you if you don’t

• Exposure to CPQ, RevOps, CLM or e-signature tools such as DocuSign in a Salesforce context.
• Experience in a global SaaS environment, working with distributed teams and stakeholders.
• Familiarity with Salesforce deployment tools (for example, Gearset or Copado) or relevant Salesforce certifications (Administrator, Business Analyst, or similar).

Role Overview
You’ll be the technical lead behind highly available private cloud platforms that power large-scale SaaS services. As a Staff Site Reliability Engineer, you’ll design and run VMware-based infrastructure, automate everything you can, and make sure critical systems stay fast, resilient, and secure.

You’ll work across VMware, Linux, Windows Server, Active Directory, networking, storage, and automation tooling to solve complex infrastructure problems at scale. You’ll set the standard for reliability and engineering quality, drive modernization of legacy stacks, and partner with other SRE, network, security, and DevOps teams to deliver robust, enterprise-grade platforms.

Here’s a breakdown of what you’ll do (not all of it, just the important stuff):

• Design, operate, and improve VMware-based private cloud infrastructure across multiple datacenter environments.

• Build automation that reduces manual effort, improves consistency, and strengthens operational reliability across infrastructure services.

• Administer and troubleshoot Linux and Windows Server platforms that support critical business and customer-facing workloads.

• Support core infrastructure integrations including Active Directory, DNS, authentication services, networking, storage, and load balancing.

• Drive improvements in platform resilience, performance, security, and compliance through engineering best practice and infrastructure modernization.

• Work closely with network, security, SRE, and DevOps teams, while contributing technical leadership, documentation, and mentoring to strengthen engineering standards.

These are the essentials you’ll need to get an interview: 

● Strong experience in systems engineering or infrastructure roles, including significant time operating at a senior or staff level.

● Deep hands-on expertise with VMware vSphere, including ESXi, vCenter, HA, DRS, vMotion, and distributed switching.

● Advanced Linux systems administration skills, including troubleshooting, hardening, patching, and performance tuning.

● Practical experience with Windows Server and Active Directory, including DNS, Group Policy, and authentication services.

● Proven ability to build automation using tools such as PowerShell, PowerCLI, Python, Ansible, or similar.

● Strong enterprise datacenter knowledge across compute, storage, networking, monitoring, and operational support.

● Excellent problem-solving skills, with a focus on reliability, scalability, and improving how infrastructure is run.

It would be great if you had these to, but we’ll support you if you don’t:

● Experience with F5 BIG-IP, AVI / NSX Advanced Load Balancer, or similar application delivery platforms.

● Exposure to technologies such as Pure Storage, Cisco UCS, or comparable enterprise datacenter platforms.

● Familiarity with Terraform, Jenkins, Azure DevOps, Git, or CI/CD tooling used in infrastructure automation.

● Understanding of security and compliance frameworks such as CIS, NIST, or ISO in an infrastructure operations setting.

Here’s a summary of the role:

Build end-to-end scalable applications, from intuitive React frontends to high-performance Node.js microservices, while leveraging AI to move faster and smarter. You’ll work across the full stack using React, Node.js, TypeScript, and AWS serverless to deliver modern SaaS solutions. This role is ideal if you enjoy owning features from UI to backend, using AI tools to boost productivity, and solving real-world engineering challenges with clean, scalable architecture.

Here’s a breakdown of what you’ll do:

• Build and deliver full-stack features using ReactJS, Node.js, and TypeScript
• Design and develop secure, scalable backend services using AWS serverless
• Own features end-to-end—from frontend UI to backend APIs and deployment
• Use AI tools to accelerate development, debugging, and testing while ensuring quality
• Collaborate with Product, Design, DevOps, and Security teams to deliver seamless user experiences
• Contribute to architecture decisions and mentor team members on best practices

These are the essentials you’ll need to get an interview:

• 5–7 years of experience as a full-stack engineer in an agile environment
• Strong hands-on expertise in ReactJS (mandatory) and modern frontend development
• Solid experience with Node.js and TypeScript for backend/API development
• Experience building and deploying applications on AWS (serverless preferred)
• Practical exposure to AI tools (LLMs, prompt engineering) in development workflows
• Good understanding of databases (SQL/NoSQL) and system design fundamentals
• Experience with CI/CD, Docker, and modern development practices

It would be great if you had these too, but we’ll support you if you don’t:

• Experience with microservices architecture and event-driven systems
• Exposure to RAG, vector databases, or AI-powered applications
• Familiarity with infrastructure as code (CDK/Terraform)
• Understanding of AI governance, privacy, or ethical considerations

Role Overview
You’re a professional services leader who loves using technology to solve complex business problems and create an outstanding customer experience. In this role, you’ll partner with senior stakeholders in Risk, Audit, and Compliance to turn their challenges into smart, scalable solutions that deliver real value.

You’ll lead end-to-end delivery of enterprise projects, guide customers through their GRC and audit transformation, and make sure they get the very best from their technology investment. You’ll also shape how services are delivered, coach a talented team, and play a key role in growing a high-performing, customer-obsessed practice.

Here’s a breakdown of what you’ll do (not all of it, just the important stuff)

• Lead complex, multi-stakeholder implementations for Risk and Audit teams, from discovery through go-live and adoption.
• Manage multiple client engagements, owning scope, timelines, budgets, and outcomes to ensure successful delivery.
• Design and drive technology-enabled solutions that improve risk management, internal controls, and audit effectiveness.
• Partner closely with Sales and Customer Success to shape proposals, support pre-sales, and identify opportunities to expand client use cases.
• Coach and mentor consultants on project management, client engagement, and domain best practices.
• Contribute to practice-building initiatives that enhance delivery methods, tools, and overall service quality.

These are the essentials you’ll need to get an interview

• Bachelor’s degree in a relevant discipline.
• 10+ years' experience managing projects or services, with significant hands-on experience in Enterprise Risk Management and/or Internal Audit.
• Experience with GRC or audit management platforms and how they support risk, control, and assurance processes.
• Proven experience leading teams or acting as a people manager in a consulting, professional services, or enterprise delivery environment.
• Strong data analysis skills, including working with large or complex data sets to inform decisions and insights.
• Experience delivering or supporting enterprise software implementations or complex systems/integration projects.
• Confident communicator and presenter, able to influence senior stakeholders and explain complex topics clearly.
• A commercial, outcomes-focused mindset with the drive to deliver value and build long-term client relationships.

It would be great if you had these too, but we’ll support you if you don’t

• A track record of growing client accounts or identifying new use cases and opportunities within existing customers.
• Recognition as a subject matter expert (formal or informal) in risk, audit, or related domains, with an interest in thought leadership.

Toast creates technology to help restaurants and local businesses succeed in a digital world, helping business owners operate, increase sales, engage customers, and keep employees happy.

We are seeking a highly motivated Senior Corporate Security Analyst to join Toast’s Corporate Security team in Bangalore. This role is focused on hands-on corporate security execution and risk reduction across endpoints, identities, SaaS platforms, vendors, and data — not SOC monitoring or shift-based operations.

The ideal candidate has strong experience working in enterprise corporate security environments, understands how to balance security controls with business needs, and is comfortable partnering with IT, GRC, Procurement, Legal, and Engineering teams. You will own multiple CorpSec programs end-to-end and act as a senior individual contributor, while mentoring junior analysts and helping scale security practices across the organization.

A Day in Life (Responsibilities)

1. Corporate Security Execution & Risk Management

• Own and operate key corporate security controls across endpoint, SaaS, identity, vendor, and data security.
• Perform security risk assessments for business initiatives and translate findings into actionable remediation plans.
• Act as a security advisor to internal stakeholders, focusing on practical risk reduction.

2. Endpoint & SaaS Security

• Lead day-to-day security oversight for corporate endpoints and SaaS applications, including:
• EDR/XDR, device hardening, encryption, MDM/UEM
• Shadow IT discovery and SaaS risk reviews
• Partner with IT Operations and Governance teams to resolve alerts, misconfigurations, and policy gaps.
• Conduct periodic reviews of high-risk applications, browser extensions, and endpoint findings.

3. Vulnerability Management (Corporate Scope)

• Drive vulnerability management for corporate endpoints and internal business systems.
• Triage and prioritize vulnerabilities based on business impact and exploitability.
• Track remediation with IT teams and validate closure.

4. Identity & Access Management (IAM)

• Support enterprise IAM governance, including:
• Joiner / mover / leaver processes
• Access reviews and least-privilege enforcement
• MFA, SSO, device trust, and privileged access (PAM)
• Assist in access investigations and high-risk access exception reviews.

5. Vendor & Third-Party Security

• Conduct vendor security assessments for onboarding and periodic reviews.
• Review SOC 2 reports, security questionnaires, and supporting evidence.
• Track vendor risks, remediation actions, and re-assessments.
• Partner with Procurement, Legal, and GRC teams to ensure security requirements are met.

6. Data Protection & DLP

• Support data protection initiatives across Google Workspace, Slack, and other collaboration platforms.
• Assist with the design, tuning, and enforcement of DLP controls.
• Participate in investigations related to data exposure or misuse.

7. Security Awareness & Process Improvement

• Support security awareness training and phishing simulation programs.
• Maintain CorpSec policies, SOPs, and runbooks.
• Identify opportunities to improve efficiency through automation and tooling.

8. Mentorship & Ownership

• Mentor P2-level security analysts and provide technical guidance.
• Take ownership of CorpSec initiatives and deliver them end-to-end with minimal supervision.

9. Contractor Security Oversight

• Establish and enforce contractor access standards, ensuring strict security controls during onboarding and offboarding.
• Conduct periodic contractor access and activity audits, identifying and mitigating associated risks.

Work Mode: This role follows a hybrid work model, requiring a minimum of 2 days per week in the office.

What We’re Looking For

Required

• 6–10 years of experience in information security with strong corporate security exposure.
• Hands-on experience with:
• Endpoint security and EDR tools (e.g., CrowdStrike)
• Vendor security assessments and SOC 2 reviews
• IAM concepts (Okta, PAM, access reviews)
• SaaS and Shadow IT security
• Strong understanding of security frameworks (NIST CSF, ISO 27001, CIS Controls).
• Experience working closely with IT and governance teams.
• Strong written and verbal communication skills.

Preferred

• Experience with Google Workspace security and DLP.
• Exposure to GRC processes or platforms (ServiceNow GRC, OneTrust).
• Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.
• Proven experience in developing and implementing security policies, procedures, and frameworks.Demonstrated experience in developing and delivering security awareness training and phishing exercises.
• Possess excellent skills and experience in leveraging AI tools for threat detection, incident response, vulnerability management, and other security functions.
• Familiarity with Google Workspace security features.
• Proficiency with security tools such as Reco.AI, Torq, Splunk, DataDog, bug bounty platforms, Okta Device Trust, BeyondTrust, BeyondCorp, and other SIEM, SOAR and Security tools commonly used in the market.
• Ability to work autonomously and prioritize multiple tasks in a fast-paced environment.
• Excellent verbal and written communication skills, with the ability to effectively communicate technical information to both technical and non-technical audiences. Proven ability to collaborate effectively with cross-functional teams.
• Quick learner and adaptable to new security tools and technologies as they are procured and implemented.
• Ability to adapt to environments, understand requirements, and actively collaborate within the team, with other teams, and with vendors.
• Provide technical guidance and mentorship to P2 security analysts, fostering their professional growth and ensuring alignment with corporate security objectives.
• Take initiative in leading projects and driving security initiatives.
• Relevant security certifications are a plus.

AI at Toast

At Toast, one of our company values is that we're hungry to build and learn. We believe learning new AI tools empowers us to build for our customers faster, more independently, and with higher quality. We provide these tools across all disciplines, from Engineering and Product to Sales and Support, and are inspired by how our Toasters are already driving real value with them. The people who thrive here are those who embrace changes that let us build more for our customers; it’s a core part of our culture.

Our Total Rewards Philosophy 
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.

Lead Security Engineer

Couchbase — Bangalore, India | Information Security | Full-Time

About Couchbase

As industries race to embrace AI, traditional database solutions fall short of rising demands for versatility, performance, and affordability. Couchbase is leading the way with Capella, the developer data platform for critical applications in our AI world. By uniting transactional, analytical, mobile, and AI workloads into a seamless, fully managed solution, Couchbase empowers developers and enterprises to build and scale applications with unmatched flexibility, performance, and cost-efficiency—from cloud to edge. Trusted by over 30% of the Fortune 100, Couchbase is unlocking innovation, accelerating AI transformation, and redefining customer experiences. Come join our mission.

The Role

We are seeking a driven and versatile Lead Security Engineer to join Couchbase's global Information Security team as our first security hire in Bangalore. This is a unique opportunity to be foundational to Couchbase's 24x7 security coverage and grow alongside a world-class security organization.

You will be a broad contributor—supporting and partnering our Security Operations, GRC, Product and Application Security teams. Working closely with Engineering, Cloud, and GTM functions, you'll gain hands-on exposure across the full security lifecycle. This role is ideal for someone who thrives across disciplines, moves between strategic and tactical work with ease, and wants to help build something meaningful from the ground up.

As Couchbase's security presence in Bangalore grows, you will be instrumental in expanding timezone coverage for security monitoring, incident response, and compliance operations—serving as a key link in our global, follow-the-sun security model.

Key Responsibilities

Security Operations

• Lead and own the timezone-extended coverage for security monitoring, alert triage, and initial incident response as the primary regional point of contact for the global security model.
• Drive day-to-day security operations including threat detection, monitoring, and escalation using SIEM and other security tooling.
• Assist with vulnerability management workflows—identification, prioritization, and tracking remediation in collaboration with engineering and cloud teams.
• Contribute to the review and improvement of existing security processes and tooling, including SIEM, DLP, endpoint security, email security, and vulnerability management platforms.
• Support security incident response planning and execution, interfacing with Engineering, Cloud, and SOC teams during active incidents.
• Help maintain and improve business continuity and disaster recovery documentation and runbooks.

Governance, Risk & Compliance (GRC)

• Contribute to GRC activities by focusing on audit evidence collection, documentation, and the continuous improvement of policies/standards under GRC team guidance.
• Assist with compliance initiatives including SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, CCPA, and other relevant frameworks.
• Help track and document security risks, control exceptions, and remediation plans across the enterprise.
• Contribute to audit evidence collection and documentation to support external assessments and certifications.
• Support privacy-by-design efforts, including data privacy assessments and alignment with evolving global data regulations.
• Assist in building governance frameworks for AI/ML workloads and data pipelines, ensuring responsible and compliant adoption of AI technologies.

Product & Application Security

• Provide support for Product/AppSec enablement efforts by assisting with the integration of application security tooling (SAST, DAST, SCA) into CI/CD pipelines.
• Partner with Product Security engineers in conducting security architecture reviews and threat modeling for Couchbase's Capella cloud platform and database products.
• Support the execution of static and dynamic code scan reviews and assist with triaging and tracking findings.
• Contribute to the management of Couchbase's bug bounty program, including triage, validation, and researcher communication.
• Assist with the planning and coordination of application penetration tests and tracking remediation of findings within defined SLAs.
• Help engineering teams understand and apply secure coding principles, including OWASP Top 10 and OWASP SAMM.
• Assist in completing security sections of RFP questionnaires and customer security reviews.

Cross-Functional Collaboration

• Build strong working relationships with Engineering, Product, Cloud, Legal, and Compliance teams to support security initiatives across the organization.
• Work with customers as needed to explain security policies or address product-related security questions.
• Champion a "security is everyone's job" mindset and help embed security into Couchbase's engineering-driven culture.
• Contribute to security metrics and reporting to help track maturity and drive continuous improvement.

Qualifications

Required

• 6–9 years of hands-on experience in information security spanning two or more domains: GRC, product/application security, or security operations.
• Working knowledge of major compliance frameworks (SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, CCPA).
• Familiarity with application security principles including OWASP Top 10, threat modeling, SAST/DAST tooling, and secure SDLC practices.
• Practical experience with public cloud security on at least one of AWS, Azure, or GCP.
• Experience with security tooling such as SIEM (Splunk, Rapid7, AlienVault), endpoint security (SentinelOne, CrowdStrike), or DLP platforms (Netskope, Proofpoint).
• Strong written and verbal communication skills with the ability to collaborate effectively across engineering, product, and business teams.
• Growth mindset, intellectual curiosity, and a genuine desire to broaden expertise across multiple security disciplines.

Nice to Have

• Experience with bug bounty program management, penetration test coordination, or vulnerability management.
• Familiarity with CNAPP tools (Wiz, Sysdig, Prisma Cloud) or cloud-native security tooling.
• Understanding of IAM, key management, encryption, and network security fundamentals.
• Experience with MDM tools (Kandji, Jamf, WorkspaceOne) and automating workflows/processes.
• Hands-on experience working within a GRC function on audits, risk assessments, or policy management.
• Exposure to AI/ML security considerations or data governance in a cloud environment.
• Industry certifications such as Security+, CISSP, CISM, CEH, or equivalent.
• Bachelor's degree in Computer Science, Information Security, or a related field.

Why This Role

This is a rare chance to join a lean, high-caliber security team at a pivotal moment—both for Couchbase and for the Bangalore office. You won't be siloed. You'll work across GRC, product security, AppSec, and SecOps, learning from specialists in each domain while contributing meaningfully from day one. As the team grows, so will your scope and influence.

Couchbase is trusted by over 30% of the Fortune 100 to power mission-critical applications. Security isn't an afterthought here—it's foundational to everything we build.

What is the Opportunity?  
Zafin is seeking a Cyber GRC Manager to join our cybersecurity team. The successful candidate will be responsible for developing and maintaining governance, risk, and compliance (GRC) frameworks, conducting cyber risk assessments and audits, and ensuring that the organization adheres to regulatory requirements and industry standards. The Cyber GRC Manager will collaborate with internal teams and clients to mitigate cyber risks and ensure that cybersecurity policies are enforced. The role requires strong knowledge of cyber risk management, compliance practices, and GRC tools.

Job Mandate: 

• Governance, Risk, and Compliance (GRC): Frameworks: Develop and implement governance, risk, and compliance frameworks for cybersecurity. Ensure that frameworks are aligned with industry standards, regulatory requirements, and internal policies. Continuously improve the GRC process to enhance risk management and compliance across the organization.  Be an owner for Trust Center and Cyber GRC controls under the overall controls framework.
• Cyber Risk Assessments and Audits: Conduct comprehensive cyber risk assessments and support internal audits to evaluate security controls, processes, and compliance. Identify gaps in cybersecurity practices and recommend remediation measures. Provide evidence and documentation to internal audit teams and clients for certifications and compliance audits.
• Vendor Risk Assessments: Perform vendor risk assessments, focusing on information security and cybersecurity practices. Provide input to clients and internal teams on vendor risk and ensure that vendors meet cybersecurity requirements.
• Regulatory Compliance Monitoring: Monitor changes in cybersecurity regulations, industry standards, and best practices. Ensure that the organization remains compliant with relevant laws and regulatory requirements. Update policies and procedures to reflect these changes and provide training to relevant stakeholders.
• Cybersecurity Policy Development and Maintenance: Develop, review, and maintain all cybersecurity-related policies and procedures. Ensure policies are communicated to all employees and are integrated into day-to-day operations. Regularly review and update policies to adapt to emerging threats and new regulations.
• Reporting and Risk Mitigation: Prepare reports on the status of cybersecurity risks, compliance levels, and vendor assessments. Work with cross-functional teams, including IT, security, legal, and compliance, to develop strategies to mitigate identified risks and improve the organization’s cybersecurity posture.

What do I need to succeed? 

Must have:

• Bachelor’s degree in computer science, Information Security, or a related field
• Strong knowledge of GRC frameworks (e.g., NIST, ISO 27001, GDPR, etc.)
• Minimum 6 years of experience in cybersecurity risk, governance, or compliance
• Experience conducting risk assessments and audits
• Experience working on Azure Environment
• Experience in Vendor Risk Management (Information Security focus)

Few of the following certifications:

• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in the Governance of Enterprise IT (CGEIT)
• Certified Information Systems Security Professional (CISSP)
• ISO/IEC 27001 Lead Auditor or equivalent
• Experience using GRC tools for risk and compliance tracking

Position Overview:  

As a Staff Software Engineer at Diligent, you’ll create robust, scalable, and secure microservices that power our SaaS platform for governance. You’ll leverage AWS (serverless or migrations) with TypeScript, own services end-to-end (code, deployment, monitoring), drive architecture discussions, and regularly demo to the department. A critical part of this role is shaping our AI strategy: you’ll lead design decisions, embed AI responsibly into systems, and mentor teams on AI capabilities, safety, and governance. 

Key Responsibilities: 

• Champion the design and delivery of secure, high-performance microservices on AWS, driving architecture decisions and empowering team members through mentorship. 

• Set technical direction across multiple teams, spotting system pain points and proposing improvements. 

• Pioneer AI-driven solutions by advising on model capabilities, crafting effective prompt strategies, and embedding governance and monitoring into development workflows. 

• Partner with Product, Security, and DevOps to shape technical roadmaps, ensure compliance, and seamlessly integrate AI features that deliver real business value. 

• Continuously elevate our toolkit by evaluating and piloting cutting-edge technologies (including AI toolchains), optimizing for performance, cost efficiency, and developer productivity. 

• Own projects end-to-end—from ideation and prototyping to deployment, monitoring, and iteration—ensuring resilient, maintainable systems and top-notch code quality. 

• Mentor engineers in best practices and AI-augmented workflows, fostering a culture of experimentation, learning, and ethical AI adoption. 

• Stay ahead of emerging AI trends and regulations, proactively adapting designs and practices to meet evolving standards and steer future innovation. 

Required Experience/Skills  

• 7–10 years delivering secure, scalable applications in agile environments. 

• Understanding of model architectures (e.g., transformer vs. retrieval-augmented), bias and safety concerns, prompt engineering, and proven experience shaping AI strategy and mentoring teams on responsible AI use. Ability to architect AI systems with embedded monitoring and governance. 

• Design and review scalable, high-performance system architectures, APIs, and data models, while writing high-quality, testable code in Node.js, React, and TypeScript/JavaScript, including reusable libraries and frameworks. 

• Lead end-to-end DevOps and platform engineering, including CI/CD pipeline design with strong guardrails, infrastructure-as-code and modern deployment strategies, cloud observability and incident response, and cost-aware architecture and capacity planning across AWS, Azure, and GCP 

• Integrates security best practices (IAM, secrets management) into all work, including AI components, and embeds bias/privacy checks in delivery pipelines. 

• Strong communication of technical and AI-related concepts to diverse stakeholders; proven ability to lead projects, influence engineering culture, and mentor peers in AI-augmented workflows. 

• Degree in Computer Science, Engineering, Mathematics, or equivalent experience. 

 *** Only Bangalore candidates may apply

About the Role

We are looking for a Senior Software Engineer to drive technical excellence, architect complex systems, and elevate our engineering team. You will own critical technical decisions, lead major initiatives from conception to delivery, and set the standard for engineering quality across our products - primarily working with our .NET-based application portfolio, AWS and Windows infrastructure.

What You'll Do

• Lead the design, architecture, and enhancement of .NET applications and Windows-based systems
• Drive technical initiatives from requirements gathering through production deployment on on-premise and cloud infrastructure
• Make critical architectural decisions balancing performance, scalability, cost, and maintainability
• Optimize and maintain ASP.NET applications, Windows Server environments, and enterprise databases
• Debug and resolve complex production issues across the application stack
• Establish engineering best practices, security patterns, and quality standards for enterprise applications
• Good to have: Explore opportunities to integrate AI capabilities (MCP servers, RAG systems, agentic workflows) where they add value to existing applications

Required Qualifications

Tech Stack

Core: .NET MVC, ASP.NET, C#, Windows Server, MSSQL, PostgreSQL, React, TypeScript, Docker, AWS
Good to Have: Node.js, Python, AI/ML frameworks (MCP, AWS Bedrock, LangGraph/Semantic Kernel, Vector Databases)

Core Technical Skills

• 5+ years professional development with proven track record of delivering complex enterprise systems
• Strong .NET (C#) development and architecture expertise - this is critical
• Deep experience with Windows Server administration, IIS, and on-premise application deployment
• Expert-level ASP.NET (Web Forms, MVC) and .NET Framework knowledge
• Advanced React and frontend architecture skills
• Extensive MSSQL and PostgreSQL database design, optimization, and performance tuning
• Strong understanding of microservices, distributed systems, and API design
• Mastery of software design patterns, clean code practices, and refactoring techniques
• Strong AWS architecture experience
• Good to have: Node.js

AI/ML Knowledge (Good to Have)

• Good to have: 1+ years hands-on experience building and deploying production AI/ML features
• Good to have: Python development with AI/ML framework expertise
• Good to have: Experience with AWS Bedrock, MCP servers, or AI integration architectures
• Good to have: Understanding of prompt engineering, RAG systems, or agentic AI workflows
• Good to have: Familiarity with AI evaluation frameworks, monitoring, and security considerations

Technical Leadership

• Leads technical design discussions and drives consensus
• Identifies systemic issues proactively across application systems
• Makes sound judgment under uncertainty
• Mentors junior engineers on .NET best practices and architectural patterns
• Champions modernization and improvement efforts while maintaining stability of production systems

Note: This role primarily focuses on maintaining and evolving our .NET applications portfolio. AI/ML experience is a valuable bonus - we're looking for strong .NET engineers who can own complex enterprise systems and potentially explore AI integration opportunities as they arise.