Infosec Networks

Senior Security Risk and Compliance Analyst

About The Job:
Essential Job Functions:
Qualifications:



Gather security risk data, perform risk ranking qualitative and quantitative analysis.
Analyze security risks using real-world security data and systems automation.
Frequently document and communicate security risks, collaborating with a range of stakeholders from individual contributors to senior leadership levels.
Contribute to security program development by identifying new or emerging opportunities to apply security principles and technologies.
Analyze the security of new or existing applications, software, or specialized utility programs and provide risk recommendation.
Support strategic and technical initiatives, perform Operational and Technical Risk Assessments, manage Risk Acceptance activities, develop risk posture and remediation recommendations.
Monitor and evaluate security measures to protect against reasonably anticipated threats or hazards to the privacy, security or integrity of protected information.
Be an integral member of the risk team to build and maintain strong cross-functional relationships across the company to aid in achieving consensus, expectation setting, training and awareness, and promote consistency and improvement in our processes.
Contribute to the production and improvement of the content, quality, and timing of security governance, risk and compliance analysis and reporting.
Own and drive activities related to the remediation of technical security and compliance risks with cross-functional teams, including, but not limited to, leading meetings, working to assign, track work items, and producing reports.
Preferred Qualifications:
5+ years of related work experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry.
Bachelors degree in Computer Science, Information Security, Cybersecurity, Risk Management, or a related field.
Have driven several security and/or operational risk processes within a company with a modern risk oversight function.
Experience supervising the design and operation of risk & control assessments to target different levels of information (e.g., RCSA vs. a service level assessment).
Experience with risk registers and helping prioritize security related work.
Can implement a solution (design), operational plan, and roadmap to achieve goals.
Experience implementing agile use cases in a GRC technology solution.
Executive presence: can represent a vision and build consensus across a variety of partners.
Knows how to estimate work effort and incubate skill sets to achieve team goals.
Has advanced knowledge of common security risks, vulnerabilities, and threats and can escort these issues through triage / risk treatment conversations.
Validated understanding of relevant information security frameworks, including related regulatory compliance requirements, such as ISO 27001/2 (including ISO 27017 & 18), FedRAMP, SOC 2 Trust Services Criteria, CIS Top 20, PCI DSS, NIST CSF / 800-53, HIPAA.
Strong knowledge of audit and risk management methodologies, such as SOX, COBIT, NIST RMF / 800-37 / 800-30.
Strong understanding of risk quantification principles and experiencing implementing FAIR-like approach for quantifying and reporting risks.
Hands-on experience with data analytics and business intelligence dashboarding tools (e.g., Jira, Power BI) and with agile project management tools (e.g., Jira).
Detail-oriented and able to understand the bigger picture by using your technical expertise and problem solving abilities to prioritize and manage blocking issues.
Ability to ramp up quickly and learn new technologies with minimal lag time.
Able to discuss issues at technical and business levels with audiences of various backgrounds.
Experience in a high growth business environment is a plus.
Bachelors degree in Security, Computer Science, Management Information Systems or related field preferred.
SaaS and data management industry experience is a plus.
Professional certifications in Information Security or Risk Management (e.g., CISA, CISM, CRISC, CGEIT, CSX-P, CISSP, CCSK) is a plus.

Training requirement: NSE 6 FortiNAC 9.1

We are looking for a freelance trainer for NSE 6 FortiNAC 9.1
It is a classroom training in Dubai location.

Training details:
Start date: 17th November
End date: 19th November
Duration: 3days (18 hours)
Mode: Classroom
Location: Dubai
Timings: 9:00am - 6:00pm (Dubai timings)(Any 6hrs a day)
Weekdays: Monday - Friday

We are looking for an experienced Freelance Trainer to conduct a corporate training program on Functional Safety & Cybersecurity. Please find the details below:



📌 Job Title: Freelance Trainer – Functional Safety & Cybersecurity
🗂� Type: Freelance
🌐 Mode: Online
⏱️ Duration: Standard


📋 Requirements:

Strong knowledge of Functional Safety standards (ISO 26262, IEC 61508, etc.)

Expertise in Cybersecurity standards (ISO/SAE 21434, UNECE WP.29)

Hands-on experience in ASIL, FMEA, FTA, HARA, and TARA

Prior corporate or technical training experience preferred

If interested, please share the following:

Updated Profile

Training Outline (TOC)

Availability

Commercials (with Labs, if applicable)

Module 3: Advanced Adversarial AI & Defense Strategy–  (14 hour content)
Module 4: AI Project Management & Leadership – ( 6 hour content)
Module 6: AI Security Implementation, Governance & Ethics –  ( 8 hour content)
2 hour Q/A
Total availability  = 30 hours

Delivery Schedule:
Your modules will be delivered on the following weekends:
Module 3:
26–27 July 2025
2–3 August 2025
Module 4:
9–10 August 2025
Module 6:
23–24 August 2025
Module 3: Advanced Adversarial AI & Defense Strategy (20 hours)
➡ Theory (14 hours)
Advanced Evasion Techniques & Defense (1.5 hr)
Data Poisoning & Model Manipulation (1 hr)
Adversarial Reinforcement Learning (1 hr)
Attacks on Multimodal AI (1 hr)
LLM & Generative AI Security (1.5 hr)
AI Supply Chain Security (1 hr)
Federated Learning & Edge/IoT AI Security (1.5 hr)
Quantum-Resistant AI Security (30 mins)
AI-Enabled Cyber-EW and Anomaly Detection in Defense (1 hr)
AI-Powered C2 (Command & Control) Threats: How AI can automate C2 disruptions and how to defend against them. ( 30 mins)
Adversarial Attacks in Autonomous Military Systems: Risks in drones, UGVs, UUVs. (30 mins)
Synthetic Media Threats & Deepfake Detection: Defense against AI-generated misinformation. ( 1 hour)
MITRE ATLAS and threat modelling framework ( 1 hour)
NIST AI RMF ( 1 hour)
Q/A- 30 mins
==============
Module 4: Secure AI Model Development & Deployment (10 hours)
➡ Theory (6 hours)
Principles of Secure AI Design (1 hr)
Data Security and Integrity in AI Pipelines (30 mins)
Explainability & Accountability in Military AI(30 mins)
AI Model Monitoring & Compromise Detection (30 mins)
Secure AI Deployment in High-Security Environments (30 mins)
Secure AI Coding Practices: Mitigating coding-level flaws in AI model development. (30 mins)
Defense AI CI/CD Pipeline Security: Securing model build, test, and deploy stages. (30 mins)
AI-Driven Insider Threat Monitoring: Integrate AI for detecting internal risks. (30 mins)
Zero Trust for AI Workloads: How to apply Zero Trust principles to AI systems. (30 mins)
Q/A- 1 hour
==============
Module 6: AI Security Implementation, Governance & Ethics (10 hours)
➡ Theory (8 hours)
Defending Against AI-Driven Cyberattacks (1 hr)
Securing AI Systems & Data (1 hr)
AI-Powered Threat Mitigation with Threat Modeling (1 hr)
Governance Frameworks for Military AI (1 hr)
Ethics & Compliance in Defense AI (1 hr)
Incident Response for AI Systems: Building AI-specific IR plans. ( 1.5 hour)
AI Security Metrics & Continuous Monitoring: How to measure AI security posture. (1.5 hours)
Q/A- 30 mins
Session time: 2:00 PM – 7:00 PM IST (Saturday and Sunday)
Please note that o

Human Resource Management (HRM) in Infosec Networks plays a critical role in aligning workforce capabilities with the company's mission of delivering secure, efficient, and innovative networking and cybersecurity solutions. HR focuses on acquiring, developing, and retaining skilled professionals across domains such as network design, cybersecurity, GRC, and IT infrastructure.


Talent Acquisition: Hire qualified network engineers, cybersecurity analysts, and information security consultants with expertise in Cisco, Palo Alto, Fortinet, and other technologies.

Training & Development: Provide continuous skill enhancement programs in network security, compliance, and emerging technologies (e.g., Zero Trust, AI in Security, DLP systems).


Effective HR management in Infosec Networks ensures a secure, skilled, and motivated workforce capable of upholding the organization's standards in cybersecurity and network design. HR acts as a bridge between organizational goals and employee performance, fostering a culture of trust, innovation, and compliance.

Major uses of DLP

Protecting sensitive data

DLP helps identify, classify and protect sensitive data such as personally identifiable information (PII), intellectual property, customer records, etc.
IBM
+2
Fortinet
+2

It monitors data when it is in use (being accessed/edited), in motion (being transferred across networks), and at rest (stored).
Palo Alto Networks
+1

Preventing unauthorized or accidental data sharing/leakage

DLP enforces policies to block, quarantine or encrypt data when a user's action violates "allowed" data movement or sharing.
Microsoft
+2
Palo Alto Networks
+2

This is important for both malicious (insider threat, exfiltration) and accidental (employee mis-send, mis-upload) events.
IBM
+1

Supporting regulatory compliance & governance

Many regulations (e.g., GDPR, HIPAA, PCI DSS) require organizations to control and report on sensitive data use. DLP is a key technology for meeting those obligations.
Fortinet
+1

It also supports policy and audit trails: knowing "who accessed what data, when, from where" and "what data moved where".
Microsoft

Managing and securing cloud-based and hybrid environments

With data increasingly in cloud services (SaaS, IaaS) and hybrid infrastructures, DLP tools are used to extend protection beyond traditional on-premises networks.
Concentric AI
+1

Modern DLP must cover lots of new channels and usage contexts (remote work, collaboration tools, generative AI, etc.)
cyberhaven.com
+1

Reducing risk of data breach and exfiltration

Because data breaches remain costly (e.g., average global cost in recent years) organizations deploy DLP to reduce risk of leaks and exfiltration.
Palo Alto Networks
+1

DLP can provide visibility and controls to pre-empt data loss rather than simply reacting.
cyberhaven.com

Some emerging / evolving use-cases in 2025

Monitoring of generative AI / shadow AI: Companies are finding new risks where employees paste sensitive content into public AI tools. Modern DLP now needs to detect such flows.
Palo Alto Networks
+1

Data-lineage and movement tracking: Rather than just matching keywords, the most advanced DLP tools trace how data flows from origin to destination (e.g., from CRM → document → upload) to reduce false positives.
cyberhaven.com

Covering collaboration tools and non-traditional channels: DLP now must handle cloud apps, real-time chat, file sharing, endpoints, mobile, etc.


Top DLP solutions

Microsoft Purview Data Loss Prevention – Cloud/endpoint DLP integrated with Microsoft 365, OneDrive, Teams etc.
Centraleyes
+2
Seraphic Security
+2

Google Cloud DLP – Focused on data classification & de-identification in Google Cloud Platform environments.
Centraleyes
+1

Netskope DLP – Cloud-native DLP covering SaaS/IaaS/web traffic, good for cloud-first organisations.
Centraleyes
+1

Symantec Data Loss Prevention (by Broadcom) – Strong enterprise-grade solution with deep content inspection (endpoints, network, cloud).
cyberhaven.com
+1

Forcepoint DLP – Unified DLP across web/email/cloud and behavioral analytics for user risk.
Centraleyes
+1

Proofpoint Enterprise DLP – Emphasis on email/endpoint/cloud DLP with ML-driven content classification.
Proofpoint
+1

Endpoint Protector (by CoSoSys) – More focussed on endpoint & removable device control, good for hybrid environments.
zluri.com
+1

Digital Guardian DLP – Endpoint/Network DLP solution, often recommended for organisations with sensitive IP/data.
TechTarget
+1

Zscaler DLP – Unified DLP across web, endpoint, email; rated well in 2025 user reviews.
Info-Tech Research Group
+1

Safetica DLP – Good user-centric DLP, especially for insider risk & productivity-aware organisations

SIEM Tools Training

Software product and services come together and form security information management (SIM). On the other hand, we have Security event management services (SEM). SIM & SEM club together themselves and form SIEM (security information and event management). SIEM do real-time analysis of threat detected by application and network hardware.

Normally SIEM have compliances modules, data retention modules, log ingestion and aggregation module, an analysis engine and alerting module.

The goal of SIEM Software delivery is to prepare a report for security-related events and incident eg failed login, malware activity and send alerts if data analysis shows that an activity is deviating from predetermined rules.

The likely sources of logs for SIEM system could be:Intrusion detection systems/intrusion prevention systems (IDS/IPS) , Data Loss Prevention (DLP) systems, Anti-virus and other endpoints security software, Firewalls, Unified Threat Management (UTM) systems, VPN concentrators, Web filters, Honeypot or deception systems, Routers and switches, Domain controllers, Wireless access points, Application servers, intranet application and databases

Preparatory mentioned SIEM Tools for corporate training :


�
IBM QRadar Security Intelligence Platform Training

Splunk SIEM Tool Training

ArcSight ESM Software Training

LogRhythm SIEM Tool Training

McAfee SIEM Tool Training

SolarWinds SIEM Tool Training

Alienvault SIEM Tool Training

NetIQ / Micro Focus SIEM Tool Training

Intel Security Group SIEM Tool Training

Trustwave SIEM Tool Training

Symantec SIEM Tool Training

EventTracker SIEM Tool Training

AccelOps SIEM Tool Training

LogLogic | TIBCO SIEM Tool Training

BlackStratus SIEM Tool Training

Alert Logic SIEM Tool Training

Tripwire Log Center SIEM Tool Traning

Sophos SIEM Tool Training

Tango/04 SIEM Tool Training

LookWise SIEM Tool Training

Huntsman Enterprise SIEM Tool Training

EiQ Networks SIEM Tool Training

Extreme Networks SIEM Tool Training

GFI EventsManager SIEM Tool Training

LayerX Technologies SIEM Tool Training

FairWarning | Data Protection for EHRs and Salesforce Training

Tenable SecurityCenter Family SIEM Tool Training

ManageEngine Event Log Management Software Training

CorreLog – CA Technologies SIEM Tool Training

Juniper Networks SIEM Tool Training

 

Open Source SIEM Tools training for Businesses for all below SIEM Tools:

SIEMonster Training

AlienVault OSSIM Training

Apache Metron Training

MozDef Training

OSSEC Training

Wazuh Training

Prelude OSS Training

Snort Training

Sagan Training

ELK Stack Training

 

Our SIEM Tools training course offered all the courses mentioned above.
 
Complete Customization of SIEM Tools training's course content is possible for Individual student and for Corporate.  SIEM online training is available for individual and for corporate we may arrange classroom as well. For more information do connect us.

📘 AZ-104 – Microsoft Azure Administrator
https://lnkd.in/gNhrvxYU

📘 AZ-500 – Azure Security Technologies
https://lnkd.in/gtkisVEH

📘 AZ-700 – Azure Networking Solutions
https://lnkd.in/g_4cg4SF

📘 AZ-305 – Azure Infrastructure Solutions
https://lnkd.in/g3fGZSWr

📘 AZ-140 – Azure Virtual Desktop
https://lnkd.in/guyYeBu2

📘 AZ-800 – Windows Server Hybrid Core
https://lnkd.in/gbuVGcpm

📘 AZ-801 – Windows Server Hybrid Advanced
https://lnkd.in/gdriz7z3

📘 SC-300 – Identity & Access Administrator
https://lnkd.in/gPJDYF3t

📘 AZ-400 – DevOps Solutions
https://lnkd.in/g52DNbhd

Academic Students Project Enquiry :

https://docs.google.com/forms/d/1QK5UVxu4AXvIVTTqxXaomS9F5snQN5b8uNX8u69pFxM