504 Cisa Jobs

Individuals within the IT Compliance Lead Analyst role are responsible for ensuring that the organization in accomplishing its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of IT risk management, IT control and governance processes. Persons in this role will be a primary resource for driving adherence to compliance and regulatory IT controls. Will assist development of continuous monitoring controls to assess the IT control environment and its effectiveness against the IT Corporate Compliance Standards. Partner with the Corporate Compliance team to provide guidance and enhancements of control adjustments based on industry or corporate standards. Members of this role need to understand software development life cycles, Sarbanes-Oxley (SOX) Controls, security principals, process design, and a strong knowledge of compliance management. They must be able to understand business requirements, technical specifications, and change management documentation to audit work products against standards. They must also be highly skilled communicators. The associate in this role will work on multiple projects as a compliance team leader or advisor. They will work on projects that have system-wide impact, integrating across the organization and involving multiple technical environments and disciplines. PRIMARY DUTIES AND RESPONSIBILITIES: Leads in identification and documentation of Cencora/Pharmalex IT General Controls (ITGC). Performs risk assessment procedures and presents findings to leadership verbally or via written reports. Provides controls guidance to IT and the business to facilitate operational effectiveness and ensures compliance requirements are met. Utilizes sound judgment to identify and assess risk, materiality, and adequacy of audit evidence, compensating controls, and significance of findings. Collaborates effectively and on an ongoing basis with all constituents involved in IT General Controls. Reviews progress toward the ITGC plan regularly with IT leaders, control owners and auditors to make modifications, as necessary. Assists internal and external auditors in compliance reviews. Assists external compliance initiatives that may include Sarbanes-Oxley (SOX), EU GDP, GDPR, and other compliance programs, including the coordination of auditors interfacing with IT staff, guidance for appropriate remediation actions for findings, communication, and escalation of remediation. Builds trusted working relationships with the enterprise Finance, Legal, Audit and Corporate Compliance groups to support Internal and External Audits, and to ensure the understanding and acceptance of audit issues in connection with business risks. Stays current with latest changes in external compliance initiatives that may affect the organization s compliance with external requirements. Manages discussions with external auditors as part of required reviews of our IT Compliance Controls. Must be able to accurately communicate our IT Controls strategy and how IT controls operate. Prepares clear, detailed, and accurate compliance documentation, including narratives, control descriptions, risk control matrices, test programs, and performance metrics. Establishes and communicates timelines, requirements, and issues with management in a professional and timely manner. Escalates key control risks and issues, in a professional manner to management. Evaluates and makes compliance recommendations on standards within enterprise-wide processes such as change and release management. Leads evaluation of Control Frameworks, Regulations, and certifications, provides analysis based on findings. Participates in evaluation of acquired solutions and provides findings on control risks. EXPERIENCE AND EDUCATIONAL REQUIREMENTS: bachelors degree in computer science, Information Systems, Business Administration, or other related field or equivalent work experience. Minimum of eight (8) years IT compliance or audit experience , including supervisory experience working for a large company. Professional certification is preferred (CISA, CIA, CPA, CRISC, CISSP, or similar). Must have experience in auditing large ERP systems. MINIMUM SKILLS, KNOWLEDGE, AND ABILITY REQUIREMENTS: Direct experience in auditing Microsoft Dynamics365 or an equivalent ERP system Experience in working remotely and autonomously Ability to work within a team environment Skilled at interacting with internal and external personnel Strong interpersonal and analytical skills Strong organizational and oral/written communication skills High degree of literacy with system processes and internal controls Comfortable working with management, and ability to work independently on projects and supervising of assigned staff Extensive exposure to IT related operations, including system development project management methodologies and practices; IT Operations, IT planning, management and organization, and other typical application specific control principles and risk Working knowledge of Sarbanes-Oxley requirements EXPERIENCE AND EDUCATIONAL REQUIREMENTS: bachelors degree in computer science, Information Systems, Business Administration, or other related field or equivalent work experience. Minimum of Eight (8) years IT compliance or audit experience, including supervisory experience working for a large company. Professional certification is preferred (CISA, CIA, CPA, CRISC, CISSP, or similar). Must have experience in auditing large ERP systems. MINIMUM SKILLS, KNOWLEDGE, AND ABILITY REQUIREMENTS: Direct experience in auditing Microsoft Dynamics365 or an equivalent ERP system Experience in working remotely and autonomously Ability to work within a team environment Skilled at interacting with internal and external personnel Strong interpersonal and analytical skills Strong organizational and oral/written communication skills High degree of literacy with system processes and internal controls Comfortable working with management, and ability to work independently on projects and supervising of assigned staff Extensive exposure to IT related operations, including system development project management methodologies and practices; IT Operations, IT planning, management and organization, and other typical application specific control principles and risk Working knowledge of Sarbanes-Oxley requirements

Join our Team About This Opportunity We are seeking a team member in our IT Security Third Party Security Risk Management team to enhance our BA, MA, and Group Functions adherence to internal IT Security regulations more efficiently. This individual contributor role will articulate ISMS controls and compliance through the "10 Commandments" and dashboards. The role involves conducting assurance reviews and, when necessary, implementing ISMS compliance across Ericsson s global IT environment. We are looking for a highly skilled security professional with an audit background. The ideal candidate will foster a collaborative and professional atmosphere while maintaining high standards. What You Will Do Understand the end-to-end third-party risk management lifecycle. Develop, manage and improve third-party risk management monitoring and reporting process that tracks third-party risks. Contribute to the development of policies focused on the security of third-party business processes. Develop and maintain supplier risk and control monitoring plans, performing monitoring activities and analyzing evidence to ensure controls are effective. Assist in the development and execution of category/supplier strategies. Collaborate with stakeholders to address supply chain security. Supervise and conduct supplier security audits in alignment with company security policies and industry standards. Perform on-site assessments of vendors to identify opportunities for improvement. Utilize analytics to compile and synthesize data, making informed recommendations to assess and mitigate risk exposure, guiding business decisions. Establish and deliver metrics in a robust, validated, consistent, and repeatable process. Ensure data accuracy and integrity through established processes and controls. Build relationships and influence the behavior of internal teams and external parties. Complete monitoring and control tasks triggered by supplier tier and third-party interaction models. Collaborate with business stakeholders to achieve year-over-year cost savings with managed third-party relationships. Partner with stakeholders on IT Security contract negotiations for all managed third-party relationships. You Will Bring Minimum of seven years of experience in developing and maintaining global vendor risk management programs. Preferred certifications: CISSP, CISM, CISA, or CRISC. Strong understanding of information technology and security solutions. Monitor and ensure successful delivery against third-party contractual obligations. Assist in the development and monitoring of SLAs or key performance indicators for third-party relationships. Why join Ericsson? What happens once you apply? Primary country and city: India (IN) || Gurgaon Req ID: 768956

Provides independent internal audit and forensic investigation support, covering Oracles global operations. Reviews focus on evaluating adequacy, effectiveness and compliance with risk management and governance processes, policies and procedures and key internal controls. ABOUT THE TEAM Oracle s Business Assessment & Audit team (BA&A) is responsible for providing enterprise risk management services on behalf of the executive management team and board of Oracle Corporation as well as its publicly traded subsidiaries. These responsibilities are executed through conducting broad business risked-based audits (operational / financial / IT / compliance - focused) of Oracle s global processes and subsidiaries. The BA&A function currently has approximately 50 members globally. The team is a mix of highly specialized process, information technology/privacy and data analytics professionals in providing business/consulting advisory services. POSITION OVERVIEW Perform independent assessments of Oracle s global business processes, including country specific regulatory assignments, to ensure that they meet managements business objectives while mitigating significant risks. Assist in planning the scope for audits and selection/development of appropriate audit procedures. Execute on audit procedures and assist in preparation of reports and memorandums as needed for assigned audits. Assist in performing periodic global risk assessments to help ensure that key business risks are properly identified and mitigated by management. KEY RESPONSIBILITIES Perform audits/reviews to ensure compliance with company guidelines/policies/local laws and regulations as well as effectiveness of internal controls. Draft and ensure completion of audit scope, programs, questionnaires, reports and memorandums for assigned audits/reviews. Perform quarterly assessments of management action plan completion to ensure proper risk mitigation. Review operational structure for maximum efficiency and effectiveness. Provide recommendations to business units on improving their internal control structure. Work collaboratively with internal and external subject matter experts. Managing department infrastructure and improvement activities, training sessions and special projects, as needed. Key skills and abilities include attention to detail, influencing, facilitation, business process improvement/development, analysis, and problem solving. PREFERRED SKILLS & EXPERIENCE At least 6-8 + years Audit/Consulting experience and BA/BS degree Strong presentation and communication skills (spoken and written) in English are essential. Advanced interviewing skills are required Advanced knowledge of auditing processes/procedures Ability to balance detail with departmental goals/objectives Ability to coordinate and perform multiple tasks/projects/team initiatives simultaneously, balancing priorities and deliverables Ability to evaluate business processes and IT technology, identify risks and evaluate controls. Advanced investigative and analytical skills Ability to translate business needs and problems into viable and accepted solutions Competent interpersonal skills, including the ability to liaise with process owners across a wide variety of operational, functional, and technical disciplines Organizational and time management skills Effectively coordinate with team members in different time zones and the ability to work independently and within a team environment Ability to travel as required (estimated travel 10%-25%) Experience working with Office tools (Excel, Word and PowerPoint) required Proven experience working with computer-aided auditing, continuous monitoring and data analytics and data visualization tools a plus Advanced degree in Accounting, Finance, Business Administration, Management Information Systems or equivalent education preferred CPA, CA, ACA, CIA, CISA, CFE or similar certifications preferred Additional language skills are a plus

About This Opportunity We are seeking a team member in our IT Security Third Party Security Risk Management team to enhance our BA, MA, and Group Functions adherence to internal IT Security regulations more efficiently. This individual contributor role will articulate ISMS controls and compliance through the "10 Commandments" and dashboards. The role involves conducting assurance reviews and, when necessary, implementing ISMS compliance across Ericsson s global IT environment. We are looking for a highly skilled security professional with an audit background. The ideal candidate will foster a collaborative and professional atmosphere while maintaining high standards. What You Will Do Understand the end-to-end third-party risk management lifecycle. Develop, manage and improve third-party risk management monitoring and reporting process that tracks third-party risks. Contribute to the development of policies focused on the security of third-party business processes. Develop and maintain supplier risk and control monitoring plans, performing monitoring activities and analyzing evidence to ensure controls are effective. Assist in the development and execution of category/supplier strategies. Collaborate with stakeholders to address supply chain security. Supervise and conduct supplier security audits in alignment with company security policies and industry standards. Perform on-site assessments of vendors to identify opportunities for improvement. Utilize analytics to compile and synthesize data, making informed recommendations to assess and mitigate risk exposure, guiding business decisions. Establish and deliver metrics in a robust, validated, consistent, and repeatable process. Ensure data accuracy and integrity through established processes and controls. Build relationships and influence the behavior of internal teams and external parties. Complete monitoring and control tasks triggered by supplier tier and third-party interaction models. Collaborate with business stakeholders to achieve year-over-year cost savings with managed third-party relationships. Partner with stakeholders on IT Security contract negotiations for all managed third-party relationships. You Will Bring Minimum of seven years of experience in developing and maintaining global vendor risk management programs. Preferred certifications: CISSP, CISM, CISA, or CRISC. Strong understanding of information technology and security solutions. Monitor and ensure successful delivery against third-party contractual obligations. Assist in the development and monitoring of SLAs or key performance indicators for third-party relationships. Primary country and city: India (IN) || Gurgaon Req ID: 768956

We are seeking an experienced IT SOX Auditor to join our dynamic Internal Audit team. This role will primarily focus on evaluating and testing IT controls within our SAP R/3 ECC 6.0 environment to ensure compliance with the Sarbanes-Oxley Act (SOX) . You will also assist in reviewing other IT-related financial reporting controls, conducting risk assessments, and supporting continuous improvement initiatives within our internal audit processes. The ideal candidate will have a strong background in SAP auditing, ITGC testing, and SOX compliance, combined with the ability to collaborate across various business functions. A proactive approach to process improvements and experience in working with diverse IT systems (including Oracle, Active Directory, AWS, CyberArk, and Linux) will be highly valued. Key Job Areas of Responsibilities 1. SOX Compliance Testing : Conduct thorough testing of IT controls within the SAP environment to ensure SOX compliance. Testing of IT controls over Oracle, Active Directory, AWS, CyberArk and Linux. 2. Quality Assurance : Assist in quality assurance review over IT related financial reporting controls within the Sarbanes Oxley (SOX) compliance program. Support the Internal Audit Manager on various departmental tasks, compliance investigations, continuous improvement initiatives and management reporting. 3. Risk Assessment & Audit Planning : Prepare preliminary risk assessments, define audit scopes, conduct fieldwork identifying control weaknesses and non-compliance, discuss audit results with management, draft audit reports and perform the follow-up of Management corrective action plans on a regular basis. Add value to auditees by sharing best practices and through constructive and solution-driven discussions. Participate in developing the annual Risk Assessment and Audit Plan 4. Stakeholder Communication : Regular communication and management of stakeholders including Senior Management and business process owners. 5. Process Improvements (Kaizen) : Support GEM implementation across Internal Audit by: Having a focused process improvement mindset ( automation, standardization etc) at least 1 Kaizen idea raised per month (and one implemented Kaizen every 2 months) Improvements/ projects with bigger impact on the portfolio, activities and KPIs 6. Root Cause Analysis (RCCA) : RCCA (Root Cause Analysis) continuous focus Education B Tech/ MCA/ BSc /BCom/CISA/CIA Experience Required Must Have 5-7 years of experience in testing SOX controls in SAP R/3 ECC 6.0 environment. Good to have 1-5 years of experience in programming in C++, Java, Python Good knowledge of ITGC controls over Oracle, Active Directory, AWS, CyberArk and Linux Key Skills and Knowledge Fluent in English Excellent knowledge of SAP R/3 ECC 6.0 environment. Good knowledge of Sarbanes Oxley (SOX) IT general controls. Ability to develop strong partnerships/working relationships with all functional areas. Good Teamwork & Communication Why Join Us? Growth and Development : We offer opportunities for professional development, including support for certifications and continuous learning. Innovative Culture : Be part of a forward-thinking team focused on improving processes, driving automation, and optimizing audit practices. Collaborative Environment : Work alongside a dynamic team of professionals who are dedicated to making an impact and adding value to the business.

Help clients transform their compliance function from reactive to proactive through an intelligent compliance operating model powered by data, intelligent technologies and talent Looking for someone with SOX testing experience. Conduct testing tasks within Agile models and integration processes and manage development sprints. Automated / IT Control Tester is must What are we looking for? •Results orientation •Commitment to quality •Risk management •Collaboration and interpersonal skills •Written and verbal communication Automated Control Tester is must ITAC, IT automated control testing, ISO 27001, pci dss certification, Nist, CISA

Qualification: Bachelors degree in computer Science or IT higher-level qualification Perform 3rd-party audits and trainings according to ISO/IEC 27001, ISO 9001 & other IT specific standards/ frameworks Provide timely and accurate reviews of client’s corrective action and closure. Minimum 5+ years’ Experience in IT /Management system Implementation / certification and Minimum 2 years of profound experience in the field of information security. Great attitude, Analytical skills and communication skills. Preferred: IRCA Certified, ITIL Certified, CISA, CISM, CISSP, MCSE, MCSA and/or MBA Good understanding of relevant regulations and industry standards (e.g. ITIL Framework, FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA, HiTrust and GLBA), best practices and methodologies and the ability to apply these requirements to organizational internal control frameworks. Able to travel for business purpose(70-80%).

Qualification: Bachelors degree in computer Science or IT higher-level qualification Perform 3rd-party audits and trainings according to ISO/IEC 27001, ISO 9001 & other IT specific standards/ frameworks Provide timely and accurate reviews of client’s corrective action and closure. Minimum 5+ years’ Experience in IT /Management system Implementation / certification and Minimum 2 years of profound experience in the field of information security. Great attitude, Analytical skills and communication skills. Preferred: IRCA Certified, ITIL Certified, CISA, CISM, CISSP, MCSE, MCSA and/or MBA Good understanding of relevant regulations and industry standards (e.g. ITIL Framework, FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA, HiTrust and GLBA), best practices and methodologies and the ability to apply these requirements to organizational internal control frameworks. Able to travel for business purpose(70-80%).

Not Applicable Specialism Risk Management Level Associate & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisations security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. & Summary A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats s Experience in conducting IT risk assessments. Sound understanding of ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Knowledge on application infrastructure architecture. Knowledge on SaaS application architecture. Knowledge on database and middleware communication. Knowledge on API security. Good communication skills. Good team player. Good presentation skills and senior stakeholder management. Certifications CISA, CISSP, CCNP, CCSP, CISM, CRISC etc. Mandatory Skill Sets IT Risk, ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Preferred Skill Sets Stakeholder Management, Team Management Years of Experience 3+ Years Educational Qualification BE, B.Tech, M.Tech, MCA, MBA graduates. Education Degrees/Field of Study required Bachelor of Technology, Master of Business Administration Degrees/Field of Study preferred Required Skills ISO Certification, NIST Standards Accepting Feedback, Accepting Feedback, Active Listening, Cloud Security, Communication, Conducting Research, Cyber Defense, Cyber Threat Intelligence, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Malware Analysis, Malware Detection Tools, Malware Intelligence Gathering, Malware Research, Malware Reverse Engineering, Malware Sandboxing {+ 11 more} Travel Requirements Government Clearance Required?

Our Company Were Hitachi Digital, a company at the forefront of digital transformation and the fastest growing division of Hitachi Group. Were crucial to the companys strategy and ambition to become a premier global player in the massive and fast-moving digital transformation market. Imagine the sheer breadth of talent it takes to unleash a digital future. We dont expect you to fit every requirement your life experience, character, perspective, and passion for achieving great things in the world are equally as important to us. The role: This role reports to the Manager of Internal Audit and will perform and support diverse types of audits and consulting engagements, including but not limited to global end-to-end process reviews, sales office audits, J-SOX activities, operational reviews, and system implementation reviews. Act as J-SOX compliance coordinator for selected financial processes Understand organization objectives, structure, policies, processes, internal controls, and external regulations Prepare good quality work papers and other deliverables timely and professionally to adequately and clearly document testing, support conclusions, communicate findings and recommendations to line manager and stakeholders. Identify risks and improvement opportunities in the organization, exercise judgment while evaluating audit findings and provide meaningful, high impact recommendations for management to improve process and operational efficiencies, including reducing the possibility of fraud, and mitigate risks Influence process owners and stakeholders to improve operations and enhance controls. Validate the completion and closure of agreed remediation and management actions as needed Working on multiple priorities/projects for on-time delivery, proactively providing status of all activities to Internal Audit management and relevant business stakeholders Execute special assignments to support the wider needs of the Internal Audit team or other business functions What you bring to the team: Recent 2-3 years of experience in internal audit, internal control or accounting firm consulting/advisory is required (Big 4 background is desirable) Bachelor's Degree in Auditing, Accounting, Finance, Business Administration, or Information Technology Good knowledge of J-SOX or SOX requirements, internal audit, and accounting practices. The candidate should be able to work collaboratively across various departments, regions, and cultures. An accounting or audit qualification e.g., CIA, CISA, CPA, ACCA or equivalent preferred Ability to work independently and effectively with limited supports, have experience to lead small projects and have good time management and organizational skills. Experience of shared service centre environments is desirable Ability to convey under presence, professional image, and deal confidently with business problems while building and maintaining strong relationships with key stakeholders You are out-of-the box thinker with good analytical skills and the ability to adapt quickly to changing work environments, priorities, and deadlines Excellent verbal and written communication skills About us Were a global, 1000-strong, diverse team of professional experts, promoting and delivering Social Innovation through our One Hitachi initiative (OT x IT x Product) and working on projects that have a real-world impact. Were curious, passionate and empowered, blending our legacy of 110 years of innovation with our shaping our future. Here youre not just another employee; youre part of a tradition of excellence and a community working towards creating a digital future. #LI-RR1 Championing diversity, equity, and inclusion Diversity, equity, and inclusion (DEI) are integral to our culture and identity. Diverse thinking, a commitment to allyship, and a culture of empowerment help us achieve powerful results. We want you to be you, with all the ideas, lived experience, and fresh perspective that brings. We support your uniqueness and encourage people from all backgrounds to apply and realize their full potential as part of our team. How we look after you We help take care of your today and tomorrow with industry-leading benefits, support, and services that look after your holistic health and wellbeing. Were also champions of life balance and offer flexible arrangements that work for you (role and location dependent). Were always looking for new ways of working that bring out our best, which leads to unexpected ideas. So here, youll experience a sense of belonging, and discover autonomy, freedom, and ownership as you work alongside talented people you enjoy sharing knowledge with. Were proud to say were an equal opportunity employer and welcome all applicants for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran, age, disability status or any other protected characteristic. Should you need reasonable accommodations during the recruitment process, please let us know so that we can do our best to set you up for success.

We have a team of security compliance leaders overseeing solutions for this complex environment, collaborating with security architects and Cloud DevOps teams internally and around IBM. The security compliance leader’s role is to determine the secure operation of the all computer systems, servers, and network connections in accordance with our policies, procedures, and compliance requirements. A security compliance leader in our team will participate in some or all of the following: Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment Required education Bachelor's Degree Required technical and professional expertise Required Skills Minimum of 12 years of relevant compliance experience and cybersecurity knowledge Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Preferred technical and professional experience Preferred Skills Working in a change-controlled production environment. Diagnosing the root cause of problems and propose solutionsExamples would be failed patches, tooling issues, false positives on system tests, authentication problems. Expertise in system configuration, especially privilege control (for example sudoer configuration), and system level firewall (iptables) An understanding of basic networking conceptsipsec tunnels, firewalls, routers, public and private addressing. Project Management knowledge and experience a strong plus container based architectures and implementations such as kubernetes, docker, etc. Education qualification. Computer science BSc or equivalent Security/privacy specific training such as ISO 27001 LA CISA, CISM, CISSP etc

About The Role We at Innovaccer are looking for an Security Engineer-II who will be responsible for Risk Assessment role in our Cyber Security Team for customer & internal activities including proprietary & public data. This role will encompass the use of a broad range of security domains (Security Questionnaires, Vendor Risk Assessment, Internal and External Audits, Writing Policies & Procedures etc.).This role would be a great opportunity to learn and grow as you would be exposed to multiple security domains across multiple cloud platforms at a single time. A Day in the Life Responding to RFPs & Security Questionnaires Coordinating with RFP team and Legal team on reviewing security questionnaires/exhibits, BAA/MSA queries and respond to follow-ups and customer queries Analyzing and updating existing compliance policies, procedures and related documentations Implementing privacy controls & policies Drive Vendor Risk Assessment & Risk Management programme Maintaining communication and coordinating with corporate, legal and IT teams Implement audit controls for external audits like SOC2 Type2, HiTrusHIPAA,t, ISO27701, etc. Perform third party risk assessments and work on remediation of findings Familiar with Regulations in United States HealthCare & Middle-East Coordinating with internal teams for gathering evidences and presenting it to auditor Identify control gaps/weaknesses and formulate action plans to address What You Need Understanding of different Privacy & Compliance controls of Federal & State Regulation's Bachelors degree in Information Technology, Computer Science Engineering preferred Minimum of 3-5 years of prior experience in Information Security Risk & Compliance Hands-on experience on HIPAA, SOCII, ISO27001:2022, HiTrust etc. Familiarity of compliances like GDPR, NISTSP800-53, HiTech, FedRamp, AzRamp, MARSE, etc Vendor Risk Assessment, Respond to RFPs & Legal Review of Security Exhibits Work with Corporate compliance Team for Audits Good to have CISSP/CISA or other relevant certifications Hands-on skills in Data security controls Ready to take up more responsibilities along-with existing role Understanding of Security Architecture and proficient in immediately of data security control Able to work independently, being a team player, ability to work well under pressure Familiarization with cloud like AWS, Azure & GCP Able to multi task, prioritize, and manage time effectively Collaborates effectively and communicates efficiently Readily available to work with teams and clients outside India in USA & Middle-East

Strong understanding of OWASP Threats classification Exp with establishing penetration testing procedures & processes. Exp with standard security tools such as Metasploit, SQLMap, Nmap, OWASP ZAP, Burp Suite etc. Stay current with evolving threats Required Candidate profile Understanding of threat modelling, vulnerability assessment, and penetration testing Exp on application & infrastructure vulnerabilities, automated/manual testing, auditing and remediation techniques

Period :Immediate. Type Contract Description Minimum of 5 years of technical cyber Security Consultant experience and IT audit/compliance . Experience integrating Cyber Security technologies with existing technologies Proficient understanding of experience with audit, regulatory requirements, and standards (SOC2, ISO, HITRUST), and other related standards and certification processes. Must be passionate about contributing to an organization focused on continuously improving consumer experiences Willing to work in Eastern Time/Humana business hours .Preferred Qualifications Knowledge of key compliance and IT frameworks . such asSSAE16 SOC2, HITRUST, SOX, etc. CISA, CISSP, HCISPP, CCSP, CISM, CTPRP or similar certification

As an associate in RSMs growing Technology Risk Consulting, you will have the opportunity to develop into a seasoned consultant through a high degree of client and industry exposure, career development and mentorship opportunities, and a diverse and inclusive culture. The fast-paced and dynamic environment in which we operate will provide you with daily challenges and exciting opportunities. In the Technology Risk Consulting Practice, our consultants help our clients with design and optimization of controls utilizing a general knowledge of business processes, accounting, and information technologies by identifying and prioritizing risk and transform their technology risk management and assurance capabilities to be aligned to the key risks and strategies of their organization. Responsibilities include Develop an understanding of the RSM Technology Risk Consulting approach, methodology and tools Develop an understanding of the Industry leading frameworks and methodologies for Sarbanes-Oxley, COBIT, NIST and ITIL Demonstrate understanding of business processes, internal control risk management, IT controls, and related regulatory and compliance standards Perform technology risk assessments and reviewing, documenting, evaluating controls design and operating effectiveness, IT internal audit consulting activities (internal audits over ERP systems, IT security, and other IT systems), perform external audit assurance activities, and perform service organization control services activities related to SSAE18 SOC 1 and SOC 2 reporting services Performing risk analysis by reviewing the information security policy documents against industry standards/ regulatory requirements and drafting risk reports, which summarize the information security assessment including any risks to the organization Execute components of IT audits under offshore delivery model in an effective and efficient manner Use problem solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw the appropriate conclusions to best advise our clients Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, supervisors, and senior management in the U.S. on a daily basis Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients Provide timely, high quality client service that meets or exceeds client expectations including coordinating the development and execution of the consulting work plan and client deliverables Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing an integrated service delivery Ensure professional development through ongoing education Open to work on other solution sets considering business requirements. Qualifications: B.Tech/MCA/MBA with ISO 27001 Lead Auditor and up to 2 years of relevant experience in Information Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, and IT Application Controls. Candidate should have intermediate knowledge of financials, operations and technology and its related risks Candidate should have good knowledge for SOC 1, SOC 2, IT General Controls, IT Application Controls, Information security and risk management frameworks/ standards (ISO 27001, NIST, COBIT, ITIL etc.) Qualified to pursue a job-relevant certification (CIA, CISA, CISM, CRISC, CISSP) Strong Data Analytical skills including advanced Excel skills (Vlookups, pivot tables, and basic formulas), Word and PowerPoint MS Visio skills to develop process and data flow diagrams Strong multi-tasking and project management skills Excellent verbal and written communication (English) as the position requires frequent communications with RSM International clients

At BlackStone eIT, we are seeking a passionate IT Security & Compliance professional to join our dynamic team. In this role, you will play a crucial part in ensuring the security of our IT infrastructure while aligning our practices with compliance standards. Your proactive approach will help us protect our data and systems from evolving cyber threats. Key Responsibilities: Establish and maintain security policies, compliance frameworks, and risk management strategies that meet industry standards. Perform regular audits and assessments of our IT systems to identify and mitigate security vulnerabilities. Investigate security incidents and ensure effective incident response and documentation. Work alongside various departments to ensure understanding and adherence to security policies and compliance regulations. Conduct training and awareness sessions for employees regarding security best practices and compliance obligations. Keep abreast of the latest trends in cybersecurity threats and compliance issues. Prepare detailed reports and presentations on security metrics and compliance audits for management. Collaborate with external auditors and regulatory agencies during assessments. Bachelors degree in Computer Science, Information Systems, Cybersecurity, or a related discipline. 3-5 years of experience in IT security, risk assessment, or compliance roles. Knowledge of security frameworks

At BlackStone eIT, we are seeking a passionate IT Security & Compliance professional to join our dynamic team. In this role, you will play a crucial part in ensuring the security of our IT infrastructure while aligning our practices with compliance standards. Your proactive approach will help us protect our data and systems from evolving cyber threats. Key Responsibilities: Establish and maintain security policies, compliance frameworks, and risk management strategies that meet industry standards. Perform regular audits and assessments of our IT systems to identify and mitigate security vulnerabilities. Investigate security incidents and ensure effective incident response and documentation. Work alongside various departments to ensure understanding and adherence to security policies and compliance regulations. Conduct training and awareness sessions for employees regarding security best practices and compliance obligations. Keep abreast of the latest trends in cybersecurity threats and compliance issues. Prepare detailed reports and presentations on security metrics and compliance audits for management. Collaborate with external auditors and regulatory agencies during assessments. Bachelors degree in Computer Science, Information Systems, Cybersecurity, or a related discipline. 3-5 years of experience in IT security, risk assessment, or compliance roles. Knowledge of security frameworks

At BlackStone eIT, we are seeking a passionate IT Security & Compliance professional to join our dynamic team. In this role, you will play a crucial part in ensuring the security of our IT infrastructure while aligning our practices with compliance standards. Your proactive approach will help us protect our data and systems from evolving cyber threats. Key Responsibilities: Establish and maintain security policies, compliance frameworks, and risk management strategies that meet industry standards. Perform regular audits and assessments of our IT systems to identify and mitigate security vulnerabilities. Investigate security incidents and ensure effective incident response and documentation. Work alongside various departments to ensure understanding and adherence to security policies and compliance regulations. Conduct training and awareness sessions for employees regarding security best practices and compliance obligations. Keep abreast of the latest trends in cybersecurity threats and compliance issues. Prepare detailed reports and presentations on security metrics and compliance audits for management. Collaborate with external auditors and regulatory agencies during assessments. Bachelors degree in Computer Science, Information Systems, Cybersecurity, or a related discipline. 3-5 years of experience in IT security, risk assessment, or compliance roles. Knowledge of security frameworks

Key Deliverables: Lead cyber risk assurance initiatives, including control testing and framework implementation Conduct system-level assessments and ensure remediation of security gaps Monitor cyber risk indicators and produce governance-level reporting Design and improve processes to strengthen enterprise-wide cybersecurity posture Role Responsibilities: Perform gap assessments across ISO 27001, NIST, CIS, PCI frameworks Review and validate evidence for control assurance from tech teams Build and maintain strong relationships with IT, business, and security stakeholders Mentor teams on cyber governance standards and risk assessment techniques

Role & responsibilities Requirement IT Risk Assessment Location : Mumbai/Gurgaon Work mode : 5 days WFO Experience 4+ years(AM), 7+ years(Manager) Budget max 15 LPA(AM), 24 LPA(Manager) Mandates IT Audit, Risk Assessment, ITGC, ITAC Have you executed client related engagements in the areas ITGC, process reviews, IT Application Controls, standard operating procedures review, SOCR (SOC 1, SOC 2), SOX 404 Audits. Have you identified engagement related risks and escalate issues as appropriate. Have you actively establish & strengthen client (functional heads & key influencers) and internal relationships. Have you Identified & escalated potential business opportunities for the firm on existing client engagements. Are you a Qualified CA or MBA or BTech/BE. (Preferred CISA or equivalent certifications) Preferred candidate profile Core ITRA Roles & Responsibilities: Responsible for managing audit engagements with a focus on IT risks Manages a team of IT audit professionals involved in evaluating and testing ITGCs, conduct business and IT process reviews, IT Application Controls tests, IPEs. third party assurance (SOC1&2) and related areas; Is seen as a subject matter expert either on specific technology platforms (SAP, Oracle etc.) or industry (FS, Manufacturing, Retail etc.) Supports leadership in developing the ITRA team by coaching, providing technical guidance during audit engagements, ensuring completion of work within tight deadlines and delivers high quality audit results consistent with the firms expectations. Is well versed with latest technology updates in the field and encourages team members to constantly learn and adapt. Engages with the client senior management in articulating IT audit findings and can convince them his point of view Engages with firms internal stakeholders on how the findings relating to IT audits have a bearing on the financial reporting and internal controls. Supports the firms quality agenda and ensures zero defect audits during internal/external quality reviews Is viewed as a trusted advisor by the team and the clients alike Actively establish & strengthen client and internal relationships. Assists leaders in developing new methodologies and internal initiatives. Identify & escalate potential business opportunities for the firm on existing client engagements. Should be a team player with a proactive and result oriented approach. Ability to prioritize, work on multiple assignments, and manage ambiguity. Should have excellent presentation & communication skills. High on personal integrity and work ethics and can be trusted without micro-level supervision from leaders Qualified CA, MBA, BTech/BE. / BSc IT (Preferred CISA or equivalent certifications)

1. Extensive experience working in the NBFC and Banking industry, with a solid understanding of the unique security challenges faced by these sectors. 2. Proven track record of conducting Cyber security reviews and performing gap assessments to identify and mitigate potential security risks. 3. Strong knowledge of DPDP and GDPR regulations, with the ability to ensure compliance and protect sensitive data. 4. Familiarity with Regulatory circulars related to Information security, Cyber Security, and Data Privacy, and the ability to stay informed on the latest developments in this rapidly evolving field. 5. Possession of certifications such as CISA, CISSP, ITIL, and ISO27000, demonstrating a commitment to professional excellence and ongoing education. 6. Excellent communication skills, with the ability to effectively communicate security requirements and risks to stakeholders at all levels of the organization. 7. Strong analytical skills, with the ability to assess complex security issues and develop practical solutions to address them. 8. Experience in implementing security policies and procedures to protect critical assets and ensure the confidentiality, integrity, and availability of information. 9. Ability to work independently and as part of a team, with a collaborative and proactive approach to problem-solving. 10. Commitment to ongoing professional development and staying abreast of industry trends and best practices. 11. One of the key skills required for this role is the ability to stay updated on the latest developments in the field of Information Security. The ideal candidate should have a deep understanding of emerging threats and vulnerabilities, as well as knowledge of best practices for mitigating risks. 12. In addition to technical skills, strong communication and interpersonal skills are also essential for this role. The consultant will be required to work closely with various stakeholders, including senior management, to implement Information Security measures and policies effectively. 13. Furthermore, the successful candidate should have a track record of successfully completing projects on time and within budget. They should be detail-oriented, proactive, and independent, with the ability to work well under pressure.

Role & responsibilities: Testing the controls from regulatory guidelines/circulars/advisories on IT and Cyber Security issued by RBI, SEBI, NSDL, NPCI, UADAI by identifying the observations based on control implementation & its effectiveness. Follow up with stakeholder to ensure timely testing of regulatory guidelines, legacy Circulars, Advisories, Show cause notice/ Penalties/Displeasures. Prepare Annual testing plan based on Compliance risk and senior management directions. Support IT & InfoSec team during the onsite IT Examination Review conducted by RBI. Conduct Compliance Testing / Review of RAR, RMP & other regulatory observations related to IT, InfoSec & Digital Banking units to ensure that regulatory guidelines are complied with. Coordinate with stakeholder for seeking responses in respect of testing observations, submission of periodic update to ACB, Board and RBI & Follow up for closure of open issues & observations. Review of new product and process notes. Assist in preparation of monthly / quarterly / annual submission to the Board / Audit & Compliance Committee. Automation of testing related to regulations. Compliance Monitoring & Testing. Regulatory inspection & audit management. Preferred candidate profile In depth knowledge of the regulatory environment for the banks in India particularly in IT and Cyber Security Area. Knowledge of all regulatory compliance requirements in IT & Information Security areas. Good knowledge of IT Governance frameworks & Risk Assessment and mitigation. Good understanding of Digital Banking products and regulations pertaining to the same. Good Co-ordination skills. Good research capabilities and intelligent interpretation of regulatory guidelines. Good knowledge of all the elements (commercial, operational) of banking. Demonstrated ability to drive results and be very effective in a startup. Good interpersonal skills.

JOB DESCRIPTION JOB TITLE -AVP/ VP- Internal Audit GENERAL DESCRIPTION - He/ She will be responsible for evaluating the company's internal controls, risk management processes, and compliance with policies and regulations. This role ensures operational efficiency, identifies financial discrepancies, and recommends improvements to mitigate risks. DIVISION/DEPARTMENT - Finance & Accounts DETAILED JOB DESCRIPTION- 1. Executing transactional & Internal Audit. 2. Ability to effectively perform the technical components of risk assessments to provide an accurate view of the client's current risk state. 3. Ability to perform end-to-end business process analysis and design. 4. Ability to assess and design internal controls by applying an understanding of internal control design frameworks and regulatory requirements. 5. Ability to enhance quality and efficiency of recommended risk solutions by applying relevant frameworks, conducting research, and performing analysis. 6 .Ability to conduct internal audits by leveraging approved processes and methodologies. 7. Ability to set the stage for a successful assessment of internal audit processes and controls by collecting and organizing data. 8. Ability to enhance quality of assurance engagements by identifying risks, performing testing, researching governing regulations, and developing reports. 9. Ability to leverage industry leading frameworks, methods, and tools to increase effectiveness of technology and data risk solutions 10. Ability to manage substantially large internal audit plan (4-5) and lead a team of 3-4 people. WORK EXPERIENCE REQUIREMENT - 10+ years experience in internal audit, preferably in real estate, construction, or infrastructure sectors EDUCATION REQUIREMENT - CA Qualified

IT Audit Manager At Smith+Nephew, we design and manufacture technology that takes the limits off living. As a key member of the Internal Audit team, the IT Audit Manager will be responsible for: leading IT Reviews; supporting the Director to develop the end-to-end IT Audit Plan; developing stakeholder relationships across the Group; coaching and mentoring more junior team members; and acting as an ambassador for the Internal Audit Function across the Group. What will you be doing? Leads and conducts assigned audit engagements (specifically IT audits consisting of complex cyber security, IT, and programme assurance reviews) successfully in accordance with the Global Internal Audit Methodology and professional standards. Represents Group Internal Audit in global steering committees and IT leadership forums to provide governance, risk and control related input. Drafts the Terms of Reference, develops audit programs and testing procedures relevant to risk and audit / test objectives. Supervises senior auditors and co-source staff assigned to engagements providing guidance and overall review of deliverables. Communicates assigned tasks to engagement team in a manner that is clear and concise ensuring high quality, accurate, and efficient results. Obtains and reviews evidence ensuring audit conclusions are well-documented. Identifies and communicates issues, offering recommended solutions relevant to business and risk. Drafts the closing meeting presentation. Prepares draft audit reports, ensuring that audit conclusions are based on a complete understanding of the process, circumstances, and risk. Assesses and monitors managements progress in implementing agreed upon actions. Provides technical expertise in emerging digital risk areas and GBS SOX and MAPS control efficiency and effectiveness improvements. Provides data analytics thought leadership and support to the Group Internal Audit team to enable continuous assurance. Assists in preparation of Annual Audit plan for IT and audit committee papers Ensures adequate focus on personal professional growth relevant to taking on more challenging assignments, in line with standard audit career progression proactively seeks relevant education and training opportunities. Acting as an ambassador for Internal Audit across the business. Performs other related duties as assigned. What will you need to be successful? Education: Graduate + CISA certified Preferred - Qualified Accountant (i.e; ACA / ACCA / CA / CPA / CMA) or CISM, CISSP or equivalent preferred. Min 10-12 years post qualified experience gained in either the profession and / or a large corporate internal audit / risk management department. Experience auditing cybersecurity, cloud and digital technologies. Experience auditing IT General Controls or SOX IT controls. Significant experience auditing SAP or another ERP. Experience of auditing large scale international systems implementations and / or project management of international systems implementations. Thorough knowledge of audit procedures, including the IIA standards and guidelines and risk-based auditing techniques. Strong understanding of IT and Cyber Security risks and controls Ability to lead audits, present findings to senior management and resolve conflict. Ability to write audit reports and maintain comprehensive audit papers. Experience in Teammate ( or similar Audit Management software) administration. PowerBI certifications and /or Data Analytics qualifications an advantage (preferred). Strong Data Analytics skills and proven experience in using tools such as PowerBI, Alteryx, MS Fabric etc. Excellent communication skills; oral and written. Able to communicate audit findings and negotiates with others to agree audit findings and recommendations often requiring them to adopt a different point of view. You Unlimited. We believe in crafting the greatest good for society. Our strongest investments are in our people and the patients we serve. Inclusion, Diversity and Equity- Committed to Welcoming, Celebrating and Thriving on Diversity. Learn more about it on our website: https://www.smith-nephew.com/. Other reasons why you will love it here! Your Future: Major medical coverage + policy exclusions and insurance non-medical limit. Educational Assistance. Work/Life Balance: Flexible Personal/Vacation Time Off, Privilege Leave, Floater Leave. Flexibility: Hybrid Work Model (For most professional roles)

About the Role: Core Responsibilities: Plan, execute, and report on internal IT audits. Evaluate the effectiveness of IT controls, identify risks, and provide recommendations for improvement. Conduct regular access reviews to ensure that users have appropriate access levels based on their roles. Evaluate the effectiveness of access controls in safeguarding sensitive information. Recommend improvements for identity and access management (IAM) processes. Perform internal risk assessments to identify vulnerabilities and ensure timely mitigation strategies. Work closely with IT, legal, and business teams to address audit findings and track remediation efforts. Preference and Experience: The candidate must have experience in IT auditing, IT risk management, or related fields. Proficiency in compliance with frameworks like ISO 27001, SOC 2, PCI DSS, ITGC, or other relevant standards. Hands-on experience conducting on-site and remote assessments of third-party vendors to evaluate their security posture and related controls. Proficiency in MS Office Suite with experience creating and presenting dashboards and reports. Must be CISA certified. Must have the capability to represent the audit reports to Management. Stay updated on the latest developments in IT audit and compliance practices. Comfortable traveling for on-site visits to the client side for audit purposes.