847 Cisa Jobs - Page 11

About Aurigo Aurigo is the world s leading provider of enterprise SaaS for capital program and project portfolio management. The geographical markets we serve are the United States and Canada. We deliver cloud-based software solutions to organizations that make and manage large infrastructure investments. Our target markets are public sector (state and local government). Our flagship Suite Aurigo Masterworks is helping plan and deliver over $400B of capital infrastructure across the US and Canada. Description: Responsibilities: Be a thought leader in security engineering and operations delivery - driving automation, analytics, and advanced threat analysis. Oversee technical delivery of security requirements, assessing and continually improving output and ensuring processes are developed and adhered to drive operational excellence. Manage and lead the security function and a small team of security analysts, ensuring prompt, efficient, and accurate resolution of identity and access matters. Implement automated security testing tools (SAST, DAST, IAST) and their deployment within continuous integration systems Author functional and technical documentation. Communicate on a deeply technical level with product engineering, project management and operations teams to improve and optimize products, improve infrastructure, and evolve services. Participate in Weekly/Bi-weekly/ Monthly/Quarterly business reviews Remain current on new technologies, methods and procedures including, but not limited to, coding practices such as Test-Driven Development, Continuous Integration, and Continuous Deployment. Lead Incident Response when the situation demands and drive it to closure with RCA and implementing controls to ensure similar incident does not occur in future Implement hardening and secure framework such as CIS, NIST 800-53 r5, OWASP, SANS etc. Perform vulnerability assessment & penetration testing on Web and Mobile applications. Attend design reviews and actively lead the discussions from a security standpoint Analyze possible security incident related to application security such as sensitive data exposure via web API and lead resolution and root cause analysis. Ensure that security requirements are identified early on and are being baked into all projects Work with different functions to implement best security practices across all areas in the software development lifecycle Prepare and present executive presentations on security posture as required Risk management Emerging threats assessment and deployment of countermeasures Requirements: B. E / B. Tech / MCA CISSP/CISA or equivalent certifications Experience in implementing multiple security layers to protect web and mobile applications using tools & services like WAF, DNSSEC, IDS, IPS, XDR, FIM, Exfiltration protection and similar solutions Experience with AWS GuardDuty, Inspector, secrets manager, IAM and AWS best security practices preferred. Experience in hardening software using CIS benchmarks SAST, DAST & SCA experience One among FedRAMP or ISO27001 implementation experience is required Thorough knowledge of NIST Cyber Security Framework required Implementation experience with SOC 2 Type II preferred Experience on Risk Management Competencies

Overview Seasoned Engineering Manager needed to lead IndiaGold s tech team shape vision, scale systems, drive innovation in asset-backed fintech. Company details IndiaGold is a deep-tech fintech platform enabling regulated entities to offer asset-backed products like digital gold loans with zero-touch, paperless onboarding, and automated purity checks. Website: https://indiagold.co.in Requirements 8+ years in software engineering 3+ years in senior tech leadership roles (Engineering Manager, Head/VP Engineering) Strong experience in system design and scaling backend-heavy, data-driven systems Expert in cloud infrastructure (AWS/GCP) and modern architectures Proficient in Node.js, Java, Spring Boot, Kotlin, React, MySQL Proven ability to build and manage high-performance engineering teams Experience in fast-paced startup environments Strong sense of ownership, bias for action, results-driven leadership (Good to have) Fintech or lending experience, especially asset backed lending (Good to have) Familiarity with compliance, data privacy, fintech audits (PCI-DSS, CISA), NBFC/banking systems Responsibilities Lead tech vision and architecture across web, mobile, backend, and DevOps Ensure system stability, scalability, security in regulated fintech Hire, mentor, and grow engineering talent; instill quality, ownership, velocity Define best practices for coding, testing, deployment, operations Collaborate with Product, Design, Data to deliver features fast and at scale Manage delivery timelines, engineering quality across squads Design secure, high-performance systems for large-scale financial data and transactions Align tech stack for future NBFC regulatory and compliance needs Drive long-term tech roadmap and evaluate emerging tech Partner with founders, Product, Business, Ops on technical priorities Lead audits and certifications (PCI-DSS, CISA) and manage third-party vendor relationships Job Details Location: Hybrid (2 days/week onsite) at 64, Sector 44, Gurugram, Haryana 122002, India Interview process Low-Level Design (LLD) High-Level Design (HLD) Business/Product Round 30-min Co-founder Round Important Note ClanX is a recruitment partner, helping IndiaGold hire the Engineering Manager role

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, youll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. How will you make an impact in this role? Eligible candidate will be responsible for managing Third Party Risk for American Express. The ideal candidate will possess knowledge of industry technology standards & information security best practices. Role will require adequate due diligence in conducting technical security assessments and post-assessment findings remediation discussions. Candidate should embody professional stakeholder management skills, as the role will require regular discussions with various various Stakeholders from internal business units, technology partners, assessor partners etc. Knowledge of ServiceNow or any other IS risk management tools will be a plus. Recommended Experience: 5+ years of relevant experience in Information Security/ Cyber Security risk management. Minimum Qualifications The candidate should preferably hold a Bachelor or Masters Degree in Information Security, Information Technology, Information Systems, Computer Science or other related fields. Preferred Qualifications CISSP, Security+, CRISC, CISA certifications highly encouraged. We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

Saviynt is looking for Principal Architect - Identity Management to design, deploy, configure and implement its leading Identity Governance (IGA) solution based on customer requirements. As an expert in deploying Identity Governance solutions, the primary responsibility will be to lead Saviynt solution deployments to meet customer requirements. WHAT YOU WILL BE DOING Provide thought leadership to customers for IGA in general and Saviynt in specific Provide industry wide best solution for the customer s use cases meeting functional as well as non functional requirements Provide consulting and advisory skills, capable of addressing customer expectations Architect and deploy Saviynt Identity Governance solution to meet customer requirements Design, deploy, implement, and integrate Saviynt with critical applications and infrastructure Follow approved life cycle methodologies, create documentation for design and testing Interact/coordinate with customers as required Provide technical oversight and direction to mid-level and junior Engineers Train and Groom top talent to be experts in Saviynt technology and IAM in general Assist operations team as required, coordinate with the product engineering team to advocate for the new features in the product Resolve technical issues through debugging, research, and investigation. Technical pre-sales support for direct and partner sales teams Provide technical expertise and real-life experience in creating solutions, designs, proof of concept, and implementation Conduct research and use knowledge of competitive solutions to effectively address and dispel customer objections Ensures delivery of high-quality product on time and within budget WHAT YOU BRING Bachelor s/equivalent in Engineering 15+ years of industry experience in design, development, customization, configuration, deployment of any Identity Management and Governance products Thorough domain knowledge on User Lifecycle Management, Provisioning and Reconciliation, Auditing, Reporting, and user activity Monitoring, Access Certification, SOD, Cloud Security Direct customer interaction and management skills Strong technical presentation and communication skills, both verbal and written Knowledge of Java/J2EE, SQL, Web Services (REST/SOAP), Directories, etc. Strong consulting and advisory experience Good problem solving and analytical skills Experience with RFP responses and proposals Good To Have: Cybersecurity certifications (CISSP, CISA, CISM, CompTIA Security+ and CEH etc.) Saviynt or any equivalent IGA product certification If required for this role, you will: - Complete security & privacy literacy and awareness training during onboarding and annually thereafter - Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):

Responsibilities Operate day-to-day Information Security Governance, Risk, and Compliance (GRC) activities across the organization. Support alignment and implementation of security standards including ISO 27001, PCI, NIST, and TISAX. Assist in the execution of Information Security Risk Management policies and procedures. Collaborate on internal and external audit activities, and track remediation efforts to closure. Support documentation, reporting, and evidence gathering for compliance and regulatory assessments. Contribute to the continuous improvement of governance processes, control effectiveness, and risk posture. Coordinate with business units and IT teams to ensure governance standards are understood and adhered to. Qualifications 3-5 years of experience in information security governance, risk, compliance, or audit. Working knowledge of ISO 27001, PCI-DSS, NIST, TISAX, or other major regulatory frameworks. Experience with policy implementation, risk assessment methodologies, and audit coordination. Ability to evaluate and articulate compliance requirements to technical and non-technical teams. Strong documentation, analytical, and reporting skills with attention to detail. Excellent interpersonal and communication skills to work cross-functionally. Preferred

We Offer Join us as an application audit manager within our cutting-edge controllership function, whereyou will have opportunities to contribute in building world class products that are audit ready. Thisrole also involves direct interaction with the PhonePes business teams, product teams,developers, where you will be encouraged to act as a trusted partner and use your independenceand influencing skills to support the improvement of the entitys risk and control environment. Your future colleagues Join a team where success is driven by our ability to identify emerging risks and presentcompelling arguments with breadth and depth. We collaborate across multiple skillsets (i.e.business, technology, change and data analysts) to build well-informed influencers with deepindustry knowledge and commercial expertise. A forward-thinking attitude has enabled us toadopt new technologies and ideas, helping minimize inefficiencies and maximize thinking time.The department values Diversity and Inclusion (D&I) and is committed to realizing the firms D&Iambition which is an integral part of our global cultural values. We Are Looking For - Must have 6+ Years of Relevant Experience of working on IT Internal / External Auditengagements - Control testing of IT Application Controls (ITAC) and Business processcontrols. - Good understanding of Business Process Reviews, Functional testing and Control gapanalysis. -Testing experience of Oracle Fusion controls and post implementation configurationreviews in different functional modules. - Ideally, you hold an undergraduate degree (BE/BTech/MTech) or CA/ACCA and one ormore IT audit certifications (e.g. CISA, CISSP, CIA) and have an interest in FinancialServices. - Solid understanding of risk and how controls can minimize those risks while beingcommercial. - Proven analytical skills and keen to collaborate with data specialists to shape audit testsand acquire relevant insights from data. - Good time management skills and precision in delivery. - Ability to present information in a succinct and concise way. - Strong social skills, a willingness to help others as well as addressing challengesencountered within audits in a proactive way. - Understands the value of diversity in the workplace and is dedicated to fostering aninclusive culture in all aspects of working life so that people from all backgrounds receiveequal treatment, realize their full potential, and can bring their full, authentic selves towork PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles) Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy Working at PhonePe is a rewarding experience! Great people, a work environment that thrives on creativity, the opportunity to take on roles beyond a defined job description are just some of the reasons you should work with us. Read more about PhonePe on our blog. Life at PhonePe PhonePe in the news

: Job TitleNFRM Information Security & Technology Risk Specialist LocationMumbai, India Corporate TitleAssociate Role Description An Information Technology & Security Risk Specialist to join the 2nd LoD Information Security & Technology Risk Team. The team is global, this role is within the Mumbai team (currently 1 person) which is being built out to support the global team. Should have a proven depth of knowledge and keen interest of Information Security and Technology and their application in large financial institutions. Working with other team members the role will input subject matter expertise and drive innovative approaches in applying risk management in an evolving threat environment. The team has a global footprint in Frankfurt, Singapore, London, Mumbai and USA. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Provide data and analytics reporting to support the team in monitoring the Information Security and Technology Risk Appetite, breaches and remediation. Where required support the implementation of automated data and analytics reporting process. Support the team delivery of Non-Financial Risk Management (NFRM) priorities such as risk & control assessments, scenario analysis, risk appetite. Monitor and challenge 1LOD Risk and Control Assessments (including results of 1LOD control testing/assurance). Perform 2LOD control assurance through targeted reviews of areas of concern. Gain an understanding and be able to articulate key Information Security and Technology regulatory requirements across APAC/MEA and their impact and implementation into the Information Security and Technology Risk Framework. Your skills and experience University degree (Computer Science, Business Administration or equivalent). Majors in Information Security and / or Risk Management are a plus. Experience (5+ years) in Information Security or Information Technology with experience in the Finance industry and/or a major Technology or Consultancy company preferred. Experience in IT Risk Frameworks such COBIT 2019 is ideal 3+ yrs Understanding and experience of technology from either a support, development or business analysis perspective Some level of technical understanding and training either as a data analyst, developer, business analyst or project manager are a plus. Knowledge of Information Security and Technology industry regulatory standards and/or Risk Frameworks (e.g. EBA Guidelines ISO / 27000 Series, COBIT 2019, DORA) are a plus. Experience of technology coding e.g python, java is a plus Understanding of IT controlsSDLC, managing technology obsolescence, disaster recovery is a plus Knowledge of Digital transformation, Private and Public Cloud, AI tooling a plus Relevant professional certifications e.g. CISSP, CISA, CISM, CRISC, ITIL, ISO27001 Lead Auditor or similar are a plus. Experience of working in large global teams yet comfortable working independently without day-to-day oversight and steer. Strong communication skills (English required). How well support you

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. American Express Internal Audit Group (IAG) has reinvented our audit process and is leading the financial services industry with our Audit NextGen, Data-Driven Continuous Auditing, and Auditor of the Future initiatives. Each uniquely support our Winning Aspiration to be a world class internal audit function that: Provides data-driven and technology-enabled assurance Delivers timely risk insights that are business-aware and forward-looking Supports our colleagues with experiences that prepare them to be enterprise leaders Collectively, IAG s strategic initiatives, combined with our greatest asset our people enable IAG to utilize advanced data analysis capabilities, provide greater and continuous assurance, and help ensure quality products and services are provided to American Express customers. IAG s innovative Data-Driven Continuous Auditing approach has led to patent-pending technology assets over our uniquely developed audit methodology and technology enablers. We are looking for those who share our mission and aspirations and are passionate about the use of data and technology in a collaborative, people-focused environment. About the Internal Audit Group at American Express Our Internal Audit Group is a worldwide function with 340+ team members and offices across nine countries within American Express. Our mission is to protect and enhance organizational value by providing independent, objective, risk-based assurance, advisory services and to influence the way the company manages risk. We are committed to growing our audit staff significantly as we continue to expand and enhance the Internal Audit Group. Our assurance and risk professionals have diverse backgrounds including internal controls, consumer compliance, technology, operational risk, financial accounting, data analytics, and banking operations. Our audit teams align to key risk areas and business units to ensure IAG can provide comprehensive and risk-based audit coverage. In addition, IAG has a Professional Practices group responsible for managing audit operations, quality, and standards; regulatory relations; reporting; training and professional development; and key internal capabilities and technologies. About the Role: Our Internal Audit Group (IAG) is seeking an eager Audit Manager to be part of the IAG s Asia Pacific (APAC) team in India. In this role, the ideal candidate will be responsible for assisting on multiple APAC audits and other global/ regional portfolios across IAG. This is an exceptional opportunity for you to showcase and further expand your audit skills, and knowledge! About the Team: IAG s APAC team in India primarily works on the APAC regional audits and assist other global/ regional portfolios across . IAG is heavily focused on utilizing a data driven auditing approach across all audit portfolios. The Key Responsibilities of the role include: Participate as a key team member on APAC audit projects responsible for assisting with annual planning and owning core audit tasks, more complex areas and challenging workloads on successive assignments Collaborate with audit teams to understand the data behind key processes, risk and controls to develop analytic control tests and analyze and interpret their results Proficient use of automated work papers, analytics and other department and company tools Monitor a portfolio of audit analytics, assess results, & use data to tell the business story, and work with audit and business colleagues to validate findings Evaluate results, synthesize audit findings across the project, draft audit reports and ensure effective and efficient execution of audits in conformance with professional and department standards, budgets, and timelines Present audit objectives, scope, and results to senior management, clearly articulating the potential impact of control gaps in a highly professional and proficient manner Assist audit leaders and other team members in accomplishing team objectives and producing results. Execute multiple simultaneous audit projects of all sizes and complexity across multiple business areas including integrated audits that consider financial, operational, compliance and technology risk. Effectively coach, teach, mentor and develop junior colleagues and co-sourced resources across all aspects of their role, the audit and analytic lifecycle, and audit methodology Effectively manage scheduling, utilization and performance management for the assigned team members Maintain internal audit competency through ongoing professional development Minimum Qualifications 7+ years of relevant audit experience within the financial Services Industry BA, BS, or equivalent degree in accounting or finance related field Knowledge and experience in the application of control theory and professional auditing practices including the audit lifecycle Understanding of regulatory, accounting, and financial industry best practices relevant to the business, including technology and data implications Ability to break-down a complex problem into components, solve them using data analysis, process knowledge and risk/control knowledge, and communicate results and control recommendations with transparency and integrity Strong written and verbal communication skills that deliver quality, actionable and beneficial feedback to management on potential control issues and solutions to close gaps. Effectively works independently, within a team and across teams in a fast-paced environment to drive business results, utilizing related project management skills, employing creative thinking, and the ability to work on competing priorities Preferred Qualifications Experience with technology control testing including interface inputs, reports, application security, business continuity and third parties Experience with using data analytic tools, data visualization, key risk indicators (KRIs), key performance indicators (KPIs), and scorecards / dashboards Background in information systems, data analytics or information technology Professional Certification (CIA, CPA, CISA or equivalent) Experience from big accounting firms or global internal audit functions

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. The SOX Governance and Advisory team within Controllership (1LOD) plays a critical role in supporting the enterprise by developing and executing a risk-based plan to assess and enhance the company s internal controls over financial reporting. The team utilizes a robust governance framework and testing program to manage financial reporting risk in compliance with the company s 2LOD objectives and requirements of the Sarbanes Oxley Act. This is an Analyst position in the SOX Governance and Advisory team, responsible for supporting the Sarbanes-Oxley (SOX) compliance program across American Express in addition to compliance with the Company s Operational Risk Management framework for the Finance organization. Reporting to the Manager of SOX Assurance, the successful candidate will be responsible for testing, monitoring and optimization of internal controls over financial and regulatory reporting including associated Information Technology (IT) systems. The individual should possess excellent communication, presentation and stakeholder management skills. Primary responsibilities include : Validate design and operating effectiveness of SOX controls through testing, across all Business Units (BUs) to support Control Owners / Process Owners in quarterly SOX certification process IT control testing including interface inputs, key reports, applications, business continuity and third parties Collaborate with key stakeholders including Business Process teams, BU Control Management, Operational Risk Management, Internal Audit, etc. for quarterly SOX testing and reporting Perform year-end control testing to support our external auditors, PwC, for their annual SOX audit Partner closely with internal stakeholders and external auditors to resolve testing related observations / queries Drive enhancements in control environment by identifying the improvement opportunities to SOX Controls High degree of organization, individual initiative, results and solution oriented, and personal accountability and resiliency. Exemplify strength in the American Express Leadership Model: set the agenda, bring others with you and do it the right way, and put enterprise thinking first. Preferred Qualifications Qualified Professional (Chartered Accountant / MBA Finance from a premier institute) with 4+ years of relevant experience in SOX compliance, Internal Audit, etc. typically from a Big 4 firm. Certified Information Systems Auditor (CISA) qualification preferred. Knowledge of the Sarbanes Oxley Act (including Sections 302 & 404) and in-depth understanding of COSO Framework, Risk Assessment and Internal Controls Over Financial Reporting (ICFR) Understanding of the testing methodology, controls / test procedures interpretation and to conclude on testing results Excellent communication skills, both written and verbal, with the ability to clearly and concisely articulate issues in a timely and effective manner. Demonstrated strong abilities in key Financial Reporting skills, including financial reporting risk management/ program, risk assessment, internal audit coordination, and external fraud risk management/ program. We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally: Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities

As the world works and lives faster, FIS is leading the way. Our fintech solutions touch nearly every market, company and person on the planet. Our colleagues are empowered to learn, grow, and make an impact-in their careers and communities. Our teams are inclusive and diverse, working and celebrating together. If you want to grow personally and professionally, we d like to know: Are you FIS? About the role: The Staff is an entry level or lightly experienced auditor focused on testing audit project related controls. As trusted advisors to management, FIS Internal Audit provides independent audits of operational, financial, IT, and regulatory compliance processes in the fast-paced fintech industry. Collectively, we are a team of inclusive, diverse, and performance driven self-starters. To support our associates, we provide a clear career path and reward performance by promoting from within. We offer a mentorship program, internal training, plus a budget for external training, hundreds of free online classes, and certification opportunities. What you will be doing: Support the audit teams during financial, operational, regulatory, and/or Sarbanes-Oxley (SOX) audit projects. Support special investigations where requested. Evaluate and validate financial, operational, and regulatory processes, risks, and controls at the audit engagement level. Execute work programs and document workpapers and other audit materials that meet all relevant professional practice and FIS Internal Audit methodology requirements Contribute to well-written and meaningful reports summarizing audit results. Actively seek out performance feedback and coaching and take ownership of personal professional development plan. What you will need: Earned a bachelor s degree in accounting, finance, technology, or other related discipline. Hold a professional certification (e.g. CIA, CISA, CPA, CFE, CISM, CISSP), or have the desire and determination to pursue such. Industry or professional services firm experience a plus. Ability and willingness to travel (up to 5%, depending on location). Excellent communication skills (oral and written). What we offer you: At FIS, you can learn, grow and make an impact in your career. This role exposes you to a variety of lines of business and corporate functions at FIS. As you grow your network at FIS, you will have ample opportunity for upward movement within the department or laterally in other areas of the enterprise. In addition, you receive exceptional benefits including: Flexible and creative work environment with a hybrid working arrangement Diverse and collaborative atmosphere Professional and personal development resources Opportunities to give back Work - life balance Competitive salary and benefits Bonus if you have: Experience in highly regulated environments Professional services experience acquired from a Big 4 environment or highly regarded consulting firm

Job Summary GRC Consultant Responsibilities Job Summary We are seeking an experienced IT GRC Manager to lead our Governance Risk and Compliance initiatives The candidate will be responsible for developing and implementing IT GRC strategies ensuring compliance with regulatory requirements and managing risk across the organization This role requires a deep understanding of IT governance frameworks risk management practices and compliance standards Key Responsibilities Governance Develop and maintain IT governance frameworks policies and procedures Ensure alignment of IT strategies with business objectives Oversee the implementation of IT governance initiatives and monitor their effectiveness Risk Management Identify assess and manage IT risks across the organization Develop and implement risk mitigation strategies Conduct regular risk assessments in according with NIST standard and audits to ensure compliance with internal and external standards Compliance Ensure compliance with relevant regulatory requirements eg GDPR HIPAA SOX Develop and maintain compliance documentation and reports Coordinate with internal and external auditors to facilitate compliance audits Leadership Lead and mentor a team of IT GRC professionals Collaborate with crossfunctional teams to promote a culture of risk awareness and compliance Provide regular updates to senior management on IT GRC activities and initiatives Qualifications Strong knowledge of IT governance frameworks eg COBIT ITIL Experience with regulatory compliance standards eg GDPR HIPAA SOX Excellent analytical problemsolving and communication skills Relevant certifications eg CISA CRISC CISM are a plus Skills Strong leadership and team management skills Ability to work collaboratively with crossfunctional teams Proficiency in risk assessment and management tools Excellent organizational and project management skills Strong attention to detail and ability to manage multiple priorities

Overview Skills:-Information Security Governance, GRC Analyst, Security Governance, IT Compliance, Security Risk Analyst Location:- Bangalore, Hyderabad Shift Timings:- 6.30 pm - 3.30 am Analyst, Information Security Governance Omnicom Global Solutions, Hyderabad IN About Omnicom Global Solutions Omnicom Global Solutions is an integral part of Omnicom Group, a leading global marketing and corporate communications company. Omnicom’s branded networks and numerous specialty firms provide advertising, strategic media planning and buying, digital and interactive marketing, direct and promotional marketing, public relations, and other specialty communications services to over 5,000 clients in more than 70 countries. OGS India plays a critical role for our group companies and global agencies by providing stellar products, solutions, and services across Creative Services, Technology, Marketing Science (Data & Analytics), Advanced Analytics, Market Research, Business Support Services, Media Services, and Project Management. With over 4000 talented colleagues in India, we are growing rapidly and are looking for professionals like you to help build the next chapter of our journey. Responsibilities Key Responsibilities Operate day-to-day Information Security Governance, Risk, and Compliance (GRC) activities across the organization. Support alignment and implementation of security standards including ISO 27001, PCI, NIST, and TISAX. Assist in the execution of Information Security Risk Management policies and procedures. Collaborate on internal and external audit activities and track remediation efforts to closure. Support documentation, reporting, and evidence gathering for compliance and regulatory assessments. Contribute to the continuous improvement of governance processes, control effectiveness, and risk posture. Coordinate with business units and IT teams to ensure governance standards are understood and adhered to. Qualifications Required Qualifications 3–5 years of experience in information security governance, risk, compliance, or audit. Working knowledge of ISO 27001, PCI-DSS, NIST, TISAX, or other major regulatory frameworks. Experience with policy implementation, risk assessment methodologies, and audit coordination. Ability to evaluate and articulate compliance requirements to technical and non-technical teams. Strong documentation, analytical, and reporting skills with attention to detail. Excellent interpersonal and communication skills to work cross-functionally. Preferred Qualifications Certifications such as ISO 27001 Lead Implementer/Auditor, CISA, or similar. Experience with GRC platforms and tools. Exposure to vendor risk management and compliance monitoring.

Vulnerability Management - Job Title Vulnerability Management x 1 Role Description Responsible for facilitating end to end vulnerability management responsibilities with internal employees and AT&Ts external auditing firms for Service Provider PCI, SOC, and ISO 27001 audits. Key Role and Responsibilities: 1. Schedule and ensure weekly scans are conducted, results are provided to the appropriate Remediation Owners and applicable Critical, High, and medium security risk vulnerabilities are addressed in a timely manner. 2. Schedule and facilitate meetings with internal employees to obtain, review, and analyze device inventory for assets supporting AT&T services in scope for a PCI, SOC, or ISO 27001 audits. 3. Schedule and facilitate meetings with internal employees covering vulnerability scan results providing Remediation Owners with information to help address in scope vulnerabilities to be compliant with PCI and ASPR requirements. 4. Schedule and provide training for internal employees covering vulnerability scanning and remediation for the latest PCI and ASPR requirements. 5. Perform security analysis, drive technical security assessments, and monitor and report on remediation progress. 6. Provide guidance to remediation teams to ensure compliance with regulatory, contractual, and legal requirements. 7. Perform scanning reconciliations to quickly identify in scope devices that were not properly scanned. 8. Follow-up with appropriate representatives to gain an understanding why in scope devices were not scanned and schedule rescans to ensure scanning of all in scope devices. 9. Assist with and perform penetration and segmentation testing for AT&T services. 10. Meet with external auditors as needed to review required audit evidence. 11. Contribute to the overall success of the team by identifying and documenting process improvements and creating and maintaining process documentation. Required Skills 1. Advance project management, time management, Microsoft PowerPoint, Excel, Outlook, and Word skills are required. 2. Advanced verbal and written skills are required. 3. ServiceNow experience using the vulnerability response module. Desired Skills 1. Bachelors degree in Computer Science with an emphasis in information systems is preferred. 2. Minimum of 5 years of experience in IT Operations, external PCI DSS audits, and 3 years of IT Security is preferred. 3. The following certifications are an asset, CISSP, CISM, CCSK, CCSP, PMP, and CISA. Service supported Vulnerability Management Location- Bangalore/Hyderabad Yrs of Exp-5+Yrs

About this role We are looking for an experienced individual to lead the RQA Risk Assessment & Assurance Team in Mumbai, India. Business Overview Understanding and managing risk is the cornerstone of BlackRock s approach to responsible investing. The Risk & Quantitative Analysis (RQA) group provides independent oversight of BlackRock s fiduciary and enterprise risks. Our mission is to advance the firm s risk management practices and to deliver independent risk expertise and constructive challenge to drive better business and investment outcomes. RQA promotes BlackRock as a leader in risk management by providing independent top-down and bottom-up oversight to help identify investment, counterparty, operational, regulatory, technology, and third-party risks. RQA is committed to investing in our people to increase both individual enablement and a strong collaborative environment. As a global group located all around the world, our goal is to create a culture of inclusion which encourages teamwork, innovation, diversity and the development our future leaders. We actively engage in discussions on career growth and work with team members to understand how personal passions and strengths connect with our purpose. Who We Are As part of the broader Thematic Risk Assessment team (TRA) within the Enterprise Risk Management group (a Second Line of Defense function), the RQA Risk Assessment & Assurance (RAA) Team is vital to the true-up understanding of our enterprise risk and control landscape, and continued confidence that our risk management processes are effective and reliable. These help provide assurance that the firm s enterprise risk management framework is adept at managing current and emerging risks, protects protecting our clients and firm, and supports the achievement of firm-wide business goals within our risk tolerance. Key stakeholders include, but not limited to, broader RQA Enterprise Risk Management teams and leaders, Enterprise Technology Risk & Control (First Line of Defense risk function), Innovation Office and Information Security, and other risk and control functions. What You Will Be Doing : Your primary responsibilities include: Execute risk assurance plans that evaluate, monitor and report on the design &/or effectiveness of enterprise risk assessment programs and its activities. Perform and support thematic risk assessments that evaluate enterprise risks of interest. Identify, analyze, execute, and support improvements to enterprise risk assessment programs. Manage the RAA Team and team members performance. Identify, dimension, and propose practical solutions for improving enterprise risk assessment programs, risk management processes, risk and control taxonomies, and risk and control assessment techniques. Identify and escalate potentially systemic enterprise risk issues in a timely manner. Ensure risk assessment and assurance exercises are comprehensively documented and reported. Be a risk champion within the wider BlackRock business. What We Look For : As a Team Lead with people management responsibilities, you must have: Strong risk and control assessment expertise (especially in technology &/or information security). Excellent attention to detail, strong work ethics, and able to work as part of a global team and make informed risk management decisions. 13+ years of practical experience in Enterprise &/or Technology Risk Management, Business Process Engineering, Quality Assurance, or Audit (experience earned in Asset Management or Banking industry is preferred). 5+ years of experience leading and performance managing a team (non project-based). 5+ years of experience in performing risk and control assessments, quality testing, control testing, &/or IT auditing. Demonstrable ability to identify and analyze process, risk and control issues, challenge the status quo, and work with cross-functional and international teams to ideate pragmatic solutions that strengthen the risk management framework. Strong understanding of industry-leading practices and control frameworks (e.g. CRI Profile, NIST CSF, ISO 27001, SOC, SOX, SWIFT, and COBIT). An ability to explain complex ideas &/or sophisticated technical concepts in simple but impactful terms and use effective communication to influence outcomes. Familiarity with office productivity, usage of open-source frameworks and business intelligence tools, including (but not limited to) Microsoft Office, PowerBI &/or Tableau. The following are competitive advantages that we are interested in: You are a Certified in Risk & Information Systems Control (CRISC), a Certified Information Systems Auditor (CISA), &/or Six Sigma-certified. You have both led and performed technology &/or business risk and control assessments. You have automated control assessment activities or analytics using one or more of the following: Python, JavaScript, .NET &/or SQL. Good understanding of worldwide regulatory requirements. Our benefits . Our hybrid work model BlackRock s hybrid work model is designed to enable a culture of collaboration and apprenticeship that enriches the experience of our employees, while supporting flexibility for all. Employees are currently required to work at least 4 days in the office per week, with the flexibility to work from home 1 day a week. Some business groups may require more time in the office due to their roles and responsibilities. We remain focused on increasing the impactful moments that arise when we work together in person aligned with our commitment to performance and innovation. As a new joiner, you can count on this hybrid model to accelerate your learning and onboarding experience here at BlackRock. . This mission would not be possible without our smartest investment the one we make in our employees. It s why we re dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive. For additional information on BlackRock, please visit @blackrock | Twitter: @blackrock | LinkedIn: www.linkedin.com / company / blackrock BlackRock is proud to be an Equal Opportunity Employer. We evaluate qualified applicants without regard to age, disability, family status, gender identity, race, religion, sex, sexual orientation and other protected attributes at law.

Business Function Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Banks operational processes and inspire to delight our business partners through our multiple banking delivery channels. Job Purpose This is to manage risks for LOBTs acting as Line 1 risk manager Key Accountabilities: Assist Line of Business Technology in managing technology and operational risks Drive and ensure regulatory compliance for the LOBT Liaise and co-ordinate audit activities involving the LOBT Issue & Action management for LOBT including is impacted (across external and internal audits and reviews and excluding IT Information Security) and action planning. Engagement across Technology verticals, Operations, Business, Compliance to prioritize, plan, act, prove, close all open findings within committed timelines. Scan regulatory requirements, circulars to ensure forward planning and execution for compliance. This includes Singapore and India regulatory requirements. Prepare, maintain and conduct control testing for units Risk Control Self Assessments (RCSAs) Outsourcing Risk assessment for the LOBT Monitor risk issues and incidents for LOBT. Job Duties & Responsibilities: Liaise with stakeholders within and outside DBS, including at Group level to have a comprehensive view of all Technology Risks. Engage with Technology verticals and others as appropriate within DBS, to progress on closure of all open points. Engage with Compliance, understand the regulatory requirements at country and group level, and add these to the action points which Technology must ensure. Early identification of execution challenges in risk mitigation actions and being an effective catalyst with Technology teams and seniors to resolve bottlenecks such as cost or resource approvals, conflicting priorities. Risk assessment for LOBT covering partners, external environment and identify potential risks such as relating to scale-preparedness, DR & BCP support for the organization, code quality in terms of testing and deployment governance. Regular updates as per agreed rhythm, and fronting dialogues with stakeholders/LOBT, to highlight process on Risk Management and Risk Mitigation. Liaise with relevant departments to ensure awareness of Technology Risk within the DBS India Technology Team, and partner for this awareness across DBS India. Liase with Line of Business Risk in the region and co-ordinate efforts for the LOBT landscape used by India. Requirements Ideally, 10+ years of successful experience in Technology Risk Management, Information Security, Technology Audit. Education / Preferred Qualifications: Ideally, risk-accreditations like CISA, CRISC, CISM, CISSP experience on Information System audits and remediation, Agile Scrum accreditation and/or experience, and has worked as a Lead Auditor in Information System audits including ISO audits. Minimum Computer Science or Technology Management graduate, preferably in Info-Sec specialization. Core Competencies: Awareness of Information Systems and their complexity, potential points of failure from a risk perspective. Good communication skills and ability to manage dialogues with seniors. Readiness to raise the red flag” for risks, in the interests of the bank.

New requirement - JD for Cybersecurity risk manager: Key responsibilities As a Cyber Risk & compliance Professional in our Group CISO office, you will be occupied in the following domainsa) Risk management b) Compliance.This role is responsible for planning, managing and coordinating various cybersecurity risk management activities focused on identifying, assessing, and mitigating risks for the enterprise from a business perspective. Skill requirement: Degree, or equivalent, in Information Security or Cyber Security or Computer science or similar course Self-motivation to continuously develop in the areas of cybersecurity Ability to prioritize and complete multiple complex projects under tight deadlines Ability to translate security issues into business risks Excellent interpersonal skills and ability to work effectively within a team at all hierarchical levels Willingness to research client inquiries and emerging issues, including regulations, industry practices, and new technologies Experience, knowledge and strong interest in information and cyber security domains are essential for this role Experience Cyber / technology risk assessments & management methodologies Hands on with assessment report preparation and presenting to senior technical and business stakeholders Articulative and confident in presentation to senior stakeholders Knowledge of use of and risks related to modern and emerging technologies Cybersecurity audit Advanced knowledge and understanding of ITGC, NIST 800-53, NIST CSF controls and Risk management frameworks Expertise in complex business processes and technological risks Deep understanding of security technologies including firewalls, proxies, SIEM, XDR, CSPM, IGA, PAM, Data protection Experience8 12 years. Applications from people with disabilities are explicitly welcome.

Manager (IT) Compliance & Audit The ZS IT Governance, Risk & Compliance (GRC) team is a global function that plays a critical role in aligning with ZS' business strategy and operating model. The team's mission is to empower ZS' 13,000+ employees and their clients with the tools, insights, and frameworks needed to effectively manage operational risk and meet compliance requirements in an increasingly complex regulatory landscape. The GRC team is responsible for ensuring that ZS maintains the highest standards of compliance by managing a diverse portfolio of certifications and audits across multiple domains, including Information Security, Privacy, and Environmental, Social & Governance (ESG) . The team's scope of work includes maintaining compliance with industry-recognized standards such as ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and ESG , providing comprehensive oversight on risk management, security, and privacy practices. By offering independent assurance to both internal stakeholders and external parties, the GRC team ensures that ZS consistently adheres to globally established compliance frameworks, controls, policies, and industry standards. This stewardship strengthens ZS' ability to mitigate risks, meet client and regulatory expectations, and uphold its reputation as a trusted partner across industries. Additionally, the GRC team fosters continuous improvement, not only by responding to evolving regulations but by driving proactive initiatives that embed a culture of compliance and risk awareness throughout ZS operations. This holistic approach helps safeguard ZS assets, data, and relationships in a fast-paced and increasingly interconnected business environment. Manager (IT) Compliance & Audit The Manager, IT Compliance & Audit will be a seasoned leader in the information security compliance domain, driving projects related to critical certifications like ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and others. The individual will play a pivotal role in managing and ensuring compliance with regulatory and operational security standards while collaborating with various stakeholders, including the CISO, CRO, DPO, Head of Cloud Engineering, IT Stakeholders, and other senior leaders. The role requires hands-on technical and functional expertise, along with the ability to manage and develop teams, oversee compliance programs, and report to leadership committees. Key Responsibilities: Compliance & Audit Management: Lead and manage the implementation, maintenance, and certification processes for ISO 27001, 27701, 27017, HITRUST, SOC 2, SOC 3, and similar standards. Oversee and manage internal and external audits, identifying gaps, and ensuring timely closure of audit findings. Collaborate with cross-functional teams, including IT, security, legal, and risk management, to ensure alignment on security compliance initiatives. Drive continuous improvement initiatives to enhance compliance posture, developing and enforcing security policies, procedures, and controls. Stakeholder Collaboration & Communication: Act as the primary liaison between teams and external auditors, certification bodies, and regulators. Build and maintain strong working with key stakeholders, including the CISO, CRO, DPO, Head of Cloud Engineering, IT, and legal teams, to ensure compliance objectives are met. Provide expert advice on compliance issues and support various departments with technical and policy-driven . People Management & Leadership: Lead, mentor, and develop a team of professionals, fostering a high-performance culture. Manage team workload, project , and career development, ensuring that the team is up-to-date with industry standards and compliance practices. Oversee team training programs to ensure sharing and skills development in compliance and audit. Project Management & Reporting: Lead compliance projects, including forecasting, resource planning, and reporting progress to leadership committees. Develop project timelines, track, and ensure timely delivery of compliance and audit activities. Provide regular reports and updates to management, including dashboards and key performance indicators (KPIs) to assess the organizations compliance and risk posture. Collaborate with internal teams to ensure smooth integration of compliance requirements into new and existing technologies, including AI, cloud services, and data privacy technologies. Strategic Planning & Operational Compliance: Contribute to the development of the organizations broader compliance strategy, aligning with industry trends and emerging regulations. Proactively identify potential risks and vulnerabilities and develop risk mitigation strategies. Lead operational compliance efforts across various functions, ensuring comprehensive coverage of security, privacy, and data protection requirements. Qualifications & Experience: Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field. A masters degree or MBA is preferred. Minimum 10-12 years of experience in IT compliance, audit, and information security, with specific experience managing ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and related certifications. Proven track record of managing compliance programs and leading audits across large, complex organizations. Strong leadership and people management experience, with a demonstrated ability to lead, develop, and motivate high-performing teams. Excellent project management skills with the ability to manage budgets, forecasts, timelines, and complex stakeholder requirements. Deep understanding of cloud security (Azure, AWS, GCP) and privacy standards, with experience working with cloud engineering and DevSecOps teams. Strong problem-solving skills with the ability to influence and engage with C-level executives and senior stakeholders. Certifications (Preferred): CISA (Certified Information Systems Auditor) CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) ISO 27001 Lead Auditor/Lead Implementer HITRUST Certified CSF Practitioner Certified Cloud Security Professional (CCSP) PMP (Project Management Professional) or equivalent certification Skills: Strong technical knowledge in information security standards and frameworks. Exceptional communication and presentation skills, with the ability to articulate complex compliance issues to technical and non-technical audiences. Experience with AI and its implications n compliance, security, and data privacy will be an advantage. Proficiency in GRC (Governance, Risk, and Compliance) tools and software. Why Join Us? ZS is a global consulting firm; fluency in English is required. Candidates must possess work authorization for their intended country of employment. An on-line application, including a cover letter expressing interest and a full set of transcripts (official or unofficial), is required to be considered. ZS offers a competitive compensation package with salary and bonus incentives, plus an attractive benefits package. Opportunity to lead and shape the compliance landscape of a forward-thinking organization. Work with cutting-edge technologies in a collaborative, dynamic environment. Competitive compensation and benefits package.

Experience: 6-7 Years Job Location - Bangalore and UAE Managing GRC Projects – Risk Management Specialist Any one Relevant certification is mandatory: CISSP, CISA, CISM, CRISC, CGEIT, GRCP, GRCA Should have team lead experience

A Day in the Life We value what makes you unique. Be a part of a company that thinks differently to solve problems, make progress, and deliver meaningful innovations. The Cardiac and Vascular Group brings all of our cardiac and vascular businesses together into one cross-functional, collaborative operating unit to employ the full breadth of our talent, technologies, products, services, and solutions to address the needs of customers and patients across the globe. Cardiac Rhythm Management offers devices and therapies to treat abnormal heart rhythms, as well as cardiac monitoring solutions. Be on the frontlines of the emerging area of medical device cybersecurity as an integral member and technical leader within a team responsible for creating, deploying, and monitoring cybersecurity and information security solutions for Medtronic s medical devices and supporting IT infrastructure. Interact with external and internal cybersecurity researchers to identify and remediate vulnerabilities within Medtronic products and systems. Work directly with R&D teams to ensure all relevant security risks are identified and evaluated, and appropriate and well-balanced solutions are implemented. Develop project security management deliverables for regulatory bodies to comply with standards / guidance documents, and successfully communicate cybersecurity technology to customers, regulatory bodies, and other stakeholders. Job Summary: We are seeking a highly skilled and experienced Senior Mobile Application Security Engineer to lead the security efforts for our mobile platforms (iOS and Android). You will be responsible for identifying vulnerabilities, implementing security best practices, and working closely with development teams to ensure secure mobile application design and deployment. Responsibilities may also include the following and other duties may be assigned. Conduct security assessments and code reviews of mobile applications (iOS and Android). Perform in-depth security assessments of mobile applications using static and dynamic analysis tools. Perform threat modeling and risk assessments for mobile app features and architecture. Integrate security tools and processes into the CI/CD pipeline for mobile development. Deep understanding of OWASP Mobile Top 10 and mobile attack vectors. Collaborate with developers to remediate vulnerabilities and implement secure coding practices. Lead penetration testing efforts and coordinate with third-party security vendors. Expert knowledge of iOS and Android security architectures and frameworks Proficiency in mobile security testing tools (OWASP ZAP, Burp Suite, MobSF, etc. ) Strong understanding of mobile apps reverse engineering and binary analysis Monitor and respond to mobile security incidents and vulnerabilities (e. g. , OWASP MASVS, CVEs). Stay updated on the latest mobile security threats, tools, and trends. Develop and maintain mobile security policies, standards, and guidelines. Mentor junior security engineers and provide technical leadership. Participate in incident response activities for mobile security events. Leads or participates in security architecture and design review meetings. Must Have: Minimum Requirements An undergraduate (bachelors) or graduate degree in computer science, computer engineering, electrical engineering, or similar discipline. Experience in embedded devices vulnerability assessment, especially medical devices and Threat Modelling and risk scoring Formal education in cybersecurity and information assurance. Minimum 7-year experience & 4 years of technical, cybersecurity-related experience, Experience in analyzing security posture and vulnerability assessment. experience in penetration testing, fuzz testing of Web, enterprise cloud and Desktop solutions, (Black box, gray box and Whitebox testing) Demonstrated understanding of information security practices, risk management processes, cybersecurity principles, and incident response methodologies. Nice to Have: Proficiency in mobile development languages (Swift, Objective-C, Java, Kotlin) Security Certifications (i. e. CEH, CISA, CISM, Security+, GSEC, OSCP, etc. ) Familiarity of embedded environments, vulnerability scanning tools, and common attack routes Strong technical and troubleshooting skills. Capability to research and evaluate emerging technologies. Innovative thinker with the ability to think outside of the current norms and processes. Demonstrated ability to be flexible. Excellent written and verbal communication skills Demonstrated ability to develop and grow productive, trusting, and open relationships with a wide variety of constituencies. Demonstrated leadership and teamwork skills. Demonstrated ability to communicate complexity in a clear manner. Demonstrated experience interfacing with customers and other external stakeholders regarding cybersecurity system design and behavior. Demonstrated strong analytical, critical thinking skills. Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health, and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be. We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team. Let us work together to address universal healthcare needs and improve patients lives. Help us shape the future. The physical demands described within the Day in the Life section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Benefits & Compensation Medtronic offers a competitive Salary and flexible Benefits Package A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage. We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions. Our Mission to alleviate pain, restore health, and extend life unites a global team of 95, 000+ passionate people. We are engineers at heart putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary. Learn more about our business, mission, and our commitment to diversity here

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of Third-Party Security Assessment- Senior Consultant Specialist. In this role, you will: Ensure adherence to the three lines of defence organisational model with clear lines of responsibility, accountability and segregation of duties. Ensure compliance with internal audit and external regulators that any organisational changes are fit for purpose and meet their expectations Analyse and execute activities to ensure compliance with HSBC Cybersecurity policies and standards. Contribute to process, procedures and tool identification/development that will strength the bank s response to threats and incidents Assess new technology products and projects utilising security technologies pertinent to the department Act as a role model to more junior members of the team Engagement with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues Expand their skills, knowledge and experience to enhance the overall capability of the function. Ensuring adherence to global standard methodology, SLA s, quality, templates and tools Ensuring good stakeholder engagement Supporting overall activities of Global TPS, including admin and any special initiatives / projects MI / Reporting (actual generation of reports or contribution to appropriate reports) Mentoring / Coaching / Guidance for other team members / Deputizing for manager Remain current with industry and competitor trends and work to apply latest / best practices internally Owning and driving special projects aligned to industry best practices Overseeing larger and more complex engagement requests and / or reviews Subject Matter Expert in own domain with, broad basic knowledge of other domains ensuring appropriate delivery of services along with aligning with the wider strategy and objectives of the bank overall. Requirements To be successful in this role, you should meet the following requirements: Minimum Bachelor Degree and/or experience in operational processes or third party information security reviews in the Financial Services industry or global corporate service provider Background - desirable but NOT essential one or more; risk management, Audit, ISR Qualifications - desirable but NOT essential one or more; ISO270001, CISA, CISM, CISSP, CRISC Availability to travel (if required) for this role, i. e. travel within country as well as occasional International travel Positive and professional attitude, team player, flexible and adaptable, open to change(s) Confident and takes responsibility and ownership for work and personal development Good spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English) Ability to communicate technical subject matter to non-technical stakeholders Previous experience of delivering an excellent customer service Ability to quickly develop good working relationships with stakeholders Ability and motivation to learn and pick things up quickly. You ll achieve more when you join HSBC. .

Risk Management: Identify, assess, and mitigate risks related to compliance, security, and other relevant areas Compliance Programs: Develop and implement compliance programs to ensure adherence to regulations and standards Audit Support: Assist with internal and external audits, providing documentation and evidence Policy Development: Create and maintain clear, concise policies and procedures Regulatory Change Management: Stay abreast of regulatory changes and adjust policies and procedures accordingly Reporting and Documentation: Prepare detailed reports on compliance findings and security gaps Training and Communication: Provide training to employees on compliance and security policies Collaboration: Work with cross-functional teams to achieve compliance goals Skills and Knowledge: Analytical skills: Analyze data to identify risks and compliance gaps Communication skills: Communicate findings and recommendations effectively Problem-solving skills: Identify and resolve compliance issues Understanding of GRC tools and software: Proficiency in using GRC tools for audits, risk assessments, and compliance management Requirements Bachelors degree in a related field Minimum of 5 years of experience in governance, risk management, and compliance roles Strong knowledge of regulatory frameworks and compliance standards , GDPR, SOX, ISO 27001) Excellent analytical, problem-solving, and decision-making skills Proven ability to communicate effectively with stakeholders at all organizational levels Professional certifications such as CISA, CRISC, CISSP, or similar are highly desirable Experience conducting audits and assessments, and developing compliance documentation

Some careers open more doors than others. If you re looking for a career that will unlock new opportunities, join HSBC and experience the possibilities. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. Business Descriptors Global Internal Audit provides independent, objective assurance to management and the risk and audit committees as to whether the framework of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning. This team with skilled business, process, data, change, and culture analysts helps HSBC to achieve its strategic purpose, safely and sustainably. Responsibilities: Contribute to the audits for CIB Banking i. e. commercial banking, coverage activities, financing activities, investment banking activities (ECM, DCM, LAF, M&A) Deliver assigned work within the given timeframes, standards, methodology, budget, and where applicable, lead and deliver audits. Confirm that audit findings and recommendations are understood and with proposed mitigations. Demonstrate knowledge of the applicable Business, Functional, and Regulatory environment, including developing trends, risks, controls, and expectations. Support a strong risk and conduct culture across the Group and promote awareness and sound operational and strategic decision-making. Critically analyse and determine key drivers of change for area of coverage and assess how these will impact audits. Use insights, industry knowledge and current developments to assess areas of concern. Coherently articulate audit exceptions and findings to GIA team members and management, and as necessary to business and/or functional stakeholders. Effectively discuss potentially challenging matters and ability to communicate with impact and articulated in a meaningful way to wide and varied audiences. Be an analytical and critical thinker, who can effectively manage competing priorities and complex challenges to deliver positive outcomes. Apply qualitative and quantitative methods to analyze and investigate challenging scenarios and situations. Be a proactive team player, who leads by example and works constructively across GIA. Effective communication and ability to maintain constructive relationships with stakeholders, team members, and GIA Management. Actively promote collaboration and sharing of ideas across GIA Produce smart, simple, and pragmatic solutions. Requirements The ideal candidate for this role will have the below experience and qualifications: Minimum of 8 to 10 years internal or external audit, business, and/or accounting experience or equivalent, and external audit will be considered, but is not always essential. We also welcome exceptional talent with data analytics or data science background who are keen to work in a leading audit function. Minimum of a bachelor s degree in business, accounting, finance, related field or equivalent experience. Strong understanding of financial services business, risks (e. g. regulatory compliance) and related controls, with a specific focus on retail banking and wealth management. Good analytical skills in identifying risks and control implications. Good communication skills (written and verbal) for managing multiple stakeholders to drive consensus and influence the outcomes. Broad knowledge of the Company, Group and financial services industry, business supported and the regulatory framework they operate in. Knowledge of Data Analytics and ability to apply technology or expertise to business issues or operational problems is desirable, but not essential. Prior International work experience is a plus. Fluency in English. Mature team player who is highly professional. Willingness to travel (max 20%). Ideally hold role relevant qualifications, or pursuing professional qualification (e. g. , CISA, CPA, CFA, CIA, ACAMs etc. ). Useful Link Link to Careers Site: Click HERE

Technical Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001 Soft Skills Good presentation and report writing skills is mandatory. Excellent communication skills and confident demeanor Experience of working with client stakeholders Good problem-solving skills.

CISA, CISM, CISSP SAP GRC Expert SAP GRC 10.1 and 12 SAP IDM MSMP and BRF+ workflow SOD Analysis Required Candidate profile Experience of SAP GRC 10.1 & 12 SAP modules (e.g., FICO, MM, SD) (R/3/ECC, BW4HANA, S4HANA)

Senior SAP Basis Consultant, SAP BTP and Integration Suite SAP SYBASE SAP Basis activities like system installations, configurations, upgrades, migrations, and performance tuning. Required Candidate profile Immediate or Serving Notice Period CISA, CISM and CISSP SAP systems - Linux / HANA and SAP ASE (Sybase) SAP BTP and Integration Suite