856 Cisa Jobs - Page 13

Position SAP Security Analyst Experience 3+ years Job Summary The SAP Security GRC DevOps analyst will be responsible for contributing to the implementation and management of security controls and governance, risk, and compliance (GRC) solutions within SAP environments. The candidate will work closely with cross-functional teams to ensure robust security practices are integrated into the DevOps lifecycle. Requirements Bachelor s degree in computer science, Information Technology, or related field. 3+ years of experience in SAP security and GRC, with a focus on DevOps practices. Strong knowledge of SAP security architecture, role-based access control, and GRC frameworks. Experience with cloud platforms and containerization technologies (e. g. , AWS, Azure, Docker). Proven ability to manage multiple projects and priorities in a fast-paced environment. Excellent problem-solving skills and attention to detail. Strong communication and interpersonal skills to work effectively with diverse teams. Preferred Qualifications Relevant certifications in SAP security or GRC (e. g. , CISA, CISSP, SAP Certified Technology Associate). Experience with automation tools and scripting languages (e. g. , Python, PowerShell). Location [Insert Location] Type [Full-Time/Part-Time/Contract]

If you are a strategic thinker passionate about driving solutions and mitigating risk; you have found the right team. The Testing CoE (Center of Excellence) team is responsible for ensuring a strong and consistent control environment across the firm. This role is a great opportunity to be working with a large Controls Testing team and help establish a newly formed organization which provides the potential hire a good starting point within the firm. Job Summary As a Risk and Controls Testing Associate within the Testing Center of Excellence, you will be responsible for the execution of independent risk-based, point-in-time evaluations of the control design adequacy and execution effectiveness, to mitigate compliance, conduct and operational risks. The role requires overseeing the performance of complex evaluations of business processes through a comparison of actual processes against expected practices (policies, standards, procedures, laws, rules and regulations). Testing activities often include sophisticated data analytics on large datasets and regular engagement with senior stakeholders across the firm. This is an exciting opportunity to work on key risk initiatives as they become the focus of the firm and across the financial services industry. You will excel at creative thinking and problem solving; be self-motivated, confident and ready to work in a fast-paced, energetic environment. Through collaboration and analytical skills, you will contribute to the Testing CoE s overall success and strengthen the firm s compliance with regulatory obligations and industry standards. Job responsibilities Lead comprehensive control evaluations and substantive testing to independently assess the design and effectiveness of controls Ensure compliance with internal policies, procedures, and external laws, rules, and regulations, while identifying necessary remediation actions. This includes developing and executing testing procedures, meticulously documenting results, drawing informed conclusions, making actionable recommendations, and distributing detailed compliance testing review reports. Foster collaboration with Compliance and Operational Risk Officers on various engagements. This includes developing detailed test scripts, facilitating issue discussions, participating in business meetings, and drafting comprehensive final reports to ensure alignment and clarity. Utilize advanced critical thinking skills to apply substantive testing techniques, thoroughly evaluating the effectiveness of high-risk business processes and identifying potential areas for improvement. Proactively assess and monitor risks, ensuring adherence to firm standards, regulatory requirements, and industry best practices. Implement strategies to mitigate identified risks effectively. Collaborate with cross-functional teams and stakeholders to support the design and effectiveness of controls. Drive initiatives that enhance the business control environment through recommended updates to the Compliance and Operational Risk Evaluation (CORE) application. Develop and execute robust control test scripts aimed at identifying control weaknesses, determining root causes, and recommending practical solutions to enhance operational efficiency and control effectiveness. Document test steps and results in a comprehensive and organized manner, ensuring sufficient support and justification for testing conclusions. Maintain a high standard of documentation to facilitate transparency and accountability. Lead meetings with business owners at various management levels, delivering testing results and supporting sustainable control enhancements. Identify and capitalize on opportunities to strengthen controls and improve operational efficiency. Required qualifications, capabilities, and skills 3+ years of experience or equivalent expertise in risk management, assessment, control evaluations, or a related field, within the financial services industry. Possess a strong understanding of industry standards and regulatory requirements. Demonstrated ability to analyze complex issues, develop and implement effective risk mitigation strategies, and communicate insights and recommendations clearly to senior stakeholders. Proficient knowledge of risk management frameworks, regulations, and industry best practices. Ability to stay updated with evolving regulatory landscapes and adapt strategies accordingly. Exceptional ability to develop and communicate well-founded recommendations based on regulatory guidance and standards, ensuring alignment with organizational goals and compliance requirements. Highly organized and detail-oriented, with a proven track record of managing multiple priorities and delivering results in a fast-paced environment. Strong analytical and communication skills, with the ability to convey complex information in a clear and concise manner to diverse audiences. Preferred qualifications, capabilities, and skills CISM, CRISC, CISSP, CISA, CCEP, CRCM, CRCMP, GRCP, or other industry-recognized risk and risk certifications A background in auditing and the ability to understand of internal controls Proficiency in MS (Microsoft Suite) Office - Microsoft Word, Excel, Access, and PowerPoint. If you are a strategic thinker passionate about driving solutions and mitigating risk; you have found the right team. The Testing CoE (Center of Excellence) team is responsible for ensuring a strong and consistent control environment across the firm. This role is a great opportunity to be working with a large Controls Testing team and help establish a newly formed organization which provides the potential hire a good starting point within the firm. Job Summary As a Risk and Controls Testing Associate within the Testing Center of Excellence, you will be responsible for the execution of independent risk-based, point-in-time evaluations of the control design adequacy and execution effectiveness, to mitigate compliance, conduct and operational risks. The role requires overseeing the performance of complex evaluations of business processes through a comparison of actual processes against expected practices (policies, standards, procedures, laws, rules and regulations). Testing activities often include sophisticated data analytics on large datasets and regular engagement with senior stakeholders across the firm. This is an exciting opportunity to work on key risk initiatives as they become the focus of the firm and across the financial services industry. You will excel at creative thinking and problem solving; be self-motivated, confident and ready to work in a fast-paced, energetic environment. Through collaboration and analytical skills, you will contribute to the Testing CoE s overall success and strengthen the firm s compliance with regulatory obligations and industry standards. Job responsibilities Lead comprehensive control evaluations and substantive testing to independently assess the design and effectiveness of controls Ensure compliance with internal policies, procedures, and external laws, rules, and regulations, while identifying necessary remediation actions. This includes developing and executing testing procedures, meticulously documenting results, drawing informed conclusions, making actionable recommendations, and distributing detailed compliance testing review reports. Foster collaboration with Compliance and Operational Risk Officers on various engagements. This includes developing detailed test scripts, facilitating issue discussions, participating in business meetings, and drafting comprehensive final reports to ensure alignment and clarity. Utilize advanced critical thinking skills to apply substantive testing techniques, thoroughly evaluating the effectiveness of high-risk business processes and identifying potential areas for improvement. Proactively assess and monitor risks, ensuring adherence to firm standards, regulatory requirements, and industry best practices. Implement strategies to mitigate identified risks effectively. Collaborate with cross-functional teams and stakeholders to support the design and effectiveness of controls. Drive initiatives that enhance the business control environment through recommended updates to the Compliance and Operational Risk Evaluation (CORE) application. Develop and execute robust control test scripts aimed at identifying control weaknesses, determining root causes, and recommending practical solutions to enhance operational efficiency and control effectiveness. Document test steps and results in a comprehensive and organized manner, ensuring sufficient support and justification for testing conclusions. Maintain a high standard of documentation to facilitate transparency and accountability. Lead meetings with business owners at various management levels, delivering testing results and supporting sustainable control enhancements. Identify and capitalize on opportunities to strengthen controls and improve operational efficiency. Required qualifications, capabilities, and skills 3+ years of experience or equivalent expertise in risk management, assessment, control evaluations, or a related field, within the financial services industry. Possess a strong understanding of industry standards and regulatory requirements. Demonstrated ability to analyze complex issues, develop and implement effective risk mitigation strategies, and communicate insights and recommendations clearly to senior stakeholders. Proficient knowledge of risk management frameworks, regulations, and industry best practices. Ability to stay updated with evolving regulatory landscapes and adapt strategies accordingly. Exceptional ability to develop and communicate well-founded recommendations based on regulatory guidance and standards, ensuring alignment with organizational goals and compliance requirements. Highly organized and detail-oriented, with a proven track record of managing multiple priorities and delivering results in a fast-paced environment. Strong analytical and communication skills, with the ability to convey complex information in a clear and concise manner to diverse audiences. Preferred qualifications, capabilities, and skills CISM, CRISC, CISSP, CISA, CCEP, CRCM, CRCMP, GRCP, or other industry-recognized risk and risk certifications A background in auditing and the ability to understand of internal controls Proficiency in MS (Microsoft Suite) Office - Microsoft Word, Excel, Access, and PowerPoint.

Some careers have more impact than others. If you re looking for a career where you can make a real impression, join HSBC and discover how valued you ll be. HSBC is one of the largest banking and financial services organisations in the world, with operations in 62 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of Global RR Specialist Technology and Cyber Risk Senior Manager Business: Risk and Compliance Principal responsibilities: The role holder will be the primary point of accountability for Active Risk Management, including Provide technical advice and support globally to ensure stakeholders understand and are aware of the control environment and assessment of Technology risk globally commensurate with the scale and nature of operations Drive improved senior stakeholder insight and decision making via delivery of regular and consistent management reports, expert analysis, and papers on AI and Technology Risk including to the Non-Financial Risk Management Board (NFRMB) and respective Risk and Control Management Meetings (RCMM). Support ERM Leadership with AI related queries Oversee, escalate and provide guidance on the identification of conduct impacts in AI adoption and activities owned by the 1LOD, including where control weaknesses and risk events impact the delivery of good outcomes Support the ERM Business and Function teams to explain, in non-technical terms, the impact of issues or events, and top and emerging risks related to AI that may require changes (for example, to controls, resources or business operations) to remain within respective Risk Appetites. Monitor the local external environment to get early sight of emerging AI risks and provide detailed guidance on controls required to mitigate against them; build and maintain relevant cross-organisation and industry relationships. Provide guidance and support with policy writing, owning and monitoring compliance with a comprehensive set of clear and concise policies that outline the key principles and minimum requirements applicable to the management of AI Technology adoption areas. Promote and develop AI risk awareness and risk management culture to ensure material risks are both evident and effectively managed, leading the deployment of deep subject matter expertise around AI Technologies globally. Drive appropriate governance for AI Technologies across key stakeholders and senior control owners. Ensure concerns with key controls and in-scope material change programmes, relevant to AI Technologies, are understood and escalated as required Deliver tailored and specific expertise across AI Technology risk enabling 1LOD to successfully deploy and operate mitigating key control. Constructive challenge to the global businesses and functions on their control environment and assessment of risk Oversight of AI risks, strategic initiatives and local change activity and new/materially changed products. Analysis of risk exposure across all bank operations and territories to inform capital management and stress testing requirements. Complete thematic reviews and aggregated reporting of the Non-Financial Risk profile of the bank. Responsible for the implementation of a Risk Management Framework (RMF) that sets out governance, policies and practices to proactively identify, assess, measure and report on, mitigate and control operational risk exposures associated with HSBC s businesses and operations at all levels of the organisation. Ensure critical issues, events and incidents both in key controls and material change programmes are managed for AI Technologies, are understood by and escalated to appropriate governance forums for appropriate and timely resolution Ensurr that related risk initiatives are not adversely affected as a result of poor planning, testing and approach during the delivery of significant change Leadership & Teamwork Represent ERM to your key internal stakeholders. Contribute to a forward-looking agenda for emerging risks and challenges that ERM and the Bank may face. Provide oversight to the First-line s adoption of Standards, Processes and Procedures required to implement the Policy objectives across the Group and support the embedding of the Risk Framework by working with the Risk Control owners in their area. Provide oversight, formal input, challenge and guidance to first-line risk and control owners across entities / countries within the Group enabling business growth and innovation while maintaining risk within appetite. Communicate across technical and business levels to ensure that stakeholders understand how their delivery is aligned with the Bank and ERMs goals. Support your team in accordance with the direction set by your functional manager, including the day-to-day management of your direct team members. Drive positive Risk culture behaviours including, supporting, guiding and mentoring all colleagues working as part of global virtual teams. Contribute to driving improvements in team engagement, maintaining an inclusive environment for all of your colleagues. As required, support relevant Transformation Programmes within the Group by engaging and assisting in the identification and mitigation of risk. As directed, partner with other oversight functions and Internal / External Audit to ensure a holistic view of risk profile, including leading on the delivery and closure of Audit points and Management Self-Identified Issues. Ensure delivery of relevant services set out under the service catalogue ensuring consistent implementation across entities, countries and markets, as appropriate. Effectively communicate with internal (first line, senior management, audit) stakeholders on risk identification, governance and management Drive efficiencies through consistently identifying better ways of working, including standardisation under the global framework. Ensure appropriate and timely escalations as and when challenges arise. Requirements Experience in risk management at a Globally Significant Financial Institution (GSFI). Understands the impact of AI technology risk within HSBC Group and its commercial context and strategic ambitions. A good level of knowledge of the relevant regulatory landscape and ability to access the impact of proposed changes in regulatory rules to the bank, especially those pertaining to AI Technology risk. Knowledge of a financial institutions business model, products and key risk drivers. A deep understanding and technical expertise AI technology risk, including how this risk can be identified, assessed, monitored and controlled and mitigated where relevant. Ability to lead and promote a strong risk control culture and continually improve risk awareness. Proven ability to develop networks with key stakeholders in a matrix structure. Support a multi-locational team of professionals. Providing expert advice and robust challenge, delivering risk management policies and managing risks and controls. Exposure to AI Ethics and dealing with Banking/Government regulatory compliance Skills: Ability to present complex technical concepts and results to non-technical audiences in a persuasive and compelling manner. Team-oriented mentality combined with ability to complete tasks independently to a high-quality standard. A change agent who challenges the status quo diplomatically, constructively and positively in order to lead relevant strategies that enable safe growth of HSBC. Qualifications: Adequate professional certificate in Technology Risk such as CISA, CISSP, CRISC Any relevant AI Certification in information security or technology risk governance A BA or BS University Degree, advanced degrees preferable, (e. g. MBA, MSc, PhD) Others The job holder will be required to: Support the management of risk across a large complex banking group. Manage multiple senior stakeholder relationships across the HSBC matrix. Represent HSBC with external parties including Auditors and Regulators. Manage risk whilst significant transformational activity is being implemented, both regionally and globally. Operate and influence within a changing and rapidly developing regulatory environment. Continually support HSBCs approach to conduct and cultivate a positive risk aware culture, which is designed to ensure we deliver fair outcomes for our customers and do not disrupt the orderly and transparent operation of financial markets. Maintain awareness of operational risk and minimise the likelihood of it occurring, including its identification, assessment, mitigation and control, loss identification and reporting in accordance with the HSBC risk management. Adopt a risk management and internal control structure, referred to as the Three Lines of Defence, to ensure it achieves its commercial aims while meeting regulatory and legal requirements and its responsibilities to stakeholders, customers and staff. All staff must familiarise themselves and adhere at all times with the role and supporting responsibilities they play in the Three Lines of Defence. You ll achieve more at HSBC HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc. , We consider all applications based on merit and suitability to the role. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Hiring for SOX Audit Level - SME Location - Hyderabad Timings - US Night shift Mode - (Hybrid/On-site) Notice period - Immediate - 30 Days Notice Period - Immediate to 30 Days CTC - Upto 10 LPA SME - 4 to 8 years in SOX/Internal Audit About the Role Were seeking a SOX Audit SME to strengthen our risk and compliance team. If you thrive in auditing financial processes, designing controls, and partnering with global stakeholders, this role is for you! Key Responsibilities Lead SOX 404A/404B compliance testing, internal audits (SSAE 18, RCSA, operational audits), and risk assessments. Perform end-to-end process risk analysis for banks / financial institutions. Test and validate business + IT controls, ensuring alignment with COSO/COBIT frameworks. Drive risk reviews, control remediation, and process optimization. Develop audit reports with actionable insights for senior leadership. Collaborate cross-functionally to enhance governance and compliance standards. Ideal Candidate 4-8 years in SOX, internal audit, or risk management (financial services preferred). Expertise in SOX frameworks, risk controls, and audit methodologies. Strong analytical skills to map complex business processes. Excellent communication (written/verbal) and stakeholder management. Certifications like CA, CIA, CISA, or CPA are a plus. Interested Candidates contact HR Dinesh@ 8655512320 dinesh@careerguideline.com

IS audit of Banks’ Application systems and related IT operations such as IT Governance, Information Security Governance, Audit of IT General Controls, IT Infrastructure audits, Audit of Outsourced agency having impact on banks’ IS operations, etc. Required Candidate profile Experience - 15 to 20+ years Salary range - 30 to 45lpa FIXed (May vary based on their qualification and years of exp)

IT Controls Analyst Job Description You re not the person who will settle for just any role. Neither are we. Because we re out to create Better Care for a Better World, and that takes a certain kind of person and teams who care about making a difference. Here, you ll bring your professional expertise, talent, and drive to building and managing our portfolio of iconic, ground-breaking brands. In this role, you ll help us deliver better care for billions of people around the world. It starts with YOU. In this role, you will: The IT Controls Analyst will be responsible for ensuring the effectiveness and efficiency of IT controls within the organization. This role involves evaluating, implementing, and monitoring IT controls to ensure compliance with regulatory requirements and industry best practices. The IT Controls Analyst will work closely with various departments, including IT, Internal Audit, and Compliance, to identify and mitigate risks. Evaluate IT Controls: Assess the effectiveness of existing IT controls and recommend improvements to enhance security and compliance. Implement IT Controls: Work with IT and other departments to implement new IT controls and ensure they are properly integrated into the organizations processes. Monitor IT Controls: Regularly monitor and review IT controls to ensure they are functioning as intended and identify any potential issues. Compliance: Ensure that IT controls meet regulatory requirements and align with industry best practices. Risk Assessment: Conduct risk assessments to identify potential threats and vulnerabilities in the organizations IT environment. Documentation: Maintain comprehensive documentation of IT controls, including policies, procedures, and evidence of control effectiveness. Training and Awareness: Provide training and raise awareness about the importance of IT controls throughout the organization. Collaboration: Work closely with Internal Audit, Compliance, and other departments to ensure a cohesive approach to IT controls and risk management. About Us Huggies . Kleenex . Cottonelle . Scott . Kotex . Poise . Depend . Kimberly-Clark Professional . You already know our legendary brands and so does the rest of the world. In fact, millions of people use Kimberly-Clark products every day. We know these amazing Kimberly-Clark products wouldn t exist without talented professionals, like you. At Kimberly-Clark, you ll be part of the best team committed to driving innovation, growth and impact. We re founded on more than 150 years of market leadership, and we re always looking for new and better ways to perform - so there s your open door of opportunity. It s all here for you at Kimberly-Clark. Led by Purpose. Driven by You About You You perform at the highest level possible, and you appreciate a performance culture fueled by authentic caring. You want to be part of a company actively dedicated to sustainability, inclusion, wellbeing, and career development. You love what you do, especially when the work you do makes a difference. At Kimberly-Clark, we re constantly exploring new ideas on how, when, and where we can best achieve results. When you join our team, you ll experience Flex That Works: flexible work arrangements that empower you to have purposeful time in the office and partner with your leader to make flexibility work for both you and the business. In one of our technical roles, you ll focus on winning with consumers and the market, while putting safety, mutual respect, and human dignity at the center. To succeed in this role, you will need the following qualifications: Key Qualifications and Experiences: Education: Bachelor s degree in information technology, Computer Science, or a related field. Experience: Minimum of 3 years of experience in IT controls, IT audit, or a related field. Certifications: Relevant certifications such as CISA, CISSP, or CRISC are preferred. Skills: Strong understanding of IT controls, risk management, and regulatory requirements. Excellent analytical, problem-solving, and communication skills. Knowledge: Familiarity with industry standards and frameworks such as COBIT, NIST, and ISO 27001 Attention to Detail: Ability to identify and address potential issues in IT controls. Analytical Thinking: Strong analytical skills to assess the effectiveness of IT controls and recommend improvements. Communication: Excellent communication skills to effectively collaborate with various departments and provide training on IT controls. Problem-Solving: Ability to identify and mitigate risks in the organizations IT environment. To Be Considered Click the Apply button and complete the online application process. A member of our recruiting team will review your application and follow up if you seem like a great fit for this role. In the meantime, please check out the careers website . And finally, the fine print . Employment is subject to verification of pre-screening tests, which may include drug screening, background check, and DMV check. #LI-Hybrid Primary Location IT Centre Bengaluru GDTC Additional Locations Worker Type Employee Worker Sub-Type Regular Time Type Full time

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. The SOX Governance and Advisory team within Controllership (1LOD) plays a critical role in supporting the enterprise by developing and executing a risk-based plan to assess and enhance the company s internal controls over financial reporting. The team runs a robust governance framework to ensure compliance with the company s 2LOD objectives and requirements of the Sarbanes-Oxley Act. The team is looking for a highly motivated and detail-oriented SOX IT Risk Advisory Manager to join our growing team. This role will help to ensure that Amexs internal controls over financial reporting with respect to IT systems and applications are in compliance with SOX. The Manager will identify and assess relevant technology controls, focusing on the relevant risks for financial reporting across all of our in-scope applications and supporting infrastructure. This will include IT General Controls covering system security, logical and physical access controls, software development and change management processes, backup recovery procedures, and cybersecurity controls as well as IT Application Controls that ensure data integrity and timeliness. The role involves extensive collaboration with Technology teams, application and process owners, related Control Management functions, and internal and external auditors. The Manager, SOX IT Risk Advisory will: Collaborate with Business, Technology, Finance, SOX Governance and Testing, and internal and external audit teams for matters related to SOX technology controls Work with the SOX Governance team to ensure SOX scope alignment Identify key technology and data risks relevant to ICFR and work with the SOX Testing team to mitigate risks and strengthen SOX controls Consult on the control design and implementation of required and repeatable IT controls with process owners to meet regulatory requirements, including for new products, processes, and system implementations, ensuring appropriate internal controls are in place Serve as a subject matter expert on technology-related SOX risks and controls and provide guidance to business and technology stakeholders Support training and communications as needed on relevant technology risks and controls practices for the enterprise Required Qualifications 4+ years of IT controls auditing and/or consulting Demonstrated experience understanding business and IT processes and identifying and assessing associated ITGCs, ITACs, interfaces, and key reports IT and IS risk domain knowledge best practices and principles Strong understanding of financial reporting risk and requirements of the Sarbanes-Oxley act as well as internal control frameworks (e.g., COSO) Excellent project management, communication, and interpersonal skills, with an ability to interact and obtain buy-in from Business and Technology owners Strong written and verbal communication skills to articulate risk/control insights to both technical and non-technical stakeholders Demonstrated history and ability to work with multiple teams, spread over geographies and with varying backgrounds Preferred Qualifications Bachelors degree in Management Information Systems, Information Technology, Computer and Information Science, Accounting, Business, or a related field Relevant professional certifications such as CISA, CISSP, CPA, CISM, or CRISC are preferred Knowledge in Oracle, security, and cloud technologies Knowledge of industry best practices for technology controls including frameworks from ISACA, NIST, ISO, and ITIL

Lowe s is a FORTUNE 100 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2024 sales of more than $83 billion, Lowe s operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe s supports the communities it serves through programs focused on creating safe, affordable housing, improving community spaces, helping to develop the next generation of skilled trade experts and providing disaster relief to communities in need. For more information, visit Lowes.com. Lowe s India, the Global Capability Center of Lowe s Companies Inc., is a hub for driving our technology, business, analytics, and shared services strategy. Based in Bengaluru with over 4,500 associates, it powers innovations across omnichannel retail, AI/ML, enterprise architecture, supply chain, and customer experience. From supporting and launching homegrown solutions to fostering innovation through its Catalyze platform, Lowe s India plays a pivotal role in transforming home improvement retail while upholding strong commitment to social impact and sustainability. For more information, visit Lowes India Job Summary The primary purpose of this role is to support the design, implementation and ongoing operation of information security tools and services. This includes leading the process of translating business and technical requirements into robust enterprise security software solutions that ensure information assets are adequately protected with acceptable levels of control. This also includes monitoring, testing, and evaluating security assessments of systems and taking steps to design and implement remediation solutions. To be successful, the individual in this role must have strong knowledge of security practices and tools related to identity and access management along with enterprise digital certificate management systems. This role establishes and maintains programs that enable the business to operate efficiently and remain in compliance with regulatory and industry best practices. Key Responsibilities Leads the implementation and maintenance of assigned information security solutions to ensure successful deployment and operation; develops and documents detailed standards (e.g., guidelines, processes, procedures) Assists the Information Security team in monitoring security systems, reviewing logs, and managing information security systems Conducts regular security vulnerability assessments and provides exception reporting and remediation plans to leadership Designs and performs internal and external penetration validation testing to ensure that computer systems are up to date relative to all operating systems, patches, and virus protection software Collaborates with other technology teams including Engineering to design and implement remediation solutions Identifies, reports, and provides assistance during information security incidents as part of an Incident Response Team; reviews and responds to security alerts to investigate malicious activity Supports evaluation of new security technologies that address both current and future needs based on emerging threats and industry trends Keeps up to date with exploits relevant to the retail sales environment Solves complex architecture/design and business problems; solutions are extensible; works to simplify, optimize, remove bottlenecks, etc. Provides mentoring and guidance to more junior level engineers; may provide feedback and direction on specific engineering tasks Responds to escalated security issues for enterprise systems; facilitates advanced diagnosis and troubleshooting when necessary Participates in the implementation of hardware and software changes into environments to ensure security requirements are met Provides input into security breach response procedures; helps lead security breach response activities Leads break/fix activities, escalating problems to senior management and/or vendors as appropriate Analyzes the output of industry standard cybersecurity tools and identifies remediations to reduce risk and exposure of applications Completes custom enhancements of applications using secure coding techniques to reduce the threat of remote or local vulnerabilities Evaluates entire applications (Container, Infrastructure, host platform) to identify potential threats and vulnerabilities Required Qualifications Bachelors Degree in Computer Science, CIS, Engineering, Cybersecurity, or related field (or equivalent work experience in a related field) 5+ Years in experience in technology system support, software development or a related field 3+ Years in experience with information security applications and systems Preferred Qualifications Masters Degree in Computer Science, CIS, Business Administration, or related field 4 Years experience working on project(s) involving the implementation of solutions applying development life cycles (SDLC) 1 Year DevOps experience 3 Years of experience evaluating entire applications (Container, Infrastructure, host platform) to identify potential threats and vulnerabilities 3 Years of experience in the custom enhancement or development of applications using secure coding techniques to reduce the threat of remote or local vulnerabilities Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen) Advanced understanding of information security practices and policies 5 Years IT experience developing and implementing business systems within an organization 5 Years of experience working with defect or incident tracking software 5 Years of experience writing technical documentation in a software development environment 3 Years of experience working with an IT Infrastructure Library (ITIL) framework 3 Years of experience leading teams, with or without direct reports 5 Years experience working with source code control systems Experience working with Continuous Integration/ Continuous Deployment tools 5 Years of experience in systems analysis, including defining technical requirements and performing high level design for complex solutions Experience with Cloud technologies 2 Years of experience in scripting with one or more of Python, Powershell or Bash. 2 Years of experience in managing Antivirus or Endpoint Detection and response software. 2 years of e xperience with Vulnerability Management and/or Compliance Management software toolsets .

Who we are Were a leading, global security authority thats disrupting our own category. Our encryption is trusted by the major ecommerce brands, the worlds largest companies, the major cloud providers, entire country financial systems, entire internets of things and even down to the little things like surgically embedded pacemakers. We help companies put trust - an abstract idea - to work. Thats digital trust for the real world. Job summary As a Senior Application Security Engineer specializing in application security and DevSecOps within our cybersecurity team, you will play a crucial role in safeguarding our companys web applications by integrating security practices into the Software Development Life Cycle (SDLC). You will be responsible for the proactive identification, assessment, and mitigation of security vulnerabilities, developing and driving the adoption of DevSecOps practices, and ensuring that security is embedded in all phases of software development. What you will do Lead the integration of security measures into the SDLC, ensuring that all aspects of web application development are secure by design. Conduct thorough security assessments and penetration testing for web applications to identify vulnerabilities and security gaps. Play an advisory role with software engineering teams in the architectural design of new applications, emphasizing secure architectural patterns and best practices. Perform and coordinate manual and automated code reviews. Lead threat modeling exercises across engineering teams. Collaborate with software development teams to implement DevSecOps practices, providing guidance on secure coding, automated security testing, and continuous monitoring. Contribute to internal security tooling development or integration. Develop and maintain a secure framework for code deployment, automating security processes where possible to streamline the development workflow. Work cross-functionally with various teams, including IT, engineering, operations, and business units, to communicate security policies and procedures effectively. Establish and maintain strong relationships with stakeholders, presenting complex security concepts in an accessible manner. Stay abreast of the latest security threats, trends, and technologies in web application security and incorporate this knowledge into company practices. Assist in the development and enforcement of security policies and procedures, ensuring compliance with industry standards and regulations. Assist with managing bug bounty program. Develop program documentation to promote operational stability and scalability. Support Leadership in defining and executing the roadmap for DevSecOps maturity and secure SDLC initiatives. Support governance and compliance teams on secure engineering practices for aligning security policies related to SDLC Drive and support security identified remediation efforts. Foster and promote a security-forward culture. Mentor junior team members. Other duties and responsibilities, as assigned. What you will have Minimum of 5 years of experience in cybersecurity, with a focus on web application security and secure SDLC. Proficiency with programming/scripting languages such as JavaScript, Python, Java, Bash, PowerShell Experience in penetration testing Bachelor s or master s degree in computer science, cybersecurity, or a related field. Proven track record of working with DevSecOps tools (such as SAST/DAST/SCA) and methodologies. Strong understanding of security protocols, cryptography, authentication, authorization, and security vulnerabilities. Excellent communication skills with the ability to engage technical and non-technical stakeholders. Strong analytical and problem-solving abilities, with a meticulous attention to detail. Advanced level of knowledge of Information Security design concepts and principles Nice to have Masters degree in a technical discipline Professional security certifications such as CISSP, OSCP, CEH, or equivalent are highly desirable. Experience working in highly regulated environments. Advanced level of knowledge of IT frameworks and standards (NIST, OWASP Top Ten, COBIT, ITIL, ISO, PCI-PIN, GDPR, WebTrust, FedRAMP) Certified Information Systems Auditor (CISA) AWS Solutions Architect Benefits Generous time off policies Top shelf benefits Education, wellness and lifestyle support #LI-SD1

Basic/ Essential Qualifications: Chartered Accountant / Graduate / Masters in Business Administration with experience in risk-based auditing. Relevant professional qualifications (e.g. CIA, MIIA, ACCA, ACA, CISA) The candidate must demonstrate reasonable understanding in risk-based auditing (Internal or External) or risk/control activities in Retail and/or Wholesale Banking and knowledge of associated regulations. Strong communication skills with the ability to communicate effectively to business stakeholders. Practical understanding of relevant regulatory environment. Proven track record of high performance in previous roles. The candidate should demonstrate good understanding of ITGC domains. Proven track record of high performance in previous roles to include senior Auditee management. Desirable skillsets/ good to have: Financial services industry knowledge on Corporate Banking, Private Banking and Wealth Management Knowledge or experience of identifying opportunities for using data to enhance audit testing. This role will be based out of Pune. Purpose of the role To support the development of audits aligned to the bank s standards and objectives by working collaboratively with colleagues, providing accurate information and recommendations, and complying with policies and procedures. Accountabilities Audit development and delivery support, including financial statements, accounting practices, operational processes, IT systems and risk management. Identification of operational risks to support the delivery of the Barclays Internal Audit (BIA) Audit Plan through risk assessments. Assessment of internal control effectiveness and their capability to identify and mitigate risk aligned to regulatory requirements. Communication of key findings and recommendations to stakeholders, including the Audit Owner, senior managers and directors. Identification of regulatory news and industry trends/developments to provide timely insight and recommendations for best practice. Assistant Vice President Expectations To advise and influence decision making, contribute to policy development and take responsibility for operational effectiveness. Collaborate closely with other functions/ business divisions. Lead a team performing complex tasks, using well developed professional knowledge and skills to deliver on work that impacts the whole business function. Set objectives and coach employees in pursuit of those objectives, appraisal of performance relative to objectives and determination of reward outcomes If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L - Listen and be authentic, E - Energise and inspire, A - Align across the enterprise, D - Develop others. OR for an individual contributor, they will lead collaborative assignments and guide team members through structured assignments, identify the need for the inclusion of other areas of specialisation to complete assignments. They will identify new directions for assignments and/ or projects, identifying a combination of cross functional methodologies or practices to meet required outcomes. Consult on complex issues; providing advice to People Leaders to support the resolution of escalated issues. Identify ways to mitigate risk and developing new policies/procedures in support of the control and governance agenda. Take ownership for managing risk and strengthening controls in relation to the work done. Perform work that is closely related to that of other areas, which requires understanding of how areas coordinate and contribute to the achievement of the objectives of the organisation sub-function. Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategy. Engage in complex analysis of data from multiple sources of information, internal and external sources such as procedures and practises (in other areas, teams, companies, etc).to solve problems creatively and effectively. Communicate complex information. Complex information could include sensitive information or information that is difficult to communicate because of its content or its audience. Influence or convince stakeholders to achieve outcomes.

Job Title Sr. Information Security Manager Job Description #L1PHILIN Senior Information Security Manager Job Location: Bangalore The Integrated Supply Chain (ISC) Information Security Manager will be responsible for developing, implementing and monitoring a strategic and comprehensive IT security plans across multiple geographies and driving security in manufacturing sites, Distribution Centers, and warehouses across Philips. Your role: Develop and implement robust OT (Operational Technology), Cloud, Network, IoT (Internet of Things) security strategies on ISC (Integrated Supply Chain) manufacturing process aligned with industry standards, such as establishing security architecture compliance with regulations (e.g., HIPAA, FDA) and deploy technologies like firewalls and OT IDS (Operational Tech. Intrusion Detection System) solutions for system segmentation and protection. Leverage experience with OT technologies (e.g., Nozomi Guardian, Armis, Claroty) and perform vulnerability assessments by applying frameworks like MITRE ATT&CK and STRIDE for threat modeling and attack simulations, driving solutions to address security threats. Identify, assess, and mitigate: Operational Tachnology (OT) Cloud, Network, IoT (Internet of Things) risk and/or threats on Integraged Supply Chain (ISC) manufacturing security through cross-functional collaboration, develop incident response plans, lead investigations, and implement corrective actions to address root causes of security breaches. Secure supply chain systems by collaborating with vendors, conducting assessments, and enforcing compliance with security standards. Build a culture of security through targeted training programs and stakeholder education. Youre the right fit if: You have 10+ years of experience with Bachelors OR 3+ years of experience with Masters in areas such as Security Architecture, Network Security, Cybersecurity Technology, Information Security or equivalent You possess a Bachelors or Masters Degree in Computer Science, Information Technology, Cybersecurity or equivalent. You are knowledge on MITRE Framework, IEC 62443/NIST 800:23. Preferred to have a CISSP, CISM, CISA, CIPP certification. Your skills include thorough understanding of Security Management and Governance principles, along being able to deliver cross-cultural etiquette, customer-centric and collaborative mindset. You must be able to successfully perform the following minimum Physical, Cognitive and Environmental job requirements with or without accommodation for this position. How we work together We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company s facilities. Field roles are most effectively done outside of the company s main facilities, generally at the customers or suppliers locations. This is an in-office role. About Philips We are a health technology company. We built our entire company around the belief that every human matters, and we wont stop until everybody, everywhere, has access to the quality of healthcare that we all deserve. Do the work of your life to help improve the lives of others. Learn more about our business . Discover our rich and exciting history. Learn more about our purpose. Learn more about our culture. Our commitment to inclusion and diversity At Philips, we provide equal opportunities to all our employees and to all eligible applicants for employment in our company, irrespective of age, color, disability, nationality, race, religion, gender, sexual orientation (LGBTQ +), and all aspects that make individuals unique. Encouraging diversity and fostering inclusion are key to our mission of improving the lives of 2.5 billion people a year by 2030 through meaningful innovation. We have fair, transparent, and clear employee policies which promote diversity and equality, in accordance with currently applicable law. For, we believe that life is better when #youareyou. Why should you join Philips? Working at Philips is more than a job. It s a calling to create a healthier society through meaningful work, focused on improving 2.5 billion lives a year by delivering innovative solutions across the health continuum. Our people experience a variety of unexpected moments when their lives and careers come together in meaningful ways. Learn more by watching this video. To find out more about what it s like working for Philips at a personal level, visit the Working at Philips page on our career website, where you can read stories from our employee blog. Once there,you can also learn about our recruitment process, or find answers to some of the frequently asked questions. If you re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here .

Roles and Responsibilities Assist the IT Audit manager in audit engagement planning activities for IT SOX Assessment. Lead a team of 2-3 IT auditors for executing tests of design and operating effectiveness. Monitor audit task assignments and drive completion. Lead conversations with stakeholders and auditees during process walkthroughs. Identify control gaps and accordingly provide recommendations in areas requiring improvement based on tests conducted. Conduct reviews of audit workpapers and provide constructive feedback to team members. Monitor status of audit documentation requests and perform timely escalations, as needed. Work closely with stakeholders to communicate audit status, follow-up requests and audit findings. Provide necessary support to external auditors. Qualifications: Bachelor's degree in Accounting, Computer Science, Information Systems or related field. 5+ years of strong experience in testing IT General Controls, preferably from Big4 account firms. Sound understanding of IT processes such as access management, change management, SDLC, Computer operations. Demonstrated technical knowledge of SAP security. Experience in auditing various infrastructure platforms such as Unix, Linux, Windows, SQL. Sound knowledge and understanding of audit methodologies and tools that support audit processes. Excellent verbal, written, and interpersonal communication skills. Demonstrated ability to prioritize work, meet deadlines, and effectively manage multiple priorities. Works well in a team environment, fostering inclusion and building effective relationships with both team members and stakeholders. Desire to stay current on new and changing technologies. Enthusiastic, self-motivated, willing to be challenged. CISA, CISSP, CIA, CPA, or other certifications technology driven certifications.

Job Description The Internal Audit team at Freshworks is looking for a passionate and self-driven professional to join their team. This position is an exciting and challenging opportunity for an audit professional who is eager to learn and understand end to end business processes and seeks to challenge themselves in complex situations. The Internal Audit team at Freshworks is an advisor to the Business - performing risk and control assessment, and providing recommendations in bringing efficiencies and enhancing processes, bringing overall value to the organization as it grows. This role will be integral in the successful execution of SOX, Internal audits and various other initiatives in support of Freshworks internal processes and controls. Core Responsibilities Partner with the business team to understand and document processes, identify risks or gaps. Stay up to date with changes in business and assess impact to controls framework. Execute on SOX testing as assigned, ensuring testing timelines are met and quality of testing is as per training provided. Coordinate with external auditors for walkthroughs, testing and answering queries. Perform other operational audits as assigned. Assist in providing regular updates to executive management on testing status. Manage and prioritize tasks assigned to meet audit deadlines. Demonstrate leadership by asking insightful questions, provide solutions-oriented perspective, and communicating effectively. Build and maintain effective and collaborative relationships with internal stakeholders and colleagues within the team. Qualifications Bachelor s degree in accounting or higher in a relevant field (Accounting, Finance, Business, Audit) Must be qualified or pursuing CA, CPA, CMA, CIA, CISA, or similar. Minimum 2+ years o

The Security Operation Specialist has the end-to-end responsibility for the physical and logical security of the Network/Services, OSS/SQM, and Infrastructure in accordance with the security policy technically manage and operate components of security services provided to end users of Nokia customers, within service levels agreed with those customers. You have: 10+ years of extensive relevant experience and a graduate / postgraduate equivalent degree. Exposure to telecom technologies Security analytics and working knowledge of SOC technologies like SIEM, SOAR, etc. Scripting capabilities Industry certifications like CISSP/CEH/CISM/CISA It would be nice if you also had: Understanding of hacking techniques Understanding of 3GPP security requirements, ITU-T x.805, ISO27001, NIST, Mitre attack framework Build and maintain a library of threat hunting or analytics use cases for non-signature-based threat detection Build and maintain a library of pre-developed connectors to integrate leading SIEMs with diverse network elements Build and maintain a customizable library of remediation workflows or cyber playbooks Use cases should cover the entire kill chain, starting from reconnaissance, weaponization, delivery, exploitation, installation, C2, exfiltration, remediation, etc. Provide SME support to the delivery organization Testing and PoC of use cases in a lab environment Support in building use case demos. Work with different product lines to validate and test the feasibility of security use cases Build risk-driven cyber attack scenarios by clearly identifying threats, vulnerabilities, business impact, likelihood, approach, use case, scenarios, rules, remediation workflows, or a cyber playbook.

Team Manager SOX ITGC 5+ Years – [Bangalore] Are you a certified IT audit professional with extensive experience in SOX ITGC and team management? Location: Bangalore Your Future Employer Join a global organization committed to strong internal controls, compliance excellence, and a collaborative work environment. Responsibilities: Lead planning, fieldwork, and reporting phases for assigned SOX ITGC audit engagements. Design and execute detailed testing for IT General Controls and Automated Controls. Validate Test of Design (ToD) and Test of Effectiveness (ToE) for key control areas including Logical Access, Change Management, Backup & Restoration, and Incident Management. Manage and mentor a team, taking full responsibility for performance reviews, appraisals, and goal setting. Ensure audit documentation meets professional standards and internal quality benchmarks. Collaborate with stakeholders and effectively communicate findings and recommendations. Participate in internal initiatives and support continuous process improvements. Maintain updated knowledge on IT auditing best practices, COSO, and SOX regulations. Requirements: CISA certification is a must. Bachelor’s or advanced degree in Information Technology or a related field. Minimum 5 years of experience in SOX ITGC audits. At least 2 years of hands-on team management experience, including appraisal and performance management. Strong knowledge of IT General and Automated Controls. Proficiency in validating ToD/ToE documentation. Excellent interpersonal and stakeholder communication skills. Strong analytical thinking and attention to detail. Proficient in Microsoft Office Suite. Ability to manage multiple priorities in a fast-paced environment. What’s in it for you: Competitive salary and perks. Hybrid working model (1 week/quarter from office). Opportunity to lead high-impact IT compliance audits. Work in a growth-driven and evolving audit environment. Reach us: If you feel this opportunity is well aligned with your career progression plans, please feel free to reach me with your updated profile at sonaly.sharma@crescendogroup.in Crescendo Global specializes in Senior to C-level niche recruitment. We are passionate about empowering job seekers and employers with an engaging, memorable job search and leadership hiring experience. Crescendo Global does not discriminate on the basis of race, religion, color, origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Note: We receive a lot of applications on a daily basis so it becomes a bit difficult for us to get back to each candidate. Please assume that your profile has not been shortlisted in case you don't hear back from us in 1 week. Your patience is highly appreciated. Keywords: SOX ITGC, CISA, IT General Controls, Audit Manager, Team Management, Risk Assessment, Change Management, Logical Access, IT Audit

Work experience longevity history must include at least a 2-year period with same firm or company. 1-year minimum actual audit practitioner experience with in areas such as the following: USA - SOC2, SOC1, SOX section 404 USA - Fed Ramp, State Ramp ISO NIST USA HITRUST IT General Controls and Application Plus 1-4+ years working with a company supporting audits or compliance work. Certifications completed or in progress for any of the following CISA, CPA, CIA, CFE, PMP, Indian CA. Education area of studies from areas such as: Accounting, Computer Science, Business Administration, or equivalents. Ability to articulate and conduct professional meetings with audit firm resources in the areas of planning, audit criteria, control requirements, rules of evidence and audit report delivery. Ability to work 40 hours a week aligned with USA end of day workday hours 1pm during Daylight Savings Time (November, December, January, February, March) and 2 pm USA Standard Time (March, April, May, June, July, August, September, October). Motivation and drive for continuous learning, understanding company required knowledge and training growth requirements. Seeks opportunities and commitment to develop leadership experience and knowledge over 2+ years with renewing 6-month contracts and/or potential conversion to employee hire. Strong listening skills followed by timely measurable productivity outcome reporting.

Design and implement controls and mitigation plans, and lead aspects of their implementation Facilitate reporting on findings, mitigation plans, and controls performance Work with senior management to create their compliance strategy and improve their controls portfolio Identify areas of improvement in facilitating audits with customers to refine the process and respond to customer inquiries promptly Formalise and lead improvements of GRC function operations - processes, metrics, reporting, and analytics Provide regular status updates ensuring everyone is aware of progress and road-blockers Work with product and functional teams to understand and respond to their compliance and assurance needs and concerns Manage compliance related programs including the performance of gap assessments for new compliance frameworks Promote effective teamwork, collaboration, and commitment across the Product Compliance team and the broader organisation Seek opportunities to improve processes and collaboration to increase team output and team health Perform regular risk assessments for your business function Prepare annual audit plans, develop audit direction, and align with stakeholders on audit timetables Develop timeline for internal readiness assessment activities and obtain alignment from all stakeholders Maintain comprehensive documentation of controls, testing procedures, and evidence to support compliance efforts Work closely with internal stakeholders, including product and functional teams, to address architectural, infrastructure, or new services that impact compliance Identify opportunities for process improvements and implement best practices to enhance the efficiency and effectiveness of the readiness testing process Develop controls and mitigation plans, and lead aspects of their implementation Work with senior management to improve their controls portfolio Provide regular status updates ensuring everyone is aware of progress and road-blockers Promote effective teamwork, collaboration, and commitment across the Product Compliance team and the broader organisation Seek opportunities to improve processes and collaboration to increase team output and team health Qualifications Your background Minimum 8+ years of management experience in IT audit, compliance, or a related field Experience with SOC 2, ISO 27001/27018, HIPAA, PCI, C5 and GDPR frameworks and requirements Familiarity with compliance frameworks and standards such as NIST 800-53 Experience with the software development business for cloud service providers Experience with Technology Risk Management, Compliance and Information Security Experience with control and risk frameworks, performing compliance and risk assessments, creating controls and overseeing mitigation projects Experience with translating compliance requirements to engineering and product teams Experience with determining scope, timeline creation, complex project tracking, risk management, and process improvement Familiarity with Jira and Confluence Relevant certifications such as CISM, CISA, CISSP, or ISO 27001 Lead Auditor are highly desirable

Job Description The Cybersecurity Risk Compliance function is responsible for evaluating security and compliance risks within the organization. They set up security benchmarks, verify adherence to these standards across all internal sectors, and promote a culture of information security throughout the company. As a Lead in our Cybersecurity Risk and Compliance team, youll play a pivotal role in fortifying our security measures, leveraging your expertise in various technologies and frameworks. This position demands a proactive approach to risk management, security, automation, and strategic collaboration with diverse stakeholders to elevate our security standards. Role Expectation Drive the day-to-day activities about policy governance, control governance, risk, and compliance initiatives. Enumerate cyber security and compliance risks and ensure they are managed appropriately across the products and business functions; Ensure the Product/ Functional team takes prudent risk ownership through active partnership and collaboration. Design and oversee the enforcement of policies and procedures based on industry-standard best practices. Provide contextual guidance to various internal teams in terms of processes and controls to improve the information security and compliance posture. Certify the readiness of the identified security frameworks and certifications by identifying operationalizing the control requirements. Responsible for reviewing and reporting the operating effectiveness of the controls and risk/loss exposure. Drive continuous monitoring initiatives for the developed controls and develop reporting metrics, dashboards, and evidence artifacts periodically to be presented to the Leadership. Drive security awareness program throughout the year to effectively motivate desired behaviors conduct regular training on security policy and standard requirements through training, communication, and workshops. Be a role model for the team and provide a healthy platform for the team to learn and grow. Stay abreast of the developing regulatory concerns and changing information security trends Qualifications 8-10 years of experience in the Risk & Compliance space, viz. Risk enumeration, defining security standards, and managing information security processes. Work experience or conceptual understanding of the AWS cloud platform to define controls for the cloud environment and suggest best practices. Working experience or conceptual understanding of the FAIR methodology risk assessments or Quantified risk assessments. Have a deep understanding of security control frameworks such as ISO27001, PCI DSS, HIPAA, SOC 1/2, NIST Cyber Security Framework, NIST800-171, and the Cloud Compliance Framework. Security certifications like CISA, CISSP, CRISC, and cloud security certifications will be highly desired. Ability to gather, analyze, and evaluate facts and to prepare and present concise, detailed, and clear oral and written reports. Ability to build relationships, influence others, instill accountability, and achieve results. Ability to thrive in a dynamic, fast-paced environment taking up multiple responsibilities. Excellent problem-solving, interpersonal, and communication skills. Be a team player and a go-getter and thrive for success.

Overview Job Title : Lead and Audit Compliance Specialist Location : Bangalore Aptean is changing. Our bespoke ERP solutions are transforming a huge range of global businesses, from food producers to manufacturers. In a world of generic enterprise software, we provide targeted solutions that bring together the very best technology and drive greater results. With over 3000 employees, 50 different products and a global client base, there s no better time to advance your career at Aptean. APTEAN JOB LEVEL: D APTEAN JOB TITLE:Lead Audit and Compliance Specialist 2. GENERAL JOB SUMMARY About the Role: We are seeking a highly motivated and experienced Audit and Compliance Specialist to join our growing team in Bangalore, India. Identified SME will play a key role in maintaining our compliance posture with industry standards like SOC 2 and ISO 27001, focusing on cloud infrastructure from a Governance, Risk, and Compliance (GRC) perspective. 5. PRINCIPAL DUTIES AND RESPONSIBILITIES Conduct internal audits of security controls and processes related to SOC 2 and ISO 27001 compliance. Assist with the development, implementation, and maintenance of security policies and procedures. Analyze and evaluate the effectiveness of existing security controls and identify areas for improvement. Participate in the design and execution of penetration testing and vulnerability assessments. Work collaboratively with various teams (Security, IT Operations, Cloud Engineering) to remediate identified security risks and control gaps. Maintain and update GRC documentation related to security controls and compliance requirements. Stay up-to-date on industry best practices and regulatory changes related to cloud security and compliance. Assist with the preparation and execution of SOC 2 and ISO 27001 audits. Support the development and implementation of a cloud security GRC program. 6. JOB SPECIFICATIONS Education (Indicate the minimum level of education necessary for this position. Check all that apply and indicate specific degree as applicable to the side (e.g., Bachelor s in Computer Science) Required Preferred Degree/Certification Bachelor s degree Master s degree Ph.D. J.D. (law) Certification: Registration: Licensure: Other: Work Experience 4-6 years of experience in a similar role within a security-conscious organization. Knowledge, Skills and Abilities Experience conducting internal audits of security controls and processes. Strong understanding of SOC 2 and ISO 27001 compliance requirements. Working knowledge of cloud security concepts and best practices (e.g., AWS Security, Azure Security, GCP Security). Proficiency in GRC frameworks and methodologies (e.g., COBIT, COSO). Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to collaborate effectively across different teams. Ability to prioritize tasks, manage multiple deadlines, and work independently. Experience with GRC tools (e.g., MetricStream, RSA Archer) is a plus. Strong understanding of internal security audit and policy review processes. CISA, CRISC, or other relevant security certifications are a plus. Shift details: UK Shift Required to work in shift:Yes If Yes Shift Timing- UK DISCLAIMER The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. If you share our mindset, you can share in our success. To find out more about joining Aptean, get in touch today. Learn from our differences. Celebrate our diversity. Grow and succeed together. Aptean pledges to promote a company culture where diversity, equity and inclusion are central. We are committed to applying this principle as we interact with our customers, build our teams, cultivate our leaders and shape a company in which any employee can succeed, regardless of race, color, sex, national origin, sexuality and gender identity, religion, disability or age. Celebrating our diverse experiences, opinions and beliefs allows us to embrace what makes us unique and to use this as an asset in bringing innovative solutions to our customer base. At Aptean, our global and diverse employee base is our greatest asset. It is through embracing and understanding our differences that we are able to harness our individual power to maximize the success of our customers, our employees and our company. - TVN Reddy

Job Title Sr. Information Security Manager Job Description Job title: Sr. Information Security Manager Your role: As a Senior Information Security Manager, you will be responsible for developing, implementing and monitoring a strategic, comprehensive IT security program while ensuring compliance with regulatory requirements, and mitigating risks to the organizations information assets. Information Security Manager will provide the vision and leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective governance, system and infrastructure availability, integrity and confidentiality. Youre the right fit if: Bachelor s or Master s degree in Information Technology and or commensurate experience in delivering security solutions. Overall Enterprise IT Security experience of 15+ yrs or more. Security Certifications such as CISSP, CISM, CISA, CIPP etc. are preferred. Should have a senior level in the domain of Security & operations management Absolutely trustworthy with high standards of personal integrity (demonstrated by an unblemished career history, lack of criminal convictions etc.), willing to undergo vetting and/or personality assessments to verify this if necessary Typically a background in technical security roles or operations, with a clear and abiding interest in security How we work together We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company s facilities. Field roles are most effectively done outside of the company s main facilities, generally at the customers or suppliers locations. This role is an office role. If you re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here .

Working at Atlassian Atlassians can choose where they work - whether in an office, from home, or a combination of the two. That way, Atlassians have more control over supporting their family, personal goals, and other priorities. We can hire people in any country where we have a legal entity. Interviews and onboarding are conducted virtually, a part of being a distributed-first company. ","responsibilities":" This position will report to the Head of Compliance Risk for the India team and join our growing team within Governance, Risk and Compliance. The team is responsible for compliance, enterprise risk management and business resilience. The Product Compliance team coordinates and guides efforts related to Atlassian cloud compliance (SOC 2, ISO 27001/27018, HIPAA, PCI and C5) and sits within the Trust organisation. You will collaborate with technical leads and subject matter experts to analyse processes, business models, and controls to discover and translate risks, and provide mitigating recommendations to the leadership team. You will drive continuous process improvement, and collaborate with business and technology teams, both internally and externally to implement new solutions. What youll do Design and implement controls and mitigation plans, and lead aspects of their implementation Facilitate reporting on findings, mitigation plans, and controls performance Work with senior management to create their compliance strategy and improve their controls portfolio Identify areas of improvement in facilitating audits with customers to refine the process and respond to customer inquiries promptly Formalise and lead improvements of GRC function operations - processes, metrics, reporting, and analytics Provide regular status updates ensuring everyone is aware of progress and road-blockers Work with product and functional teams to understand and respond to their compliance and assurance needs and concerns Manage compliance related programs including the performance of gap assessments for new compliance frameworks Promote effective teamwork, collaboration, and commitment across the Product Compliance team and the broader organisation Seek opportunities to improve processes and collaboration to increase team output and team health Perform regular risk assessments for your business function Prepare annual audit plans, develop audit direction, and align with stakeholders on audit timetables Develop timeline for internal readiness assessment activities and obtain alignment from all stakeholders Maintain comprehensive documentation of controls, testing procedures, and evidence to support compliance efforts Work closely with internal stakeholders, including product and functional teams, to address architectural, infrastructure, or new services that impact compliance Identify opportunities for process improvements and implement best practices to enhance the efficiency and effectiveness of the readiness testing process Develop controls and mitigation plans, and lead aspects of their implementation Work with senior management to improve their controls portfolio Provide regular status updates ensuring everyone is aware of progress and road-blockers Promote effective teamwork, collaboration, and commitment across the Product Compliance team and the broader organisation Seek opportunities to improve processes and collaboration to increase team output and team health ","qualifications":" Your background Minimum 8+ years of management experience in IT audit, compliance, or a related field Experience with SOC 2, ISO 27001/27018, HIPAA, PCI, C5 and GDPR frameworks and requirements Familiarity with compliance frameworks and standards such as NIST 800-53 Experience with the software development business for cloud service providers Experience with Technology Risk Management, Compliance and Information Security Experience with control and risk frameworks, performing compliance and risk assessments, creating controls and overseeing mitigation projects Experience with translating compliance requirements to engineering and product teams Experience with determining scope, timeline creation, complex project tracking, risk management, and process improvement Familiarity with Jira and Confluence Relevant certifications such as CISM, CISA, CISSP, or ISO 27001 Lead Auditor are highly desirable Benefits & Perks Atlassian offers a wide range of perks and benefits designed to support you, your family and to help you engage with your local community. Our offerings include health and wellbeing resources, paid volunteer days, and so much more. To learn more, visit

Role: Engineer II, Cybersecurity Governance Standard Title: Engineer II, Security Engineering Location: Bangalore, India Founded in 2014, Circles is a global technology company reimagining the telco industry with its innovative SaaS platform, empowering telco operators worldwide to effortlessly launch innovative digital brands or refresh existing ones, accelerating their transformation into techcos. Today, Circles partners with leading telco operators across multiple countries and continents, including KDDI Corporation, Etisalat Group (e&), AT&T, and Telkomsel, creating blueprints for future telco and digital experiences enjoyed by millions of consumers globally. Besides its SaaS business, Circles operates three other distinct businesses: Circles.Life : A wholly-owned digital lifestyle telco brand based in Singapore, Circles.Life is powered by Circles SaaS platform and pioneering go-to-market strategies. It is the digital market leader in Singapore and has won numerous awards for marketing, customer service, and innovative product offerings beyond connectivity. Circles Aspire : A global provider of Communications Platform-as-a-Service (CPaaS) solutions. Its cloud-based Experience Cloud platform enables enterprises, service providers and developers to deliver and scale mobile, messaging, IoT, and connectivity services worldwide. Jetpac : Specializing in travel tech solutions, Jetpac provides seamless eSIM roaming for over 200 destinations and innovative travel lifestyle products, redefining connectivity for digital travelers. Jetpac was awarded Travel eSIM of the Year. Circles is backed by renowned global investors, including Peak XV Partners (formerly Sequoia), Warburg Pincus, Founders Fund, and EDBI (the investment arm of the Singapore Economic Development Board), with a track record of backing industry challengers. Mission Our mission in Circles is to become a world-class cybersecurity function by cultivating security as job zero across the organisation. This means security is enforced as an integral component across every facet of our business globally, whereby: Security is second nature; Security is in the DNA of everything we do; and Cultivating and maintaining a Security conscious culture The Role As a team member of Cyber Governance & Assurance vertical within Information & Cybersecurity Function, primarily responsible to ensure that Circles & its global offices are always maintaining robust, sustainable and adequate governance practices and compliance as follows. Develop, mature and operationalize cybersecurity framework, policies, procedures, guidelines and baseline standards within the Group. Ensure cybersecurity best practices are embedded within new initiatives, ongoing change management and evaluate the security impact of the initiatives. Ensure organizational crown jewels are adequately protected in accordance with regulatory and data protection regulations such as ISO27701, PCI-DSS, Market specific Data Protection regulations including PDPA, GDPR. Develop data privacy and protection framework, enhance existing policies and work programs to align with expectation of relevant data privacy laws. Identify, risk assess and prioritize various information, data assets across the Enterprise. Support the day-to-day functioning of the Data Privacy Office by: o Serving as a point of contact within group on issues related to data privacy; o Performing privacy impact assessments, maintain records of processing activities; Serving as subject matter expert to stakeholders on privacy matters o Participate in investigation of data privacy incidents; Drive internal Risk Assessment including 3rd Party Due Diligence (3PDD) reviews, cybersecurity assurance activities, as well as audit readiness reviews and drive timely resolution of potential gaps. Provide advisory services on information, privacy and cybersecurity matters for internal stakeholders as laid out in subsequent sections. Drive cybersecurity and privacy awareness within the Group, formulating learning curriculum, rolling out training modules ensuring completion remains above agreed metrics. Devise focused training across staff who are involved in data handling and processing. Promote a culture of Security, data privacy and compliance across group Proactively support in organizational roadmap towards maintaining relevant credentials including ISO27001 compliance, DPTM, APEC CBPR and establishing SOC2 compliance report. You Hold a Degree in Information Technology, Cyber Security or comparable qualification. To have 2+ years of professional experience in Audit, Assurance, Governance, Management Consulting or ability to port skills across these functional responsibilities. Assist in cybersecurity, data governance and assurance initiatives in relation to SaaS based Telco platform delivering B2B and B2C products. Excellent written and oral communication skills, confident in having meaningful conversation with stakeholders at multiple levels within the Group. Prior experience, knowledge in the following is a certain plus: o Big 4, Tier 2 Consulting Firms, Telco industry. o Cloud Infrastructure and Security, DevSecOps, Microservices architecture, Container security. o Industry Standards such as ISO 27001, ISO 27701, NIST, COBIT, PCI-DSS, MTCS. o Global, Regional data privacy regulations such as GDPR, PDPA, PDPO. Cherish continuous learning and demonstrate it with one or more professional certifications such as CRISC, CISA, CGEIT, CDPSE, CDPSE, CSX-P, CISSP, Diploma in Data Protection or equivalent. Key Stakeholders Verticals within Information & Cybersecurity Engineering Growth and Marketing Customer Happiness Operations Government Affairs and Public Policy Finance and Legal People & Culture To all recruitment agencies: Circles will only acknowledge resumes shared by recruitment agencies if selected in our preferred supplier partnership program. Please do not forward resumes to our jobs alias, Circles employees or any other company location. Circles will not be held accountable for any fees related to unsolicited resumes not uploaded via our ATS. Circles is committed to a diverse and inclusive workplace. We are an equal opportunity employer and do not discriminate on the basis of race, national origin, gender, disability or age.

Business Unit Overview Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Audit & Control Monitoring mitigates audit, regulatory, and regional issues to maintain a proper channel between local regulators and the firm. We are a team of program and project managers that align the firm with government entities through audit oversight, controls tracking and documentation, and data risk reporting and reviews. Role In this role, you will support Technology Risk Advisory in delivering best in class advisory support and technology solutions across the Information Security risk domains, including scalable uplifts of common core security solutions for use across Goldman Sachs and conducting cyber risk assessments. The ideal candidate should have a good understanding of regulations that govern this space, be well versed in risk assessments and a demonstrated ability in helping counterparts manage risk RESPONSIBILITIES AND QUALIFICATIONS Job Responsibilities: Support the Technology Risk Advisory function by helping to shape the Vendor Technology Risk strategy, leading a team that assesses risk and working with Business Units to manage risk portfolios. As the Vendor Risk Program Associate, you will be part of or oversee a team that is responsible for assessing and managing the portfolio vendor Information Security Risk across the firm. Your team will be responsible for all Vendor Technology Risk related initiatives and assessments, including; core assessments of a vendor s logical security controls, Cloud assessments, Mobile assessments and Application assessments. Basic Qualifications: Be well versed in risk assessments and a demonstrated ability in helping counterparts manage risk Have in the past worked with Legal to develop and on an ongoing basis, review Information Security contractual requirements Understanding of well recognized risk management frameworks and a proven track record of implementation Working knowledge of the regulatory landscape and its applicability to the vendor ecosystem Good understanding of Information Security controls, along with preferred and alternative implementations Working knowledge of Cloud computing and understanding of how to assess Cloud related risks Working knowledge of the overall Procurement process and a clear understanding of Technology Risk s role in that process At least 3 4 years of relevant work experience Preferred qualifications: Proficient verbal and written communication skills Bachelor of Science in Computer Science, System/Computer Engineering, Cyber-Security, Information Security, Information Technology or Risk Management is preferred Prior experience conducting IT/cyber security audits One or more of the following Certificates; CISA, CRISC, CISM, CISSP

Role: Engineer II, Cybersecurity Governance Standard Title: Engineer II, Security Engineering Location: Bangalore, India About Us Founded in 2014, Circles is a global technology company reimagining the telco industry with its innovative SaaS platform, empowering telco operators worldwide to effortlessly launch innovative digital brands or refresh existing ones, accelerating their transformation into techcos. Today, Circles partners with leading telco operators across multiple countries and continents, including KDDI Corporation, Etisalat Group (e&), AT&T, and Telkomsel, creating blueprints for future telco and digital experiences enjoyed by millions of consumers globally. Besides its SaaS business, Circles operates three other distinct businesses: Circles.Life : A wholly-owned digital lifestyle telco brand based in Singapore, Circles.Life is powered by Circles SaaS platform and pioneering go-to-market strategies. It is the digital market leader in Singapore and has won numerous awards for marketing, customer service, and innovative product offerings beyond connectivity. Circles Aspire : A global provider of Communications Platform-as-a-Service (CPaaS) solutions. Its cloud-based Experience Cloud platform enables enterprises, service providers and developers to deliver and scale mobile, messaging, IoT, and connectivity services worldwide. Jetpac : Specializing in travel tech solutions, Jetpac provides seamless eSIM roaming for over 200 destinations and innovative travel lifestyle products, redefining connectivity for digital travelers. Jetpac was awarded Travel eSIM of the Year. Circles is backed by renowned global investors, including Peak XV Partners (formerly Sequoia), Warburg Pincus, Founders Fund, and EDBI (the investment arm of the Singapore Economic Development Board), with a track record of backing industry challengers. Mission Our mission in Circles is to become a world-class cybersecurity function by cultivating security as job zero across the organisation. This means security is enforced as an integral component across every facet of our business globally, whereby: Security is second nature; Security is in the DNA of everything we do; and Cultivating and maintaining a Security conscious culture The Role As a team member of Cyber Governance & Assurance vertical within Information & Cybersecurity Function, primarily responsible to ensure that Circles & its global offices are always maintaining robust, sustainable and adequate governance practices and compliance as follows. Develop, mature and operationalize cybersecurity framework, policies, procedures, guidelines and baseline standards within the Group. Ensure cybersecurity best practices are embedded within new initiatives, ongoing change management and evaluate the security impact of the initiatives. Ensure organizational crown jewels are adequately protected in accordance with regulatory and data protection regulations such as ISO27701, PCI-DSS, Market specific Data Protection regulations including PDPA, GDPR. Develop data privacy and protection framework, enhance existing policies and work programs to align with expectation of relevant data privacy laws. Identify, risk assess and prioritize various information, data assets across the Enterprise. Support the day-to-day functioning of the Data Privacy Office by: o Serving as a point of contact within group on issues related to data privacy; o Performing privacy impact assessments, maintain records of processing activities; Serving as subject matter expert to stakeholders on privacy matters o Participate in investigation of data privacy incidents; Drive internal Risk Assessment including 3rd Party Due Diligence (3PDD) reviews, cybersecurity assurance activities, as well as audit readiness reviews and drive timely resolution of potential gaps. Provide advisory services on information, privacy and cybersecurity matters for internal stakeholders as laid out in subsequent sections. Drive cybersecurity and privacy awareness within the Group, formulating learning curriculum, rolling out training modules ensuring completion remains above agreed metrics. Devise focused training across staff who are involved in data handling and processing. Promote a culture of Security, data privacy and compliance across group Proactively support in organizational roadmap towards maintaining relevant credentials including ISO27001 compliance, DPTM, APEC CBPR and establishing SOC2 compliance report. You Hold a Degree in Information Technology, Cyber Security or comparable qualification. To have 2+ years of professional experience in Audit, Assurance, Governance, Management Consulting or ability to port skills across these functional responsibilities. Assist in cybersecurity, data governance and assurance initiatives in relation to SaaS based Telco platform delivering B2B and B2C products. Excellent written and oral communication skills, confident in having meaningful conversation with stakeholders at multiple levels within the Group. Prior experience, knowledge in the following is a certain plus: o Big 4, Tier 2 Consulting Firms, Telco industry. o Cloud Infrastructure and Security, DevSecOps, Microservices architecture, Container security. o Industry Standards such as ISO 27001, ISO 27701, NIST, COBIT, PCI-DSS, MTCS. o Global, Regional data privacy regulations such as GDPR, PDPA, PDPO. Cherish continuous learning and demonstrate it with one or more professional certifications such as CRISC, CISA, CGEIT, CDPSE, CDPSE, CSX-P, CISSP, Diploma in Data Protection or equivalent. Key Stakeholders Verticals within Information & Cybersecurity Engineering Growth and Marketing Customer Happiness Operations Government Affairs and Public Policy Finance and Legal People & Culture To all recruitment agencies: Circles will only acknowledge resumes shared by recruitment agencies if selected in our preferred supplier partnership program. Please do not forward resumes to our jobs alias, Circles employees or any other company location. Circles will not be held accountable for any fees related to unsolicited resumes not uploaded via our ATS. Circles is committed to a diverse and inclusive workplace. We are an equal opportunity employer and do not discriminate on the basis of race, national origin, gender, disability or age.

Key Responsibilities: This role serves as the primary IT contact for internal and external audits, ensuring compliance with policies and procedures including... Roles and Responsibilities Be the main point of contact for IT and assist on all internal and external audit teams where IT inquiry is required. Monitor activities of assigned IT areas to ensure compliance with internal policies and procedures including monthly, quarterly, and annual account and activity reviews. Assist in supporting current and future compliance related responsibilities (SOX, SOC2, ISO, SEC, etc.) Gather evidence required for internal and external audits. Develop IT General Control procedures and policies. Provide guidance in implementing ITGC controls. Reviews analyze and interpret controls for design and operational effectiveness to determine adherence to regulatory, contractual, and corporate policies and standards. Ability to manage Sarbanes-Oxley IT General Control testing and certification requests from Internal and External Auditors. Identifies, quantifies, tracks, and leads mitigation of risks and control exceptions and communicates results to department leadership. Supports and interprets information provided by Internal/External Audit for relevant compliance concerns. Make broad recommendations on improving compliance related processes and/or procedures as it pertains to the IT department. Partner with management, business teams, and/or data team to implement solutions. Requirements BA/BS in a business related field and/or equivalent years of education and experience working in a related field. 3-5 years experience in Information Technology or Information Security experience. Big 4 auditing experience is a plus. Identity Access Management tool/RBAC experience a plus. Experience testing controls and the documentation of those tests as it relates to frameworks such as COSO, COBIT, NIST Cyber Security Framework, and/or ISO 27001. Familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR etcCOSO, COBIT, NIST Cyber Security Framework, and/or ISO 27001.) and experience working directly with internal or external auditors for at least one of the listed standards. (previous external audit experience a plus). Excellent interpersonal, verbal, and written communication skills with the ability to communicate compliance related concepts to a broad range of technical and non-technical staff. Successful experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues, and clients. Demonstrated success working with internal audit, external auditors, outside consultants, and legal affairs. Certified Information Systems Auditor (CISA) and/or Certified Information Systems Security Professional (CISSP) preferred.