728 Cisa Jobs - Page 14

Roles and Responsibilities : Conduct code reviews to identify potential security vulnerabilities and provide recommendations for remediation. Collaborate with development teams to implement secure coding practices and ensure compliance with industry standards (e.g., CISA). Develop and execute test plans to validate the effectiveness of implemented controls, identifying areas for improvement. Provide guidance on risk management strategies, including assessment, mitigation, and monitoring of identified risks. Job Requirements : 7-15 years of experience in IT services & consulting with a focus on cyber security, control testing, or related fields. Certifications such as CISSP or CISA are highly desirable; equivalent experience may be considered. Strong understanding of software development life cycles, including design patterns, coding standards, and testing methodologies. Experience with conducting audits/assessments using various frameworks (e.g., ISO 27001) is an asset.

Primary Responsibilities: Perform audits to identify control gaps and implement corrective action plans Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Monitor compliance with corrective action plans, and address non-compliance issues appropriately Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools) Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards Facilitate/lead security incident investigation Analyze business requirements and ensure that solutions meet established security policies and controls Maintain metrics and ensure reporting as appropriate Maintain current knowledge on information security topics and their applicability program requirements Communicate professionally with stakeholders/end users through multiple communication Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: Bachelors degree or higher level of education 6+ years of Information security experience Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Demonstrated auditing skills and the ability to manage risk assessments / projects independently Demonstrated excellent communication skills both verbal and written Demonstrated good presentation skills particularly ability to present technology elements in manner personnel can follow and act Preferred Qualification: CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyoneof every race, gender, sexuality, age, location and incomedeserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes an enterprise priority reflected in our mission.

Job Description: Role Title : AVP, Risk Testing (L10) Company Overview : Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more. We have recently been ranked #2 among India s Best Companies to Work for by Great Place to Work. We were among the Top 50 India s Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies. Synchrony celebrates ~52% women diversity, 105+ people with disabilities, and ~50 veterans and veteran family members. We offer Flexibility and Choice for all employees and provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being. We provide career advancement and upskilling opportunities, focusing on Advancing Diverse Talent to take up leadership roles. Organizational Overview : Synchronys Risk Team provides independent oversight of Synchrony s risk-taking activities to ensure safety and soundness, meet regulatory and legal requirements, and manage risks to the risk-appetite of the Board. Risk is responsible for independently assessing, quantifying, and overseeing risks & providing effective challenge. Risk serves as Synchrony s Second Line of Defense. Overall, Risk Team oversees and manages the Risk Program to support the business in anticipating and addressing risks, issues and challenges. Results are consistent with the respective strategic uses and complying with related overall risk, risk testing policies, standards, procedures as well as regulations. Our Risk organization consists of 4 pillars: Compliance, Credit & Financial Risk, Enterprise Risk and Operational Risk. Each of the pillars play a vital role in managing Risk and supports the business in anticipating and addressing risks, issues, and challenges. Role Summary/Purpose: Risk Testing is an independent 2nd line assurance process that, together with 1st line business surveillance and 3rd line independent audit, make up the three lines of defense that are the cornerstone of an effective control framework. This position is responsible for conducting and leading other associates in key control testing activities of Synchrony Bank ( SYB ) and Synchrony Financial ( SYF ) to assess compliance with applicable laws and regulations and ensure prompt remediation of control deficiencies. Key Responsibilities: Develop and execute control testing to ensure that key risks are mitigated. Document detailed test results to performance standards and meet required deadlines. Identify control gaps and potential issues, discuss viable solutions with the business to address gaps, and obtain management action plans for remediation. Communicate test results to leaders and other stakeholders throughout the business and provide periodic updates regarding status of testing activities. Provide effective challenge to the business regarding the assessment of risks and controls. Influence stakeholders and process owners to implement necessary process and control modifications to mitigate operational, regulatory, and financial risks. Provide guidance to process owners regarding key risks and mitigation strategies. Perform any special projects as assigned Required Skills/Knowledge: Bachelors degree with minimum 4+ years in Financial Services industry, or in lieu of a degree 6+ years of relevant work experience in Financial Services industry Minimum 2+ years of Audit, Testing, Surveillance. Minimum 3+ years in consumer banking laws and regulations Effective written and verbal communication skills Experience applying analytical skills and attention to detail Proven ability to work independently and meet deadlines Proficiency in Microsoft Office Suite applications Desired Skills/Knowledge: Minimum 2+ years of Audit, Testing, Surveillance Knowledge of process and systems related to Servicing, Collections, Credit, Fraud, and AML/BSA Effective written and verbal communication skills Experience applying analytical skills and attention to detail Proven ability to work independently and meet deadlines Proficiency in Microsoft Office Suite applications Demonstrated ability to communicate effectively with various levels of stakeholders Relevant industry certifications - CIA, CISA, CRCM, CAMS, CPA, etc. Eligibility Criteria: Bachelors degree with minimum 4+ years in Financial Services industry, or in lieu of a degree 6+ years of relevant work experience in Financial Services industry Work Timings: This role qualifies for Enhanced Flexibility and Choice offered in Synchrony India and will require the incumbent to be available between 06:00 AM Eastern Time - 11:30 AM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs. Please discuss this with the hiring manager for more details. For Internal Applicants : Understand the criteria or mandatory skills required for the role, before applying Inform your manager and HRM before applying for any role on Workday Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format) Must not be any corrective action plan (Formal/Final Formal) L8+ Employees who have completed 18 months in the organization and 12 months in their current role and level are only eligible. Employees at L8+ can only apply for this opportunity. Level / Grade : 10 Job Family Group: Risk Management

Company: Marsh Description: Job Profile: Manager, Cyber Risk Consulting, Marsh Location: Mumbai MMC Business Unit: Marsh MMC Office Name: Marsh McLennan Global Services India Private Limited (MMGS) MMGS Function: Knowledge Services Marsh is a global leader in insurance broking and risk management. In more than 130 countries, our experts in every facet of risk and across industries help clients to anticipate, quantify, and more fully understand the range of risks they face. Marsh Advisory is the consultative branch of Marsh, which operates internationally and provides solutions in the increasing needs of our clients to implement risk management programs within their organization.Marsh Advisory helps companies to change their risk profiles so they can improve resiliency, reduce claims, and minimize the total cost of risk. Businesses today regularly tackle multiple challenges; whether facing property and casualty, cyber, reputational, or other risks, Marsh Advisory can help. The global Cyber Risk Consulting (CRC) practice of Marsh Advisory supports customers to understand, estimate and mitigate cyber risks. This role is open in Marsh McLennan Global Services (MMGS) a global in-house center for MMC Group. The MMGS in Mumbai has a function called Knowledge Services which supports the MMC group by providing specialized services. Under the Knowledge Services function, there is Marsh Advisory team, which supports the global clients and colleagues, this role will initiate a new service line for Marsh Advisory team in Mumbai, which entails supporting the CRC colleagues in execution of the cyber consulting projects. What can you expect? Collaborate with the CRC practice in India, Middle East and Africa (IMEA) for delivery of the practices value proposition in the regions. Provide complete support to delivery of the desired deliverables as per the agreed scope of work with the client, and provide an efficient delivery model for Marsh CRC practice Play a key role in leading the delivery of multiple CRC projects Responsible for review and training of junior colleagues to ensure the deliverable is as per the expected quality framework. Moderate travel within India, Middle East, and Africa (IMEA) region for client engagements and collaboration with the CRC practice. We will count on you to : Support the IMEA CRC practice, and be hands-on in delivery of the consulting projects and mentor the junior colleagues in their projects Prepare deliverables for cyber consulting practice under the guidance of the CRC practice Conduct research on the clients cybersecurity risk areas and prepare a point of view for consulting Support the team towards constant innovation of cybersecurity approach and go-to-market strategy Quick learner of the CRC practices procedures and policies, and is able to explain the same to non-technical clients/colleagues Understand different domains within cybersecurity space and demonstrate passion Is on track to build specialization to demonstrate specialist knowledge in cybersecurity Contribute in research support for building a robust CRC practice deliverables Will be responsible to maintain key project track record and detailed process documentations Delivery of the projects would be done either remotely or onsite depending on the client requirement Ability to motivate the team members and take the high road to ensure client success Build proposals and pitch to potential clients, including developing compelling presentations and effectively communicating the value proposition of the Cyber Risk Consulting practice. What you need to have: The candidate must possess the following attributes: Post Graduate or equivalent from an institute of repute 5 to 7 years professional experience in cybersecurity consulting domain in Big 4 or boutique firms; At least one of the following Professional cyber security certifications (e.g. CISA, CISSP, ISO LA/LI or Security+) would be mandatory; Expertise in ICT security principles and controls. Candidate should ideally have hands on experience in conducting Cyber risk assessments, designing cyber security framework (including policies, procedures), ISO/IT GRC implementations, audits, license management, vendor risk management, DLP, IRM, compliance management, user awareness trainings and data privacy. Knowledge on Cyber Security standards / regulations. E.g. COBIT, NIST, ISO, GDPR, RBI Guidelines etc. Experience in IT Disaster Recovery Management. Operational or emerging technologies knowledge is a plus. Ability to develop quality reports, presentations, project trackers. Should be proficient in Ms. Office applications such as Word, PowerPoint, and Excel. Basic knowledge in Project, Teams, and Visio. Effective communicator who is able to share insights with clients/stakeholders Strong analytical problem solving skills and experience Smart, collaborative, relationship and outcome focused with the ability to make decisions where ambiguity exists; Ability to demonstrate sound judgment in the prioritization of competing work assignments, escalation of issues and the formulation of solutions; Effective organization skills with key attention to detail and delivery of high quality documentation with the ability to implement/influence change; Strong sense of business ethics and principles; Graduate degree in Computer Science, Engineering or Business Administration. Excellent English language skills, both verbal and written with the ability to communicate technical matters to a non-technical audience. Fluency in additional foreign languages constitutes an advantage. What is good to have: Experience in data governance/data privacy Experience of internal or external IT audit OT/ICS Cybersecurity knowledge Knowledge of technical assessments (VA/PT, WAPT, Config. Review etc.) Experience with developing cyber security strategies Experience in Ms. Visio, Ms. Project Fluency in foreign language constitutes an advantage. Marsh, a business of Marsh McLennan (NYSE: MMC), is the world s top insurance broker and risk advisor. Marsh McLennan is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marsh.com, or follow on LinkedIn and X.

Role & responsibilities Key highlights of the role are listed below (purely indicative and not limiting): Develop and execute the Information Security Audit Plan based on a risk-based approach. Conduct IT security audits, risk assessments, and compliance reviews across applications, infrastructure, and third-party vendors. Evaluate IT / Information Security policies, procedures, and controls to ensure compliance with ISO 27001, PCI-DSS, DPDPA, SOC 2, and other relevant standards. Identify security risks, control weaknesses, and process inefficiencies, providing recommendations for mitigation. Work closely with IT, IS, cybersecurity, and other business teams to ensure audit findings are addressed in a timely manner. Perform security assessments of cloud environments (AWS, Azure, GCP), network security, and application security Prepare detailed audit reports, executive summaries, and presentations to relevant stakeholders Monitor industry trends, regulatory changes, and emerging cyber threats to enhance the organizations security posture. Lead and conduct internal and external IT / security compliance audits, ensuring adherence to company policies and industry best practices. Mentor and guide the team in audit methodologies and best practices. Assist in IT and cybersecurity audits by external regulators (RBI, PCI-DSS, etc.). Applicants should possess the following attributes: Experience in ISO 27001, SOC 2, PCI-DSS or RBI, SEBI guidelines compliance. Knowledge of penetration testing, vulnerability assessments, and security operations. Hands-on experience with SIEM, DLP, IAM, and other security tools. Prior experience in a Big 4 audit firm or financial services sector is an advantage. Effective Team Management Excellent communication skills with the ability to present technical findings to nontechnical stakeholders Strong understanding of IT security frameworks, governance, risk, and compliance (GRC) principles. Familiarity with financial, regulatory or other requirements related to information security. Experience in performing security assessments of cloud environments (AWS, Azure, GCP), network security, and application security Strong analytical, problem-solving, and leadership skills.

How you'll make an impact: Engaging the third party and driving the ITGC operations across P&A (Platforms and Applications). Review that all the JSOX Controls are executed as per the standards and the required quality is being adhered to by the third party. Defining the key attributes needed to perform the controls effectively. Planning and ensuring that all the audits are completed in a timely manner in Coordination with the Control performers. Liaison between the P&A Application managers and the Control performers. Support Framework transition and optimization. Work out opportunities for efficiency improvements, automated controls, aggregation of controls, etc. Work out concept of internalization of Control Owner. Defining the KPI and come out with adequate measures to reduce the outsourcing costs without reducing the security risks to the applications. Supporting non JSOX audits and defining clear plans with timelines for all identified gaps, working on mitigations. Supporting non JSOX compliance maturity enhancements across P&A. Responsible to ensure compliance with applicable external and internal regulations, procedures, and guidelines. Living Hitachi Energy s core values of safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business. Your background: The candidate should have more than 20 years professional experience and more than 15 years in Internal audits The candidate should be a CISA and ISO 27001 Certified The candidate should have extensive experience with compliance service The candidate should have extensive experience in dealing with diverse technological audits The candidate should have experience in dealing with regulatory audits and also have a track record of completing SOX audits testing on time The candidate should have experience in managing large, global and diverse teams include handling third parties The candidate should have worked with senior management, provided and discussed reporting Proficiency in both spoken & written English language is required.

Develop the culture of risk management across the organisation, and ensure effective identification, quantification, communication, and management of risks focusing on root cause analysis and resolution recommendations across domains Cyber, HR, Legal, Finance, etc. Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance. Provide SME support to functional managers or Internal stakeholders in understanding and applying responsibilities towards risk and compliance providing recommendations as appropriate. Support the CIO and CISO, and work with internal stakeholders to: Participate in consultation and conduct gap analysis against new requirements Coordinate and facilitate IT / cyber security audits. Support Risk Owners and Tech teams in documenting control procedures, guidelines, etc. Ensure risk and control activities are completed in a timely and appropriate manner applying the correct governance route Report and publish Risks to senior leadership inclusive of providing content for Senior Leadership risk and control review forums/Committees. Ensure all governance attestations and sign-off from Senior leadership are completed including the conduct risk measures. Co-ordinate and track the tickets / findings in areas likeIT Operational Risks and Information Security Risks,Control Self assessments ,Internal/External Audit findings with appropriate CAPA,BCP / Disaster recovery ,Problem tickets with root cause analysis. Audit event co-ordination, Audit liaison and issue closure oversight (SOC 2 Type 2, ISO 27001, etc.) Lead pre-audit preparation activities with stakeholders (SOC 2 Type 2, ISO 27001, etc.) Provide first line of defense support in assessing risk and reviewing control issues Documentation of control procedures, standards and guidelines, etc. What youll bring: Bachelor s degree in IT or relevant field with a strong academic background A minimum of 7-10 Years of experience in Risk management and internal controls governance Strong communication & strategic influencing skills. Relevant experience working with senior leaders, building internal networks, and delivering high impact programs in complex -matrixed environments. Formal training or certification in Information Security, and/or 5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation. Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies. Proficient in MS Office productivity suite (e.g., Word, Excel, PowerPoint, SharePoint). Advanced Excel skills strongly preferred CISM/CRISC/CISA/CISSP/CIA/MBA or relevant Risk Management / Audit certification Basic working knowledge of following (Majority of the points, if not all): -COBIT Control Objectives for Information and Related Technology -ISO/IEC 27001:2013 Code of Practice for Information Security Management -NIST SP 800-53 -NIST CSF -SOC1/SOC2/SOC3 -HIPAA/HITECH Security and Privacy Audit Protocol -Shared Assessments Standard Information Gathering (SIG) framework -US SOX Sarbanes Oxley Act -US HIPAA/HITECH Act -EU GDPR General Data Protection Regulation -US EU Privacy Shield -India Companies Act Additional Skills: Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives. Program level management up to and including Executive presentation and reporting. Knowledge and Experience of Technology Infrastructure. Understanding of Infrastructure Security Stakeholder management Willingness to adapt to evolving industry standards and technologies Ability to manage a wide variety of tasks and meet deadlines, and reliability/dependability Proven ability to work creatively and analytically in a problem-solving environment

Job Title: Information Security Officer (ISO) Corporate Title: AS Role Description The role of an Information Security Officer (ISO) is of a role holder aligned to a portfolio of applications (Application ISO). The ISO has the responsibility for the operational aspects of ensuring compliance with the Information Security Principles. The ISO is the primary contact for information security relevant matters within their area of responsibility. The ISO has a disciplinary reporting line into their Line Manager and a functional reporting line into the Divisional CISO. Your key responsibilities To assume the ownership and responsibility for the assigned IT assets, in line with the DB Group Information Security management processes and the Divisional ISMS. To support the development and maintenance of Information Security policies and procedures pertaining to the Unit in accordance with the Information Security policies and procedures of DB Group. To support the management of IS Risks within the Risk Appetite defined by the ISR. To execute the IS Risk assessments and compliance evaluations for assigned IT assets To ensure the execution of information security risk management requirements in their area of responsibility as additionally defined by the Divisional ISO (e.g., conducting risk assessments on an organizational basis, preparing and implementing management action plans to mitigate identified risks) To ensure the implementation of Identity and Access Management Processes and the execution of a periodic recertification of User Access Rights in their area of responsibility To provide timely updates to the Divisional ISO regarding the aforementioned information security management tasks To ensure that application entries regarding information security (e.g., Data Protection and Data Privacy fields) in the Groups inventory of applications are accurate and up to date To implement Segregation of Duty (SoD) rules for the assigned IT assets To contribute to the Information Security incident management process in the case of a security breach Keep oneself informed of the Information Security Principles and its subordinate documents and liaise with any other necessary parties to accomplish their tasks. These resources may be e.g., the TISO, ITAO or any other subject matter experts To ensure appropriate documentation of information security risk management in area of responsibility. This includes major decisions including identified and assessed risks as well as risk mitigation measures To deliver all items requested during regulatory and internal Information Security related audits Your skills and experience Essential Candidate should have a minimum of 8 years of business experience in an operation management / risk management capacity, working knowledge in various banking products with strong communications skills Knowledge on Information Security Controls, Data Protection Policy, Information classification principles and segregation of duties requirements within Banking Operations Good understanding of Regulatory, Compliance, Risk & Control Knowledge Have sound knowledge of Identity and Access Management Process Ability to multitask and manage multiple deliverables / projects that are highly visible and of strategic importance to our clients Ability to effectively communicate with clients internally and externally Must be a team player and facilitator Desirable Solid technical understanding of the business (CB Operations) including strong knowledge of application security related processes. Knowledge of electronic banking products and flow of instructions Computer proficiency in MS Office and ability to utilize IT initiatives to achieve a high degree of operational efficiency, optimize costs and add value to the service provided Innovative approach to work and continuously identify and implement process improvements Seek opportunities to improve service processes, minimize operational risk and reduce costs Strong analytical skills, detail orientation, service commitment and solid people management skills Strong awareness of risk control Education / Certification Graduation degree CRISC Desired: CISA/CISM/CISSP

Executives are typically project team members who will be involved in conducting process consulting/ internal audit/ risk consulting and execution of other solutions of GRCS Executives may lead a small team of analysts/trainees on engagements. Consistently deliver quality client services and take charge of the project area assigned to him/her. Monitor progress, manage risk and verify key stakeholders are kept informed about progress and expected outcomes. Demonstrate in-depth technical capabilities and professional knowledge. Demonstrate ability to assimilate to new knowledge. Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge. The job would require travel to client locations within India and abroad. THE INDIVIDUAL Have experience in process consulting/ internal audit/ risk consulting. Possess strong domain knowledge, understanding of business processes and possible risks in operations of various Sectors. Ability to perform and interpret process gap analysis. Understanding of control rationalization, optimization, effectiveness, and efficiency Strong analytical and problem-solving skills. Possess strong data analytics skills and knowledge of advanced data analytical tools will be an advantage. Strong written and verbal communication skills (presentation skills) Ability to work we'll in teams. Basic understanding of IT systems, Knowledge of MS office (MS Excel, PowerPoint, Word etc) Have the ability to work under pressure - stringent deadlines and tough client conditions which may demand extended working hours. Willingness to travel within India or abroad for continuous long periods of time. Demonstrate integrity, values, principles, and work ethic. Qualification Qualified CAs/ MBAs with 0 - 2 years OR Graduates with 2 - 4 years of relevant experience in risk consulting/ operations or compliance function role (Understanding of internal audit, business processes, sector understanding). Certifications like Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA) would be an added advantage. Compensation Compensation is competitive with industry standards. Details of the compensation breakup will be shared with short-listed candidates only. People BENEFITS Continuous learning program Driving a culture of recognition through ENCORE our quarterly rewards and recognition program Comprehensive medical insurance coverage for staff and family Expansive general and accidental coverage for staff Executive Health checkup (Manager & above, and for staff above the age of 30) Les Concierge desks. Internal & Global mobility Various other people friendly initiatives Strong commitment to our Values such as CSR initiatives

The Chief Security Officer (CSO) is responsible for the strategic leadership, direction, and oversight of all corporate security functions. This includes information security, physical security, risk management, incident response, compliance, and business continuity. The CSO will work closely with executive leadership and cross-functional teams to ensure the company s assets, employees, and data are protected. 1. Enterprise Security Leadership Own and evolve SmartQ s global security strategy covering cyber, infrastructure, product, data, and field security. Act as a strategic partner to product, engineering, and business teams, enabling innovation while maintaining strong security. Serve as the primary representative for security audits, stakeholder reviews, and compliance programs (SOC 2, ISO 27001, GDPR, Compass standards). 2. Infrastructure & Endpoint Security Drive secure development practices and zero-trust architecture across cloud environments (AWS/GCP). Lead configuration and monitoring of SIEM tools, firewalls, endpoint protection (Trend Micro, Zscaler), mobile device management (Intune), and enterprise patch and compliance tools (Tanium, OS license validation, AV coverage). Review codebases, infrastructure-as-code templates, and DevSecOps pipelines. Lead endpoint security hardening for enterprise laptops/desktops and POS/kiosk devices, ensuring full visibility and compliance. 3. Compliance & Risk Governance Design and implement internal security controls, vulnerability assessments, and threat intelligence frameworks. Oversee third-party security evaluations, vendor compliance, and deployment of governance tools (SQ Lens). Build operational compliance dashboards for real-time tracking of endpoint compliance (AV, patch, OS licensing, Zscaler). Ensure adherence to Compass Group, global, and regional data protection regulations. 4. Crisis Management & Incident Response Build a company-wide incident response program and conduct periodic drills. Lead incident response teams during breaches, ensuring rapid mitigation and transparent reporting. Maintain clear playbooks for POS, cloud, and field environments. 5. Security Awareness & Culture Building Build and mentor the InfoSec team. Champion a security-first culture through training programs, phishing simulations, and awareness campaigns. Drive targeted security awareness for field users (POS operators, kitchen staff, warehouse) ensuring operational teams understand and follow security best practices. Qualifications: Bachelor s degree in computer science, Engineering, or a related field (or equivalent experience). 15+ years in information security or cybersecurity leadership roles. Proven experience in cloud security, compliance audits, and vendor governance. Deep understanding of SOC 2, ISO 27001, GDPR frameworks. Proficiency in tools like SIEM, DLP, EDR, IAM, and secure SDLC practices. Certifications such as CISSP, CISM, CISA, or ISO 27001 LA. Strong communication skills and experience working with global teams and enterprise clients. Prior experience in high-growth B2B tech, consumer tech, retail, POS, or kiosk systems. Understanding of AI/ML security risks and modern data governance models. : .

OPL, is a revolutionary digital credit infrastructure company that develops and integrates cutting-edge technology to automate and digitize lending for both borrowers and lenders. The company addresses the challenges of credit distribution to MSMEs and retail borrowers. To expand its digital footprint and utilize its infrastructure, the company is diversifying into several industry segments. Job Description: As the VP Security / Deputy CISO, you will be responsible for developing and implementing the companys information security strategy to ensure the confidentiality, integrity, and availability of our systems and data. You will lead a team of cybersecurity professionals and work closely with other departments to identify risks, implement security measures, and respond to security incidents. Key Responsibilities: Develop and implement the companys information security strategy, policies, and procedures. Lead a team of cybersecurity professionals, providing guidance, mentorship, and support. Conduct regular risk assessments and vulnerability assessments to identify and prioritize security risks. Implement security controls and measures to mitigate risks and ensure compliance with relevant regulations and standards. Monitor and analyze security events and incidents and respond promptly to security breaches or incidents. Oversee security awareness and training programs for employees to promote a culture of security awareness. Collaborate with other departments, including IT, legal, and compliance, to integrate security into all aspects of the business. Stay current with emerging cybersecurity threats, technologies, and best practices, and recommend appropriate security solutions and enhancements. Prepare and present reports on the companys security posture, incidents, and initiatives to senior management and stakeholders. Qualifications: Bachelors degree in computer science, information technology, cybersecurity, or a related field. Advanced degree or professional certifications (e.g., CISSP, CISM, CISA) preferred. Proven experience (15+ years) in a senior cybersecurity leadership role, with a track record of developing and implementing effective security strategies. Strong technical knowledge of cybersecurity technologies, tools, and best practices. Excellent leadership, communication, and interpersonal skills, with the ability to collaborate and influence stakeholders at all levels of the organization. Strong analytical and problem-solving skills, with the ability to prioritize and manage multiple projects and tasks effectively. Experience working in a regulated industry (e.g., finance, healthcare, government) preferred. Knowledge of relevant regulations and standards (e.g., GDPR, HIPAA, ISO 27001:2022) and experience with compliance assessments and audits. If you believe that the future lies in innovation and have the ability to come up with ideas that are unconventional in the fintech space, you can apply to be a part of the OPL team.

Function: Technology Risk - 1 st Line of Defence Industry: Banking & Financial Services (Institutional / Non-Retail) Job Summary: Our Global banking client is seeking a dynamic and technically sound AVP Technology Risk Professional to join, 1st Line of Defence (1LOD) risk function within the Institutional Banking Technology domain. This role requires hands-on experience in IT Risk and Controls, Cybersecurity, and Information Security, with a strong foundation in control testing and monitoring. The ideal candidate will have worked in the banking sector, preferably in a foreign bank, supporting non-retail (institutional) business units and engaging directly with banking and tech regulators across multiple geographies. Please contact Krati Arora or email your cv directly in word format with job reference number: JOB 14995 to Please note that due to the high number of applications only shortlisted candidates will be contacted. If you do not hear from us in the next 5 business days, we regret to inform you that your application for this position was unsuccessful. Apply for this Job Key responsibilities Act as the 1st line owner of technology risk and controls within institutional banking. Conduct control testing and monitoring, ensuring alignment with internal policies and regulatory expectations. Identify, manage, and report non-financial risks; escalate and track risk issues and findings to closure. Collaborate with 2nd line risk and assurance functions to ensure holistic risk coverage. Participating in or lead governance forums and meetings, driving risk discussions with stakeholders. Ensure timely documentation and remediation of audit findings and issues. Maintain compliance with risk governance frameworks, providing evidence of effective control operation. Support teams across 19 geographies, adapting to diverse regulatory and risk environments. Role requirements 8-12 years of experience in IT risk, technology controls, or technology assurance in the BFSI sector. Solid understanding of technology risk frameworks, information security, and cybersecurity principles. Hands-on experience with control design and testing, issue management, and risk assessments. Exposure to working with or managing tech or banking regulatory requirements. Strong stakeholder management and communication skills to engage across levels and functions. Demonstrated ability to think end-to-end in risk processes. Experience working in or with foreign banks and familiarity with global banking regulations Certifications (Preferred but not mandatory): CISA / CISM / CRISC / CISSP / ISO 27001 / or any other relevant industry certifications. Mandatory Requirements: Prior experience in the banking sector (non-negotiable). Understanding of risk and control management in the 1st Line of Defence. Proven capability to manage technology risks in a complex, global banking environment.

Act as the 1st line owner of technology risk and controls within institutional banking. Conduct control testing and monitoring, ensuring alignment with internal policies and regulatory expectations. Identify, manage, and report non-financial risks; escalate and track risk issues and findings to closure. Collaborate with 2nd line risk and assurance functions to ensure holistic risk coverage. Participating in or lead governance forums and meetings, driving risk discussions with stakeholders. Ensure timely documentation and remediation of audit findings and issues. Maintain compliance with risk governance frameworks, providing evidence of effective control operation. Support teams across 19 geographies, adapting to diverse regulatory and risk environments. Role requirements 8-12 years of experience in IT risk, technology controls, or technology assurance in the BFSI sector. Solid understanding of technology risk frameworks, information security, and cybersecurity principles. Hands-on experience with control design and testing, issue management, and risk assessments. Exposure to working with or managing tech or banking regulatory requirements. Strong stakeholder management and communication skills to engage across levels and functions. Demonstrated ability to think end-to-end in risk processes. Experience working in or with foreign banks and familiarity with global banking regulations Certifications (Preferred but not mandatory): CISA / CISM / CRISC / CISSP / ISO 27001 / or any other relevant industry certifications. Mandatory Requirements: Prior experience in the banking sector (non-negotiable). Understanding of risk and control management in the 1st Line of Defence. Proven capability to manage technology risks in a complex, global banking environment.

Collaborate with U.S.-based teams to conduct internal audits, risk assessments, and ERM projects. Prepare internal audit planning and scoping documents. Gain a deep understanding of clients business objectives, operations, processes, systems, and internal controls. Plan, execute, and report on internal audit engagements, including co-sourced/outsourced internal audits, internal control assessments, and compliance testing. Review operational and administrative processes to evaluate internal controls, identify risks, and assess process effectiveness and efficiency. Support project managers in engagement management tasks including timelines, budgets, and reporting. Develop and execute internal audit work plans and control testing procedures. Analyze risk and control findings and develop clear, actionable recommendations. Deliver high-quality services aligned with engagement and client expectations. Prepare updated working documents and contribute to deliverables for management consideration. Perform other duties as assigned in support of engagement success. Skills Familiarity with internal control frameworks (e.g., COSO 2013) and professional auditing standards (e.g., IIA IPPF) Experience with data analytics or tools such as Power BI Advanced proficiency in Microsoft PowerPoint ability to independently develop executive-level, visually compelling presentations. Strong command of other Microsoft Office applications (Excel, Word); experience with Microsoft Visio is a plus. Exceptional communication, analytical, organizational, and project management skills Ability to manage multiple priorities and engagements in a fast-paced, collaborative environment. Relevant certifications (e.g., CIA, CPA, CISA, Six Sigma) are a plus but not required. Education / Professional Experience/ Qualifications Bachelor s degree in accounting, Finance, Information Technology, MIS, Business Intelligence, or a related field Minimum of 3 years of relevant experience in internal audit or enterprise risk management (ERM), ideally within the healthcare, technology, or retail sectors. Coso, Internal Audit, Erm

Responsible for assessing, challenging, and testing the design and operational effectiveness of controls using TRs control framework by working collaboratively with control owners and stakeholders to improve the control testing process, including defining re-test cycles and evidence expected. About the Role: In this opportunity as Compliance Program Technical Auditor, you willassess, challenge, and test the design and operational effectiveness of controls using TRs control framework by working collaboratively with control owners and stakeholders to improve the control testing process, including defining re-test cycles and evidence expected. Execute a testing plan by communicating requirements to control owners, reviewing evidence submitted, agreeing on deficiencies found and finalizing the next steps in meeting control requirements. Oversee and act as a liaison for both external and internal audits. Identify procedures and practices that are not compliant with industry Frameworks Recommend and support stakeholders making changes to address non-compliance issues. Compile reports on audit results and present them to managers & supervisors. Propose efficiencies and automation where possible to optimize workflow. Work closely with other teams like ERM, Finance, business and application owners, third party or contractors supporting processes to report and track remediation plans for any control deficiencies identified. Ensure awareness about security risks, best practices and policy/standard requirements are essential to ensure compliance. Work independently, act decisively and ensure personal deadlines and team requirements are met. Willingness and drive to learn continuously and approach change with openness. About You: You're a fit for the role of Senior Business Technology Analyst if your background includes: Bachelor's degree in IT, Accounting, Finance or equivalent education and experience. At least 4+ years of relevant work experience in SoX, ITGC, SOC, PCI within Audit, Big 5, consulting firms or as line 1a or line 1b completing IT-IS control testing or working within a Governance or Compliance function across Financial Services organizations. One of these certifications in order of preference is essential CISA, CISSP, CCAK, CISM, CRISC. Strong ethical principles and understanding of business and IS ethics. Awareness about common security vulnerabilities of web and cloud applications and operating techniques from sources such as SANS, OWASP Top 10 and Cloud Security Alliance (CSA). Experience in testing Cloud controls and related technologies will be an asset. Excellent oral and written communication skills in English. Additional expertise in French, Spanish or another language will be an asset. Knowledge about GRC platforms like ServiceNow, Process Unity, RSA Archer, MetricStream and like. #LI-HS1 Whats in it For You Hybrid Work Model Weve adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected. Flexibility & Work-Life Balance: Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset. This builds upon our flexible work arrangements, including work from anywhere for up to 8 weeks per year, empowering employees to achieve a better work-life balance. Career Development and Growth: By fostering a culture of continuous learning and skill development, we prepare our talent to tackle tomorrows challenges and deliver real-world solutions. Our Grow My Way programming and skills-first approach ensures you have the tools and knowledge to grow, lead, and thrive in an AI-enabled future. Industry Competitive Benefits We offer comprehensive benefit plans to include flexible vacation, two company-wide Mental Health Days off, access to the Headspace app, retirement savings, tuition reimbursement, employee incentive programs, and resources for mental, physical, and financial wellbeing. Culture: Globally recognized, award-winning reputation for inclusion and belonging, flexibility, work-life balance, and more. We live by our valuesObsess over our Customers, Compete to Win, Challenge (Y)our Thinking, Act Fast / Learn Fast, and Stronger Together. Social Impact Make an impact in your community with our Social Impact Institute. We offer employees two paid volunteer days off annually and opportunities to get involved with pro-bono consulting projects and Environmental, Social, and Governance (ESG) initiatives. Making a Real-World Impact: We are one of the few companies globally that helps its customers pursue justice, truth, and transparency. Together, with the professionals and institutions we serve, we help uphold the rule of law, turn the wheels of commerce, catch bad actors, report the facts, and provide trusted, unbiased information to people all over the world. Thomson Reuters informs the way forward by bringing together the trusted content and technology that people and organizations need to make the right decisions. We serve professionals across legal, tax, accounting, compliance, government, and media. Our products combine highly specialized software and insights to empower professionals with the data, intelligence, and solutions needed to make informed decisions, and to help institutions in their pursuit of justice, truth, and transparency. Reuters, part of Thomson Reuters, is a world leading provider of trusted journalism and news. We are powered by the talents of 26,000 employees across more than 70 countries, where everyone has a chance to contribute and grow professionally in flexible work environments. At a time when objectivity, accuracy, fairness, and transparency are under attack, we consider it our duty to pursue them. Sound excitingJoin us and help shape the industries that move society forward. As a global business, we rely on the unique backgrounds, perspectives, and experiences of all employees to deliver on our business goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. Thomson Reuters is proud to be an Equal Employment Opportunity Employer providing a drug-free workplace. We also make reasonable accommodations for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law. More information on requesting an accommodation here. Learn more on how to protect yourself from fraudulent job postings here. More information about Thomson Reuters can be found on thomsonreuters.com.

About the Role: Grade Level (for internal use): 09 The Role This position is an individual contributor within the Internal Audit team responsible for performing audit engagements including U.S. Sarbanes-Oxley (SOX) Compliance testing. This position will contribute significantly to SOX testing efforts and evaluating compliance with corporate policies, assessing risks over the IT operating environment and identifying operational efficiencies. The Impact The IT SOX Specialist will work closely with your direct manager and the process owners to gain an understanding of key processes, key controls, identify control gaps by strengthening and monitoring the internal control environment to provide assurance in the accuracy of reported financial information for a leading data provider worldwide. Whats in it for you You will interact with key process owners and colleagues across the Company. You will also be responsible for completing the audits and projects as outlined in the Internal Audit Plan and play a critical role in assessing the effectiveness of the control environment and providing value added recommendations across the organization. You will gain a robust understanding of the operations of all divisions and functions within the company. Ability to collaborate with a global team of seasoned financial services/audit professionals and access to the latest technological and data analytic tools Competitive compensation package with excellent benefits, including generous paid time off, tuition reimbursement, parental leave and more Advancement opportunities in a global company with presence in 30+ geographies The Team / The Business We have teams made up of people that work effectively together, while working with the larger group of auditors. Opportunities are presented every day to work with people from a wide variety of backgrounds and to develop a close team dynamic with coworkers from around the globe. The Internal Audit function is a global team with presence in all regions (Americas, EMEA and Asia Pacific). The function is independent and reports functioning to the Audit Committee. Responsibilities Lead and perform IT audits focused on compliance with Sarbanes-Oxley (SOX) regulations, ensuring that IT general controls and IT automated controls are effectively designed and operating. Develop, document, and execute test plans for IT controls, ensuring that they meet SOX requirements and are functioning as intended. Utilize GenAI, data analytics and automation tools to enhance audit processes, identify trends, and uncover anomalies in IT systems. Evaluate the SDLC processes to ensure proper controls are in place during system development, implementation, and maintenance. Stay updated on emerging IT risks and controls, including cloud computing, cybersecurity threats, and data privacy regulations. Participate in projects across the internal audit department, including risk-based audits and project assurance initiatives, to enhance overall audit effectiveness and efficiency. What Were Looking For You will be an effective communicator, in both verbal and written form, and an analytical thinker who employs logic and persuasion to influence with diplomacy and tact. You will be a proactive, innovative, collegial team player who can be accountable and absorb/integrate ideas from diverse views, create partnerships and collaborate with others. You will be nimble in learning and support the implementation of agile techniques. You will be responsible for balancing stakeholders and building/fostering relationships with stakeholders. You have a strong interest to learn, embrace agile auditing techniques, adoption of data analytics and emerging tools to strengthen quality of audit execution and SOX controls testing. Basic Qualifications: The ideal candidate must be an experienced audit professional with skills in IT SOX, internal audit, or related roles in control function organizations. Experience/exposure with different data analytics tools (such as Tableau, Alteryx, Power BI, etc.). Agility to support different Internal Audit capabilities such as business/data/IT auditing and SOX compliance. Minimum 3-5 years of relevant experience of IT controls-based testing through planning audits, conducting audit procedures, and preparing audit reports. Understanding and operational application of Sarbanes-Oxley Section 404 Public Accounting experience. Knowledge of or experience with providing audit support during integrated financial and operational audits. Knowledge or experience with information security controls. Experience with electronic work papers and standard productivity tools Bachelor's or Master's degree in Computer Science, Engineering, Information Technology, or a related field. Willing to travel (domestic and international), limited to 10 - 15% Professional certifications preferred but not required (CISA, CIA, CPA, etc.). #L1-RS2 Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----------------------------------------------------------- 203 - Entry Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), FINANC202.1 - Middle Professional Tier I (EEO Job Group)

JOB SUMMARY Senior associates are primarily responsible for hands-on project execution. Experienced senior associates have, or are working towards, specialization in one or more service lines and are assigned to projects accordingly. Senior associates are assigned to a specific service delivery principal that is responsible for supervising the associates career development. Additionally, senior associates daily activities are closely supervised by the management teams of their assigned projects. Senior associates may supervise associates and/or senior associates when serving as a member of a project management team. There is no typical day for our SOC teams. While our lead focus is on SOC examinations, our clients also rely on us to perform multiple types of attestations similar to SOC across a variety of network, application, or cloud environments. The benefit of being exposed to so many different situations is that you are constantly building your knowledge base and skill set while keeping up with the latest technologies. Our teams are mostly remote (yet extremely collaborative) and work together to utilize their unique backgrounds and experience to provide the high level of quality service that our clients have come to expect. In addition to the hands-on knowledge youll develop with each project, client also promotes a continuous learning environment. Team members are encouraged to attend at least one training event every year to build upon their skills and acquire new certifications. A Senior Associate will hold the following roles and responsibilities as part of their role: • Demonstrate proficiency in client's Methodology • Guide associates and peers • Obtain certifications (ISO LA, CISA, CISSP, AWS CCP, etc.) • Successfully run a project from fieldwork through completion • Understand and demonstrate ability to speak to client's service lines at a high level and their leaders • Demonstrate proficiency of SOC 1 GITCs and each Security, Availability, Processing Integrity, Confidentiality, and Privacy SOC 2 criteria • Demonstrate understanding of Principal Service Commitments and System Requirements and how they impact scope of a SOC 2 • Know all four report opinion outcomes and ability to draft modified opinions • Demonstrate ability to identify if exception(s) would potentially yield a qualified opinion • Demonstrate self-organization, consistently and proactively look ahead to future projects, and prepare accordingly • Client's Methodology o Read STMV quarterly, and demonstrate ability to apply concepts (sampling methodology, TA language structure, exception wording, etc.) o Review and demonstrate ability to apply concepts of AS 2.0 Reference Guide o Review and demonstrate ability to apply concepts of EWP WP Guidance” • Obtain CCSK and begin pursuing second certification (ISO 27001 LA, CISA, AWS CCP) • Understand and demonstrate ability to articulate differences between SOC 1 and SOC 2 • Participate on project as a shadow or assessor for attestation offerings such as HIPAA, AUP, C5, etc. • Begin understanding SOC 1 GITCs and each SOC 2 criteria for the Security, Availability, and Confidentiality categories • Ability to articulate qualified vs unqualified opinion; know all four types of opinions • Learn client's services and service line leaders • Adhere to and complete all matters included in the Associate Score Card • Accurately manage and report time worked to each project / initiative Essential Functions: • Complying with client's code of ethics and professional conduct, methodologies, policies, and procedures • Adhering to the professional and regulatory standards relevant to assigned service line specialization(s) • Promoting client's company culture and exemplifying client's values • Establishing high quality relationships and rapport with client personnel • Managing client expectations to ensure expectations are exceeded • Completing assigned duties in a timely manner and with a high attention to detail • Collaborating with fellow project team members in a productive and timely manner throughout the life cycle of each project • Adhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasks • Escalating issues internally in a proper and timely manner • Using discretion and decorum in the timing, form, and content of all client communications • Booking travel reservations in a timely manner and in accordance with client's travel and expense policies and procedures • Performing the essential functions of other service delivery positions when qualified and called upon to do so • Attending project kick-off and closing meetings • Executing assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicable • Drafting project deliverables • Serving as a contact for clients' basic questions regarding an engagement • Participating in recruiting and candidate interview activities • Training project team members • Acclimating newer team members to client • Contributing to client's practice development efforts • Developing an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s) • Contributing to client's thought leadership (e.g., articles, webinars, public speaking, etc.) Knowledge, Skills, and Abilities: • Working knowledge of client's services, methodology, and relevant professional standards • Requisite knowledge of applicable technology and security domains • High level of attention to detail and quality of work product • Client service oriented • Excellent time management, organizational, and verbal and written communication skills • Ability to work on-site or remotely as a valuable contributor to a collaborative team • Capable of simultaneously managing assigned tasks for multiple projects • Proficient using Microsoft Word, Excel, and PowerPoint, as well as client's service delivery applications • Full understanding and application of ethics, independence and client's values Education, Work Experience and Certifications • Bachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified • 2+ years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on ITGC or SOC controls • Ability to work well independently, within a team and with clients as well as travel ~40-50% (MTh) • Maintains (preferred) or working towards obtaining least one certification relevant to client's services (i.e. CPA, CCSK or CISA)

Roles and Responsibilities : Conduct code reviews to ensure adherence to coding standards, best practices, and industry regulations. Collaborate with development teams to identify and resolve defects, improving overall product quality. Develop and execute test plans, test cases, and test scripts for software applications using Java-based tools. Participate in the Software Development Life Cycle (SDLC) process by providing input on requirements gathering, design documentation, and implementation. Job Requirements : 7-15 years of experience in IT services & consulting with expertise in quality assurance/quality control testing. Strong understanding of CISA/CISSP certifications or equivalent knowledge of security frameworks. Proficiency in conducting code reviews using various programming languages such as Java.

Roles and Responsibilities: Take end-to-end ownership over advisory and validation of residual risk issues Lead and execute formal risk reviews and assessments Review and challenge risk exception requests Collaborate with internal stakeholders to ensure remediation dependencies are captured and managed Identify and act upon opportunities to improve Risk Governance processes Participate in global and regional governance committees Act as a role model for Risk Excellence Interface Regulator Exams (RBI/IFTAS/SEBI/NPCI) Identify/Assess/Manage Risks against LRR and internal policies, and Track them to closure through Issue Management Experience Required: Bachelor's degree in Information Technology, Risk Management, Audit, or related field Experience in Technology Risk & Control, Risk Assurance, IT Security or Technology Operations Ability to break complex problems down into manageable action plans Ability to effectively balance multiple tasks through careful prioritization Ability to work independently while sharing expertise with others Strong communication and stakeholders management skills Preferred Qualifications: A minimum of 5 years of experience in IT Risk, IT Audit, IT Security, Project Management or Technology Operations. Consulting experience is a plus. Evolving expertise in several of the following areas: financial services, information technology, information security, systems development, change / release management, access security and physical access controls and procedures Proven experience in risk assessment and measurement Proven experience in IT security remediation, implementation of technical safeguards and validation of automated controls Risk / Security Certification (CRISC, CISA, CISM, CISSP) Practical knowledge of risk analysis methodologies, frameworks, standards, and best practices (NIST, COBIT)

Key Responsibilities Assist in planning and scoping IT compliance and internal control assessments. Identify risk areas and develop internal control testing programs. Perform end-to-end IT compliance assessments, including evaluating effectiveness of risk and control frameworks. Test IT General Controls (ITGCs) across domains like change management, logical access, SDLC and IT operations. Assess IT Automated Controls across business functions such as payroll, inventory, and revenue. Document control walkthroughs using narratives and flowcharts. Develop, maintain, and present compliance workpapers and reports highlighting control deficiencies and recommendations. Collaborate with management to communicate findings and ensure timely remediation of audit issues. Support external audit activities by coordinating information requests and walkthroughs. Stay up to date with regulatory and industry developments in IT compliance and risk management. Engage in continuous improvement efforts to enhance the efficiency and effectiveness of compliance processes. Qualifications Bachelor's degree in Information Technology, Computer Science etc. Professional certification (or working towards) such as CISA, CRISC, CISSP, or CISM preferred. 710 years of experience in IT audit, compliance, or risk management; minimum 3-5 years in a Big 4 or similar professional services firm preferred . Strong understanding of IT infrastructure, applications, and enterprise systems. Knowledge of Sarbanes-Oxley (SOX), ITGCs, automated controls, and internal control principles. Experience with audit and compliance tools (e.g., eAudit, Auditboard, or equivalent). Ability to understand cross-functional business processes and their integration with IT systems. Strong interpersonal, communication, and report-writing skills. Able to work independently and collaboratively under tight deadlines. Demonstrated sound judgment, critical thinking, and attention to detail. Preferred Skills Hands-on experience in documenting business processes and identifying control gaps. Ability to present findings to senior stakeholders and recommend practical remediation steps. Familiarity with GRC platforms and data analytics tools. Understanding of global business practices and regulatory environments.

Dear Candidate, Greetings. We are hiring for the role of Biso Helius Technologies Hyderabad. Work mode – Work from office Project – Singlife Exp – 10 to 15 years Please find the below JD for your reference. Role: BISO Work Location: Hyderabad (ODC) Key Responsibilities Focuses on Core BISO activities: Conduct Information Security Business Impact Assessments (ISBIA) for Projects, Applications, and Third-Party Outsourcing arrangements, aligning with Singlife Standards. Collaborate with Technology and Business units to evaluate the impact of control deficiencies. Lead the implementation of IS standards at the business level, ensuring alignment of procedures and practices with established standards. Collaborate in creating Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) using appropriate tools. Engage with Security Incident Response Teams to guide the resolution and closure of incidents, offering proactive recommendations. Generate periodic IS risk management reports, highlighting critical issues and proposing corrective action plans. Ensure adherence to IS standards and best practices across diverse disciplines. Support the business during audit reviews and regulatory inspections related to IS matters. Maintain vigilant oversight of IS programs, encompassing programs, policies, and associated reporting within the business landscape. Collaborate with business units to rectify non-compliance in processes, applications, and outsourcing activities. 1. 2. Act as a Business Partner Regularly communicate and interact with Management and Employees, enhancing understanding of IS-related programs, policies, and standards. Leverage the ISO network to share resources, extract best practices, and enhance operational efficiency. Validate compliance with security controls within business contracts. Evaluate the alignment of IS processes with business needs, particularly concerning software and internet usage. Conduct Information and Cyber Security Awareness training to fortify organizational preparedness. Partner with application managers or the Technology Information Security Officer (TISO) to address specific technical requirements. Stay relevant to evolving cybersecurity regulations (MAS, CSA, GIA, LIA) to provide subject matter expert feedback. Assess the impact of new and updated regulations promptly by partnering with the ISO, Technology & Operations community. 3. Other Requirements Demonstrate skill in delivering compelling presentations and managing complex programs. Display exceptional aptitude in consulting, problem-solving, and analytical capabilities. Exhibit a proactive, assertive, service-oriented demeanour while effectively functioning as a cohesive team player. Demonstrate the ability to manage concurrent tasks and prioritize effectively, even in conflicting timelines. Key Decisions within the Role Be the gatekeeper of the IS business impact assessments (ISBIA) processes and ensure applications within Singlife adhere to IS standards. Team Direct and indirect accountability for Information Security Officers Requirements Experience Minimum 10 years of experience in Information security. In areas such as security governance, risk management, application security design, security project management or security operation. • Professional Certifications CISSP, CISM, CISA, SANS, Cloud would be preferred. Education Bachelor’s degree in IT, Engineering or equivalent Skill Matirx- Skill Candidate's self- assessment (Score 1-5) Primary: InfoSec experience Secondary: Risk/Governance/Assurance framework Experience in conducting Infosec Training Excellent Communication/Presentation skills Infosec Certifications Primary: Cybersecurity regulations Secondary: Creation of Risk Acceptance/Risk Exceptions/CAPs Monetary Authority of Singapore (MAS) regulations Awareness of Security Control . Compliance Security Audits . Please revert with update profile if you find it interesting. Feel free to reach out for any queries. Role & responsibilities Preferred candidate profile

We are seeking a highly motivated and detail-oriented IT Compliance Analyst to join our Risk & Compliance team. The ideal candidate will be responsible for performing comprehensive IT compliance assessments, testing IT general controls and IT Automated controls and ensuring the organization adheres to internal policies and external regulatory requirements, including Sarbanes-Oxley (SOX). This role plays a critical part in maintaining a strong internal control environment and driving process improvement across the organization. Key Responsibilities Assist in planning and scoping IT compliance and internal control assessments. Identify risk areas and develop internal control testing programs. Perform end-to-end IT compliance assessments, including evaluating effectiveness of risk and control frameworks. Test IT General Controls (ITGCs) across domains like change management, logical access, SDLC and IT operations. Assess IT Automated Controls across business functions such as payroll, inventory, and revenue. Document control walkthroughs using narratives and flowcharts. Develop, maintain, and present compliance workpapers and reports highlighting control deficiencies and recommendations. Collaborate with management to communicate findings and ensure timely remediation of audit issues. Support external audit activities by coordinating information requests and walkthroughs. Stay up to date with regulatory and industry developments in IT compliance and risk management. Engage in continuous improvement efforts to enhance the efficiency and effectiveness of compliance processes. Qualifications Bachelors degree in Information Technology, Computer Science etc. Professional certification (or working towards) such asCISA, CRISC, CISSP, or CISMpreferred. 7 -10 years of experience in IT audit, compliance, or risk management; minimum 3-5 years in a Big 4 or similar professional services firm preferred . Strong understanding of IT infrastructure, applications, and enterprise systems. Knowledge of Sarbanes-Oxley (SOX), ITGCs, automated controls, and internal control principles. Experience with audit and compliance tools (e.g., eAudit, Auditboard, or equivalent). Ability to understand cross-functional business processes and their integration with IT systems. Strong interpersonal, communication, and report-writing skills. Able to work independently and collaboratively under tight deadlines. Demonstrated sound judgment, critical thinking, and attention to detail.

The role of Auditor involves: • Conducting audits of Information Systems / Information Security covering process reviews, application control and functionality reviews, BCP and DR testing, and adherence to Regulations with respect to Information Systems / Infosec • Execution of planned audits by adhering to given schedules and ensuring adherence to audit / ISO processes & ICAI standards. Review of Compliances to Audit reports submitted by Auditee units. Ensuring follow up for closure of reports and files within prescribed timelines. Skills Conducting internal audits within stipulated time and submission of audit reports based on risk based audit norms. • Ensuring quality of audit report (depth & coverage) by focusing on root cause analysis and providing qualitative suggestions/recommendations for improvement of processes & mitigation of risk • Effective use of off-site audit reports (with special focus on data mining & analysis) for bringing out risks in the audit reports. • Conducting planned and unplanned audits and provide qualitative suggestions/recommendations for improvement of processes • Updating skill sets and knowledge through continuous readings, attending trainings • Ensuring timely follow up on closure of audit findings; checking the closure in line with the risk and recommendation; processing the closure of audit issues / reports as per the policy • Timely submission of information relating to audits conducted to internal and external stakeholders. Qualifications, technical skills and experience Base qualifications: • Graduates/CAs/MBA (Finance) with relevant certification such as CISA / CISM / CISSP / CIA 2-5 Years of Experience (Audit/ Banking / NBFC Domain preferred) • Experience in Information Systems / Infosec audits in the financial services (Banking, NBFC) industry Technical skill set for Information systems auditor. The auditor should have: • Solid base of computer skills in hardware and software • Knowledge of various operating systems • Knowledge of Databases • Hands on experience on Network Architecture • Knowledge of other IT infrastructure • Application controls and Interfaces • Knowledge on Computer Assisted Audit Techniques (CAATs) • Knowledge on Information security governance • Knowledge on Business Continuity and Disaster Recovery framework Role Proficiencies: • Demonstrate good understanding of IS/Infosec function audits • Knowledge of Business Applications used in Banking / NBFC industry • Understanding of statutory and regulatory requirements and policies • Working on the preparation of the Audit Calendar for the year basis the residual risk assessment and methodology defined in audit policy of the organisation. • Conducting specific audits basis plan or trigger based requirements. • Drafting of detailed audit reports with assessment details, preparation of supporting workpapers, clearly documenting the observations noted with implications and recommending corrective actions to auditee • Coordinating and supporting the companys Compliance team during RBI Audits and other external audits. • Good communication (both verbal & written) and inter-personal skills • Ability to work independently or as a part of team and contribute towards team goals • Planning the audit, developing clear and concise risk/control matrices and audit programs, and reporting • Demonstrate professionalism, competence and clarity of communication when dealing with the IT stakeholders • Demonstrate reasonable knowledge of the industry or sector and be aware of technical issues or audit risk

Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. IT Audit + SAP experience with knowledge of IT governance practicesPrior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (eg NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skillsKnowledge of security measures and auditing practices within various applications, operating systems, and databases Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalismPreferred Certifications - CISA/CISSP//CISMExposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantageProficiency with Microsoft Word, Excel, Visio, and other MS Office tools Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster Recovery Perform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk Control Matrix Perform business process walkthrough and controls testing for IT Audits Performing planning and executing audits, including - SOX, Internal Audits, External Audits Conducting controls assessment in manual/ automated environment Prepare/Review of Policies, Procedures, SOPs Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables Demonstrate a thorough understanding of complex information systems and apply it to client situations Use extensive knowledge of the clients business/industry to identify technological developments and evaluate impacts on the work to be performed Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project s progress Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status

Location: Thane What does a successful Internal Audit- IT professional do at FISERV? Efficiently conduct the audit projects as per The Institute of Internal Auditors standards and in accordance with Fiserv global Internal Audit framework and methodologies. What will you do: Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Planning, conducting walkthroughs, drafting process understanding and relevant controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Documenting and Reviewing Test of Designs and Test of Effectiveness controls. Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., Validations of audit issues. Conducting special reviews. What will you need to know: Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, drafting skills, communication, and interpersonal skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.) What would be great to have: Desired certifications: CISA / CISSP / CISM / CCNA certified professionals