728 Cisa Jobs - Page 15

KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. IT Audit + SAP experience with knowledge of IT governance practicesPrior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 AuditsGood to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.)Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodologyExposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantageStrong project management, communication (written and verbal) and presentation skillsKnowledge of security measures and auditing practices within various applications, operating systems, and databases.Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalismPreferred Certifications - CISA/CISSP//CISMExposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantageProficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal employment opportunity information: . Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster RecoveryPerform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk & Control Matrix. Perform business process walkthrough and controls testing for IT Audits.Performing planning and executing audits, including - SOX, Internal Audits, External AuditsConducting controls assessment in manual/ automated environmentPrepare/Review of Policies, Procedures, SOPsMaintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables.Demonstrate a thorough understanding of complex information systems and apply it to client situations. Use extensive knowledge of the clients business/industry to identify technological developments and evaluate impacts on the work to be performed.Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project s progress. Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables. Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status.

Grade FResponsible for delivering information security and risk activities for the specialism, using highly advanced technical capabilities to contribute to strategic development by defining and implementing processes and procedures, resolving complex, high-risk security issues, evaluating and amending solutions and developing trusted relationships that improve the knowledge and capability within the specialism. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security. Entity: Technology IT&S Group Job Description: You will work with This role connects digital security with C&P business teams, advising on cyber, compliance, risk management, data loss prevention and focusing on customer data risk. They strategically integrate cybersecurity into new initiatives and technology roadmaps and tactically support incident management. This role is a senior level leader reporting directly to the SVP of Digital Security and is part of the Digital Security Leadership Team. Let me tell you about the role As an Information Security Principal, you will collaborate across digital security and various business units. As the trusted cyber security advisor to the Customer and Products (C&P) business, you ll embed cyber security in everything we do from our customer interactions to our product offerings. You will align security controls with business objectives and regulatory requirements by executing our cyber security strategy to stated risk tolerances. This role requires a deep understanding of both cyber security, IT, and business operations across diverse markets, each with unique security challenges and regulatory landscapes. Youll lead a team of cyber experts and manage digital security across the portfolio. What you will deliver Business outcomes: Collaborate with business units to identify and address cyber security risks and vulnerabilities. Develop and implement security policies, procedures, and guidelines that align with business goals. Security Expertise: Provide technical expertise in Information Security, implementing operating processes and ensuring alignment to security standards across all activities including regulatory compliance. Incident Management: Coordinate incident response efforts and manage communication with affected business units. Team Leadership: Lead, coach, and develop a resilient team, aligning with Technology vision and strategy, fostering a culture of continuous improvement and career progression. Relationship Management: Act as the main point of contact for information security for your area of accountability, building strong partnerships and influencing positive change. Safety: Prioritize operational safety, enhancing digital security through architecture, designs, and processes. What you will need to be successful (experience and qualifications) Education: Tertiary level education or equivalent work experience. Certifications: Relevant certifications such as CISSP, CISM, or CISA are desirable. Experience: Significant experience in internal or external information security and risk roles Strong understanding of cyber security frameworks, standards, and best practices Significant experience in IT operational processes, delivery, and operations Experience working with customer-facing and regional businesses - such as aviation, retail and/or convenience and emerging markets Experience working in a large enterprise environment Technical knowledge in delivering security solutions and leading security processes Consistent track record in forming effective partnerships with the business and collaborative management Leadership and EQ: Experience working in globally distributed teams with ability to work asynchronously Effectively influence and act as change agent for the front line and leadership Cultivate positive team morale and empower team members Demonstrate strong leadership, uphold BPs code of conduct and values Promote a culture of change, agility, and open communication Stay up-to-date with the latest cyber security trends, threats, and technologies About bp bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people s lives. We are committed to creating a diverse and inclusive environment where everyone can thrive. Join bp and become part of the team building our future! We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Travel Requirement Negligible travel should be expected with this role Relocation Assistance: This role is eligible for relocation within country Remote Type: This position is a hybrid of office/remote working Skills:

Ericsson is seeking an experienced IAM Engineer with a strong background in Identity Management (IDM) and Public Key Infrastructure (PKI) to join our team in Noida or Bangalore. The ideal candidate will bring 8 to 15 years of hands-on experience in designing, implementing, and managing enterprise IAM solutions, ensuring secure and seamless identity lifecycle management and robust cryptographic security. Key Responsibilities: Design, implement, and support enterprise Identity and Access Management (IAM) solutions, focusing on IDM and PKI components. Manage identity lifecycle processes including provisioning, de-provisioning, authentication, authorization, and access governance. Deploy and maintain PKI infrastructure, including certificate lifecycle management, CA operations, and secure key management. Integrate IDM and PKI systems with various applications, cloud platforms, and network services. Collaborate with security teams to enforce access controls, policies, and compliance requirements. Troubleshoot and resolve IAM and PKI related incidents and performance issues. Develop automation scripts and tools to optimize IAM and PKI processes. Participate in security audits and assessments related to IAM and PKI. Document architecture, configurations, and operational procedures. Stay updated with emerging IAM and PKI technologies, trends, and best practices. Required Skills and Qualifications: Bachelor s or Master s degree in Computer Science, Information Technology, Cybersecurity, or related field. 8 to 15 years of experience in Identity and Access Management engineering roles. Strong hands-on experience with IDM platforms such as SailPoint, Oracle Identity Manager, IBM Security Identity Manager, or similar. Expertise in PKI technologies including CA management, certificate issuance, revocation, and integration with applications. Experience with directory services (LDAP, Active Directory) and federation technologies (SAML, OAuth, OpenID Connect). Proficiency in scripting languages (Python, Shell, PowerShell) for automation. Knowledge of security standards and compliance frameworks (ISO 27001, NIST, GDPR). Strong troubleshooting, problem-solving, and communication skills. Ability to work collaboratively in cross-functional and global teams. Preferred Qualifications: Certifications such as CISSP, CISA, CISM, or relevant IAM/PKI certifications. Experience in telecom or large-scale enterprise environments. Familiarity with cloud IAM solutions (Azure AD, AWS IAM) and hybrid identity architectures. Exposure to DevOps practices and CI/CD pipelines related to IAM deployments.

Ericsson is seeking an experienced GRC Specialist with 8 to 15 years of expertise in Governance, Risk, and Compliance to join our team in Noida or Bangalore. The ideal candidate will have a strong background in managing risk frameworks, compliance programs, and governance processes within large enterprises, preferably in telecom or IT sectors. Key Responsibilities: Develop, implement, and maintain governance, risk, and compliance frameworks aligned with global standards and Ericsson policies. Perform comprehensive risk assessments and compliance audits to identify gaps and recommend remediation actions. Ensure adherence to regulatory requirements such as ISO 27001, GDPR, NIST, COBIT, and ITIL. Manage and monitor compliance controls and policies to mitigate organizational risks. Collaborate with internal stakeholders and external auditors to facilitate audit readiness and compliance reporting. Drive continuous improvement initiatives for GRC processes and tools. Support incident response and business continuity planning from a GRC perspective. Lead awareness programs and training sessions on governance, risk, and compliance topics. Utilize and optimize GRC platforms (e.g., RSA Archer, MetricStream, ServiceNow GRC) for automated risk management and reporting. Required Skills and Qualifications: Bachelor s or Master s degree in Information Technology, Cybersecurity, Business Administration, or related field. 8 to 15 years of experience in Governance, Risk, and Compliance roles. In-depth knowledge of GRC frameworks and standards (ISO 27001, NIST, COBIT, GDPR, ITIL). Practical experience with GRC tools and platforms. Strong understanding of cybersecurity risk management and control frameworks. Excellent analytical, organizational, and communication skills. Ability to work collaboratively across teams and influence senior stakeholders. Relevant certifications such as CISA, CISM, CRISC, CISSP, or similar preferred. Preferred Qualifications: Experience in the telecommunications or IT industry. Knowledge of cloud security and compliance frameworks. Familiarity with data privacy regulations and telecom-specific compliance requirements. Why join Ericsson? What happens once you apply? Primary country and city: India (IN) || Noida Req ID: 768424

About this opportunity: Ericsson is seeking an experienced GRC Specialist with 8 to 15 years of expertise in Governance, Risk, and Compliance to join our team in Noida or Bangalore. The ideal candidate will have a strong background in managing risk frameworks, compliance programs, and governance processes within large enterprises, preferably in telecom or IT sectors. Key Responsibilities: Develop, implement, and maintain governance, risk, and compliance frameworks aligned with global standards and Ericsson policies. Perform comprehensive risk assessments and compliance audits to identify gaps and recommend remediation actions. Ensure adherence to regulatory requirements such as ISO 27001, GDPR, NIST, COBIT, and ITIL. Manage and monitor compliance controls and policies to mitigate organizational risks. Collaborate with internal stakeholders and external auditors to facilitate audit readiness and compliance reporting. Drive continuous improvement initiatives for GRC processes and tools. Support incident response and business continuity planning from a GRC perspective. Lead awareness programs and training sessions on governance, risk, and compliance topics. Utilize and optimize GRC platforms (e.g., RSA Archer, MetricStream, ServiceNow GRC) for automated risk management and reporting. Required Skills and Qualifications: Bachelor s or Master s degree in Information Technology, Cybersecurity, Business Administration, or related field. 8 to 15 years of experience in Governance, Risk, and Compliance roles. In-depth knowledge of GRC frameworks and standards (ISO 27001, NIST, COBIT, GDPR, ITIL). Practical experience with GRC tools and platforms. Strong understanding of cybersecurity risk management and control frameworks. Excellent analytical, organizational, and communication skills. Ability to work collaboratively across teams and influence senior stakeholders. Relevant certifications such as CISA, CISM, CRISC, CISSP, or similar preferred. Preferred Qualifications: Experience in the telecommunications or IT industry. Knowledge of cloud security and compliance frameworks. Familiarity with data privacy regulations and telecom-specific compliance requirements. Primary country and city: India (IN) || Noida Req ID: 768424

About this opportunity: Ericsson is seeking an experienced IAM Engineer with a strong background in Identity Management (IDM) and Public Key Infrastructure (PKI) to join our team in Noida or Bangalore. The ideal candidate will bring 8 to 15 years of hands-on experience in designing, implementing, and managing enterprise IAM solutions, ensuring secure and seamless identity lifecycle management and robust cryptographic security. Key Responsibilities: Design, implement, and support enterprise Identity and Access Management (IAM) solutions, focusing on IDM and PKI components. Manage identity lifecycle processes including provisioning, de-provisioning, authentication, authorization, and access governance. Deploy and maintain PKI infrastructure, including certificate lifecycle management, CA operations, and secure key management. Integrate IDM and PKI systems with various applications, cloud platforms, and network services. Collaborate with security teams to enforce access controls, policies, and compliance requirements. Troubleshoot and resolve IAM and PKI related incidents and performance issues. Develop automation scripts and tools to optimize IAM and PKI processes. Participate in security audits and assessments related to IAM and PKI. Document architecture, configurations, and operational procedures. Stay updated with emerging IAM and PKI technologies, trends, and best practices. Required Skills and Qualifications: Bachelor s or Master s degree in Computer Science, Information Technology, Cybersecurity, or related field. 8 to 15 years of experience in Identity and Access Management engineering roles. Strong hands-on experience with IDM platforms such as SailPoint, Oracle Identity Manager, IBM Security Identity Manager, or similar. Expertise in PKI technologies including CA management, certificate issuance, revocation, and integration with applications. Experience with directory services (LDAP, Active Directory) and federation technologies (SAML, OAuth, OpenID Connect). Proficiency in scripting languages (Python, Shell, PowerShell) for automation. Knowledge of security standards and compliance frameworks (ISO 27001, NIST, GDPR). Strong troubleshooting, problem-solving, and communication skills. Ability to work collaboratively in cross-functional and global teams. Preferred Qualifications: Certifications such as CISSP, CISA, CISM, or relevant IAM/PKI certifications. Experience in telecom or large-scale enterprise environments. Familiarity with cloud IAM solutions (Azure AD, AWS IAM) and hybrid identity architectures. Exposure to DevOps practices and CI/CD pipelines related to IAM deployments.

About the company At SBI Card, the motto Make Life Simple inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone. What s in it for YOU SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees Admirable work deserves to be rewarded. We have a well curated bouquet of rewards and recognition program for the employees Dynamic, Inclusive and Diverse team culture Gender Neutral Policy Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits Commitment to the overall development of an employee through comprehensive learning development framework Role Purpose This role helps to maintain and support for Software Governance Internal Audits Role Accountability Maintaining the APU Non- APU Dashboards SCD v 2. 0 Implementation Maintaining Inventories and Modules for SAM Maintaining decks for Audit and Security controls Supporting IT Audits- IS Audit, RCSA, Spot Audit, Vendor Management Documents Renewals for complete IT Audits Monitor all financial transactions and ensure they are recorded accurately. The controller is accountable for the integrity of financial data and reports. Ensure adherence to applicable laws and regulations Must report any non-compliance issues to senior management. Implement and maintain internal control systems to minimize risk and errors. The controllership must regularly evaluate the effectiveness of these controls. Ensure reports provide a truthful representation of the organization s financial position. Measures of Success Timely closure of all Open Items related to Software Governance Internal Audits Technical Skills / Experience / Certifications CISA Certification, PCI DSS Certification Proficiency in Power BI and Excel for maintaining dashboards Cybersecurity and Risk Management in IT Competencies critical to the role Good Technical and functional domain knowledge to front-end audits. Good interpersonal skills for better collaboration Strong Documentation Skills. Excellent analytical and problem-solving skills Good understanding of data privacy requirements Qualification Graduate in any discipline with a MBA from a reputed institute Preferred Industry Credit Cards, Financial Services

OT Cyber Security - AM - BLR / Noida Job : OT Cyber Security - AM - BLR / Noida Jobs in Bangalore (J49116)- Job in Bangalore OT Cyber Security - AM - BLR / Noida (Job Code : J49116) Job Summary OT Cyber Security - AM - BLR / Noida BE-Comp/IT, BE-Other, BTech-Comp/IT, BTech-Other, MBA, MCA Key Skills: Company Description Our Client in India is one of the leading providers of risk, financial services and business advisory, internal audit, corporate governance, and tax and regulatory services. Our Client was established in India in September 1993, and has rapidly built a significant competitive presence in the country. The firm operates from its offices in Mumbai, Pune, Delhi, Kolkata, Chennai, Bangalore, Hyderabad , Kochi, Chandigarh and Ahmedabad, and offers its clients a full range of services, including financial and business advisory, tax and regulatory. Our client has their client base of over 2700 companies. Their global approach to service delivery helps provide value-added services to clients. The firm serves leading information technology companies and has a strong presence in the financial services sector in India while serving a number of market leaders in other industry segments. Job Description Responsibilities: Participate or Lead engagements for ICS/OT Cyber Security Maturity Assessments, Transformations, Strategy Development, and Target Operating Model design Controls mapping between client s internal frameworks with an industry recognized framework Design solutions and corresponding Roadmap of activities for ICS/OT clients Prepare or support Business Proposals for various KPMG service offerings Understand clients requirements and identify relevant opportunities to better serve the client Present engagement case studies and KPMG approach in internal and external events Required Qualifications: A minimum of five years of experience in cyber security for Operational Technology environment Bachelor`s degree from an accredited college/university or equivalent experience Good understanding of general OT network topologies, Purdue Model, PLCs, SCADA systems, DCS, and OT specific communication protocols such as OPC, Modbus, IEC 60870, DNP3, etc. Working knowledge and deployment of IEC 62443, NIST 800-82, NIST CSF, and familiarity with NIS CAF and NERC CIP Hands-on experience in OT specific cyber security solutions such as Nozomi, Claroty, Splunk, etc. Strong oral and written communication skills. Solid understanding of the relevant industries production processes and operational procedures Cyber OT endpoint OS, Server OS, and embedded systems knowledge Knowledge of OT Capable SIEM, IPS/IDS, Patch Management, Asset Management, security events logging and monitoring technologies and platforms such as Nozomi, Claroty, Nextnine, Industrial defender, Splunk, ArcSight, QRadar, etc. Experience in deploying of unidirectional firewalls, host-based firewalls, Anti-Malware, HIDS in plant and operational environments Strong oral and written communication skills Desired Characteristics: Certifications in good standing such as: IEC 62443, CISSP, CISM, CISA, CEH, etc. Experience working in a consulting environment or with Big4 firms Demonstrated analytical and complex problem-solving skills Ability to work effectively in a team and across functions, partnering with other teams globally Very strong work ethic and ability to deal with confidential information Develop people through effective coaching and mentoring. Strong interpersonal skills.

Join us as a " CBP Global Regulatory Governance" at Barclays, where youll spearhead the evolution of our digital landscape, driving innovation and excellence. Youll harness cutting-edge technology to revolutionize our digital offerings, ensuring unapparelled customer experiences. To be a successful "CBP Global Regulatory Governance", you should have experience with (Mandatory) 1. Delivers against the agreed strategy for Technology and CSO regulatory, external audit and client engagement globally 2. Experience in managing Technology, Data Cyber Regulatory Engagements, and external audits. 3. Excellent knowledge of information technology risks, controls, and risk remediation. 4. Collaboration with various stakeholders across the bank and business units to improve overall control effectiveness through detailed documentation of control assessments, procedures, and findings. 5. Support management of Risk and Controls relating to Barclays policies, standards and key controls across security and technology. Some other highly valued skills may include (Mandatory): Review of Audit findings, self-identified issues, and breaches to align them with operational risk, regulatory requirements and Barclay s Control Framework. Advising IT on pragmatic approaches to meeting regulatory mandated technology controls and risk reduction. Strong experience on Data analytics/technologies and tools and visualization. Excellent communication, presentation, and interpersonal skills. Demonstrate sound behavioral skills - collaboration, stakeholder management. Desirable skills/Preferred Qualifications (Not mandatory): Relevant professional certification such as CISA, CISSP, CISM, PMP, CRISC or equivalent. You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills Location: Pune Purpose of the role To assess the integrity and effectiveness of the banks internal control framework to support the mitigation of risk and protection of the banks operational, financial, and reputational risk. Accountabilities Collaboration with various stakeholders across the bank and business units to improve overall control effectiveness through detailed documentation of control assessments, procedures, and findings. Identification and investigation of potential weaknesses and issues within internal controls to promote continuous improvement and risk mitigation aligned to the bank s control framework, prioritised by its severity to disrupt bank operations. Development of reports to communicate key findings from risk assessment including control weaknesses and recommendations to control owners, senior management, and other stakeholders. Execution of reviews to determine the effectiveness of the banks internal controls framework aligned to established and evolving policies, regulation, and best practice. Implementation of adherence to the Barclays Controls Framework and set appropriate methodology of assessing controls against the Controls Framework. Analyst Expectations Will have an impact on the work of related teams within the area. Partner with other functions and business areas. Takes responsibility for end results of a team s operational processing and activities. Escalate breaches of policies / procedure appropriately. Take responsibility for embedding new policies/ procedures adopted due to risk mitigation. Advise and influence decision making within own area of expertise. Take ownership for managing risk and strengthening controls in relation to the work you own or contribute to. Deliver your work and areas of responsibility in line with relevant rules, regulation and codes of conduct. Maintain and continually build an understanding of how own sub-function integrates with function, alongside knowledge of the organisations products, services and processes within the function. Demonstrate understanding of how areas coordinate and contribute to the achievement of the objectives of the organisation sub-function. Make evaluative judgements based on the analysis of factual information, paying attention to detail. Resolve problems by identifying and selecting solutions through the application of acquired technical experience and will be guided by precedents. Guide and persuade team members and communicate complex / sensitive information. Act as contact point for stakeholders outside of the immediate function, while building a network of contacts outside team and external to the organisation.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Solution Development Good to have skills : NAMinimum 15 year(s) of experience is required Educational Qualification : 15 years full time educationAs a Security Solution Architect (SA), candidate would be primarily responsible for solution architecture/presales effort on medium to large complexity or owns multiple components of large complex deals. Lead or work as Lead Solution Architect on complex deals. Independently and with little oversight can come up with the solution. Conduct the solution reviews with SMEs and the delivery approver. Attend calls with the client team to understand the requirement to bring value and differentiated solution. Roles & Responsibilities:Able to participate in requirements gathering, gathering data requirements, and assisting in the reconciliation of technical requirements.Prepare end to end solution including effort estimation & costing.Involved in preparing the client proposal & response. Develop statement of workPerforms reviews with the delivery leadership.Participation in the client Orals or presentations.Leads negotiations or develop business terms & conditions.Has led solution development for multiple deal types.Work with delivery leads for the approval of solution/efforts.Bring out technical differentiators and value in the solution.Active ownership or accountability in delivering the solution within the specified time frame.Should be good to work as individual contributor and good team player. When assigned responsibilities to lead the team, candidate should show leadership qualities to manage the team and get the work done. Professional & Technical Skills: Candidate must have been a Presales experience with maximum coverage around following GRC or Privacy or Strategy domains. Skill around domains like Risk & Compliance Advisory and Operation, Compliance Management, Security Strategy Frameworks, Risk and Compliance Strategic Advisory, Cyber Security Assessments, Security Architecture Advisory, NIST CSF, Data Privacy, Third Party Risk Assessment ISO 27001, SOX, GDPR, Risk Assessment Services and GRC automation platforms like Archer, ServiceNowInterpret customer needs and design appropriate GRC, eGRC, Cyber Security Strategy, Data Privacy Management solutions, experience in developing value-based customer proposal closely working with delivery and sales teams.Hands on delivery experience across these domains would be added advantage to utilize the experience while solutioning.Maintain current knowledge of applicable Risk and Data Privacy requirements and accreditation standards, and monitor changes in technology impacting privacy, risk, and compliance posture.Knowledge of leveraging innovation, automation, Gen Ai in GRC solutioning Work with delivery and capability team keep abreast with latest assets, offerings, solution accelerators to bring in value adds while solutioning.Overall knowledge of GRC, TPRM, Data Privacy tool stackPre-Sales knowledge on Non GRC Security domains will be an added advantage to work in cross functional deals.Flexibility on need basis in line with the nature the nature of SA Strong verbal and written communication are a must to be able to document and present complex topics and solutions.Strong interpersonal and problem-solving skillsStay informed about new products, services, technologies, and other information as required to deliver effective solutionsCISSP, CISM, CISA, CGRC Cloud Security knowledge and certification AWS, AzureISO 27k1, 22301, Privacy, Archer, ServiceNow GRC certifications Additional Information:Minimum 15- year full time educationThe candidate should have minimum 15 years of experience This position is based at our Gurugram office. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Solution Development Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time educationAs a Security Solution Architect (SA), candidate would be primarily responsible for solution architecture/presales effort on medium to large complexity or owns multiple components of large complex deals. Lead or work as Lead Solution Architect on complex deals. Independently and with little oversight can come up with the solution. Conduct the solution reviews with SMEs and the delivery approver. Attend calls with the client team to understand the requirement to bring value and differentiated solution. Roles & Responsibilities:Able to participate in requirements gathering, gathering data requirements, and assisting in the reconciliation of technical requirements.Prepare end to end solution including effort estimation & costing.Involved in preparing the client proposal & response. Develop statement of workPerforms reviews with the delivery leadership.Participation in the client Orals or presentations.Leads negotiations or develop business terms & conditions.Has led solution development for multiple deal types.Work with delivery leads for the approval of solution/efforts.Bring out technical differentiators and value in the solution.Active ownership or accountability in delivering the solution within the specified time frame.Should be good to work as individual contributor and good team player. When assigned responsibilities to lead the team, candidate should show leadership qualities to manage the team and get the work done. Professional & Technical Skills: Candidate must have been a Presales experience with maximum coverage around following GRC or Privacy or Strategy domains. Skill around domains like Risk & Compliance Advisory and Operation, Compliance Management, Security Strategy Frameworks, Risk and Compliance Strategic Advisory, Cyber Security Assessments, Security Architecture Advisory, NIST CSF, Data Privacy, Third Party Risk Assessment ISO 27001, SOX, GDPR, Risk Assessment Services and GRC automation platforms like Archer, ServiceNowInterpret customer needs and design appropriate GRC, eGRC, Cyber Security Strategy, & Data Privacy Management solutions, experience in developing value based customer proposal closely working with delivery and sales teams.Hands on delivery experience across these domains would be added advantage to utilize the experience while solutioning.Maintain current knowledge of applicable Risk and Data Privacy requirements and accreditation standards, and monitor changes in technology impacting privacy, risk, and compliance posture.Knowledge of leveraging innovation, automation, Gen Ai in GRC solutioning Work with delivery and capability team keep abreast with latest assets, offerings, solution accelerators to bring in value adds while solutioning.Overall knowledge of GRC, TPRM, Data Privacy tool stackPre-Sales knowledge on Non GRC Security domains will be an added advantage to work in cross functional deals.Flexibility on need basis in line with the nature the nature of SA Strong verbal and written communication are a must to be able to document and present complex topics and solutions.Strong interpersonal and problem-solving skillsStay informed about new products, services, technologies, and other information as required to deliver effective solutionsCISSP, CISM, CISA, CGRC Cloud Security knowledge and certification AWS, AzureISO 27k1, 22301, Privacy, Archer, ServiceNow GRC certifications Additional Information:Minimum 15 -year full time educationThe candidate should have minimum 12 years of experience This position is based at our Bengaluru office. Qualification 15 years full time education

Company Description Tesco Bengaluru: We are a multi-disciplinary team creating a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility, providing cutting-edge technological solutions and empowering our colleagues to do ever more for our customers. With cross-functional expertise in Global Business Services and Retail Technology & Engineering, a wide network of teams and strong governance we reduce complexity thereby offering high quality services for our customers. Tesco Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 4,40,000 colleagues. Tesco Technology consists of people from a number of different backgrounds, but having a common purpose to serve our shoppers a little better every day with our retail technological solutions. We shared a common interest in harnessing innovations in technology to enhance their shopping experience at Tesco stores. Whether making products, software or systems, our teams focuses on various aspects from taking strategic ownership of the architecture to delivering technological solutions such as design, testing, deployment, infrastructure, operation and security of the systems to ensure agile, smooth and safe operations. These help us to deliver the maximum business impact. Teams refine their internal processes to best fit their own needs, working to build core capabilities in application and services. We collaborate globally across teams to build end-to-end customer-facing solutions, as well as to share knowledge, experience, tools and techniques. At Tesco, inclusion means that Everyone?s Welcome. Everyone is treated fairly and with respect; by valuing individuality and uniqueness we create a sense of belonging. Diversity and inclusion have always been at the heart of Tesco. It is embedded in our values: we treat people how they want to be treated. We always want our colleagues to feel they can be themselves at work and we are committed to helping them be at their best. Across the Tesco group we are building an inclusive workplace, a place to actively celebrate the cultures, personalities and preferences of our colleagues ? who in turn help to build the success of our business and reflect the diversity of the communities we serve. Job Description - Carry out Cyber Risk and Assurance initiatives independently while ensuring quality and timely delivery. - Perform control testing using security frameworks to determine effectiveness of the control and provide recommendations. - Review adequacy of evidence provided by Technology teams as part of control assurance activities. - Define processes to collaborate with Security and Technology teams for remediation of identified system-level control gaps and work closely with them to ensure implementation cyber security safeguards to improve security posture across the organisation. - Identify; evaluate and monitor technology risks as part of Cyber Risk and Assurance programmes. - Review security exceptions raised by Technology teams to manage the risks associated. - Drive reporting across different Cyber Risk and Assurance initiatives; including reporting to Security Leadership and Cyber/Technology governance committees. - Identify; drive and implement opportunities for process improvement across various initiatives within the Cyber Risk and Assurance team. - Build strong relationships with the stakeholders and lead internal meetings with Technology and Business Process teams. Qualifications - 7 to 10 years cyber security experience - IT audit and/or IT risk management - Experience of assessing security controls across a variety of technologies and products; recommending improvements where necessary - Hands on Experience with different security frameworks and standards such as ISO 27001; NIST; CIS; PCI; (e.g. controls testing; gap assessments) - Critical thinking with strong attention to detail and good organisational skills - Strong written; verbal communication and presentation skills; working with all levels of seniority and disciplines within the organisation - Able to build solid working relationships with internal and external stakeholders - At least one professional qualification such as CISA; CISM; CRISC CISSP or equivalent Additional information Important Notice: On behalf of Tesco Bengaluru, we must caution all job seekers and educational institutions that Tesco Bengaluru does not authorise any third parties to release employment offers or conduct recruitment drives via a third party. Hence, beware of inauthentic and fraudulent job offers or recruitment drives from any individuals or websites purporting to represent Tesco. Further, Tesco Bengaluru does not charge any fee or other emoluments for any reason (including without limitation, visa fees) or seek compensation from educational institutions to participate in recruitment events. Accordingly, please check the authenticity of any such offers before acting on them and where acted upon, you do so at your own risk. Tesco Bengaluru shall neither be responsible for honouring or making good the promises made by fraudulent third parties, nor for any monetary or any other loss incurred by the aggrieved individual or educational institution. In the event that you come across any fraudulent activities in the name of Tesco Bengaluru, please feel free report the incident at recruitment_compliance_india@tesco.com Role & responsibilities Preferred candidate profile

Assist with SOX or Internal Audit testing (both Business + ITGC) for clients based in the United States. Conduct Audits in accordance with standards like ITGC common controls, SSAE 18, and SOX. Attend walkthroughs during control testing and assist Managers/ Supervisors by taking detailed notes and documenting control objectives in working papers. Perform audit activities, from walkthroughs to report preparation, related to ITGC common controls, SSAE-18, SOX, and SOC 1,2 3, and ensure timely deliverables. Partners and communicates with the US IT-aligned team regularly. Provide day-to-day support to IT Assurance or Advisory Managers/Supervisors to assist with the timely submission of audit deliverables. Managing other audit-related work/activities, such as SOC summaries and setting up and finalizing the Binder or shared space. Qualifications: 2-3 years of post-qualification experience within IT consulting, IT internal audit, IT compliance, and ITGC, ISO, SSAE, or SOX engagements. CISA certification is mandatory. Working knowledge of SOC (1,2 3) audits is a plus. Ability to perform IT audits independently. bility to synthesize all forms of research into clear, thoughtful, actionable deliverables. Ability to run multiple engagements simultaneously. Expected to work on-site at the office. A forward-thinking and hands-on approach Excellent written and verbal communication skills Prior experience working with US stakeholders is an added advantage. A desire to learn. Team Player Working from Office

Technical Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001 Soft Skills Good presentation and report writing skills is mandatory. Excellent communication skills and confident demeanor Experience of working with client stakeholders Good problem-solving skills. Specially for Managers Experience of writing proposal and responding to RFP’s Handling team of 4-5 people Profiles from consulting background to be preferred.

Assist with SOX or Internal Audit testing (both Business + ITGC) for clients based in the United States. Conduct Audits in accordance with standards like ITGC common controls, SSAE 18, and SOX. Attend walkthroughs during control testing and assist Managers/ Supervisors by taking detailed notes and documenting control objectives in working papers. Perform audit activities, from walkthroughs to report preparation, related to ITGC common controls, SSAE-18, SOX, and SOC 1,2 3, and ensure timely deliverables. Partners and communicates with the US IT-aligned team regularly. Provide day-to-day support to IT Assurance or Advisory Managers/Supervisors to assist with the timely submission of audit deliverables. Managing other audit-related work/activities, such as SOC summaries and setting up and finalizing the Binder or shared space. Qualifications: 2-3 years of post-qualification experience within IT consulting, IT internal audit, IT compliance, and ITGC, ISO, SSAE, or SOX engagements. CISA certification is mandatory. Working knowledge of SOC (1,2 3) audits is a plus. Ability to perform IT audits independently. bility to synthesize all forms of research into clear, thoughtful, actionable deliverables. Ability to run multiple engagements simultaneously. Expected to work on-site at the office. A forward-thinking and hands-on approach Excellent written and verbal communication skills Prior experience working with US stakeholders is an added advantage. A desire to learn. Team Player Working from Office

T he Area: Morningstar is a leading global provider of independent investment insights. Our core competencies are data, research, and design, and we employ each of these to create products that clearly convey complex investment information. Our mission is to empower investor success and everything we do at Morningstar is in the service of the investor. Reporting to the Audit Committee of the Board of Directors, the purpose of the Global Audit and Assurance (GAA) function is to strengthen Morningstar s ability to create, protect, and sustain value by providing the Company with organizationally independent, risk-based, and objective assurance and consulting services to evaluate and improve Morningstar s governance, risk management and control processes. The Role: Morningstar s GAA function seeks a highly motivated Senior Internal Auditor who thrives on new experiences and challenges. As a Senior Internal Auditor, you will play an integral role in evaluating the company s business and information technology processes and effectiveness of internal controls. You will have the opportunity to work on a variety of operational, compliance, financial, and information technology reviews as well as evaluate the effectiveness of internal controls over external financial reporting as part of the company s Sarbanes-Oxley Section 404 compliance activities. Based in Mumbai, the Senior Internal Auditor may be required to travel to a number of domestic and international locations in support of our annual internal audit plan. You will work closely with all levels of management across the organization, recommending changes to strengthen controls for increased efficiencies and reduced risks. The Senior Internal Auditor will have the opportunity to utilize and reference world-class audit tools and audit methodologies in the performance of his or her duties. Key Responsibilities Planning and execution of financial, operational, compliance; and information technology related reviews. Perform walkthroughs of complex business and information technology processes and test the design and effectiveness of internal controls. Execute audit procedures in accordance with audit objectives and document work in accordance with professional standards. Preparation of observations and recommendations for corrective action and documentation of work Effectively apply the COSO internal control framework, COBIT IT governance framework, IIA Global Internal Audit Standards and US GAAP accounting principles. Assist audit management with the execution of continuous risk assessment and audit plan development. Serve as an independent advisor and business partner with management. Requirements Action-oriented, self-starter with strong verbal and written communication skills. Comfortable working both independently or in teams and working within a complex environment. Ability to diagnose problems, determine root causes, and recommend solutions to complex challenges. Undergraduate degree in accounting, business, information technology, management information systems, or a related field. Minimum of 5 years of internal or external audit experience. Experience in working for a Big 4 or Tier-Two public accounting firm highly preferred. Experience in performing data analytics and using data extraction and analysis software Professional accreditation (e.g., CIA, CPA, CISA) highly preferred. Understanding of the technical aspects of accounting and financial reporting. Experience in performing multiple projects and working with varying team members. Flexibility/ adaptability to work a non-standard schedule as needed to accommodate various time zones where some process owners are located. Willingness to travel to domestic and international offices. Morningstar is an equal opportunity employer

Every career journey is personal. Thats why we empower you with the tools and support to create your own success story. Be challenged. Be heard. Be valued. Be you ... be here. Job Summary The Director, Cyber Security is be responsible for understanding the business model and organizational priorities, while leading, guiding and directing technical and business leaders in effort to ensure compliance to regulatory requirements, the protection of company information assets, and the continued maturation of the cyber security program. This position reports to the SVP, Chief Information Security Officer and works closely across Technology Operations, Privacy, Legal, Enterprise Risk Management, and the business. Essential Job Functions Oversee and advise on the continued development and management of the Cyber Security team s strategy and vision. Lead of a team of Cyber Security managers, along with their direct reports of various experience levels and bands. Hire and train new staff, conduct performance reviews and utilize subject matter expertise to guide and coach team members. - (35%) Demonstrate self-learning in gaining knowledge of new technical developments and ensure they are shared appropriately and applied within the department and across the organization. Identify and understand drivers for change and act as a champion and partner with other leaders to deliver those changes. - (5%) Collaborate with senior leaders on strategic and tactical information security plans for major system and application changes, ensuring standards are maintained and assets protected. Resolve conflicts and simplify complex concepts for effective communication. Serve as an enabling partner and take solution based approach. - (10%) Communicate goals and new programs effectively with other senior leaders within the organization. Produce presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools. - (10%) Lead the design and the implementation of key Technology projects and initiatives as they pertain to the organizations long-term security strategy. Identify areas of improvement where processes do not currently exist and drive the development and delivery of new processes to address these gaps. Ability to lead through ambiguity and deliver quality results. - (25%) Maintain appropriate internal processes and procedures to ensure operational effectiveness of the team. Oversee and lead the creation of and the maintenance of relevant documentation including run books, project updates, process documentation, architecture and technical requirements and presentations. Actively assist in managing departmental budget and costs. - (10%) Work with the Change Advisory Board (CAB) to identify and manage changes that will impact Information Security controls. Oversee, develop and deliver Key Performance Indicators (KPIs) through the understanding of the tools and deliverables by helping to develop, maintain and mature the associated reporting structure. - (5%) Minimum Qualifications Bachelor s Degree or equivalent experience in Computer Science or Information Technology One or more field related professional technical certifications (CISSP, CISA, CISM, Security+) or able to complete within 12 months 15+ years of progressive experience in Cyber Security including proven expertise in multiple disciplines (SOC, IAM, Cyber Engineering Architecture, Governance Regulatory Compliance, etc.) 7+ years direct leadership experience Preferred Qualifications Master s Degree in computer science or information technology Two or more field related professional technical certifications (CISSP, CISA, CISM, Security+) 15+ years of progressive experience in Cyber Security including proven expertise in multiple disciplines (SOC, IAM, Cyber Engineering Architecture, Governance Regulatory Compliance, etc.) 8+ years direct leadership experience Skills Cloud Architectures Amazon Web Services (AWS) Cybersecurity Cloud Security Identity and Access Management (IAM) NIST 800-53 NIST Cybersecurity Framework (CSF) PCI DSS Compliance Reports To : VP and above Direct Reports : 6 - 10 Work Environment Normal office environment, hybrid. Other Duties This job description is illustrative of the types of duties typically performed by this job. It is not intended to be an exhaustive listing of each and every essential function of the job. Because job content may change from time to time, the Company reserves the right to add and/or delete essential functions from this job at any time. About Bread Financial At Bread Financial, you ll have the opportunity to grow your career, give back to your community, and be part of our award-winning culture. We ve been consistently recognized as a best place to work nationally and in many markets and we re proud to promote an environment where you feel appreciated, accepted, valued, and fulfilled both personally and professionally. Bread Financial supports the overall wellness of our associates with a diverse suite of benefits and offers boundless opportunities for career development and non-traditional career progression. Bread Financial (NYSE: BFH) is a tech-forward financial services company that provides simple, personalized payment, lending, and saving solutions to millions of U.S consumers. Our payment solutions, including Bread Financial general purpose credit cards and savings products, empower our customers and their passions for a better life. Additionally, we deliver growth for some of the most recognized brands in travel entertainment, health beauty, jewelry and specialty apparel through our private label and co-brand credit cards and pay-over-time products providing choice and value to our shared customers. To learn more about Bread Financial, our global associates and our sustainability commitments, visit breadfinancial.com or follow us on Instagram and LinkedIn . All job offers are contingent upon successful completion of credit and background checks. Bread Financial is an Equal Opportunity Employer. Job Family: Information Technology Job Type: Regular

Job Description We are looking for an experienced Project Manager - Cybersecurity & Internal Audit to lead and coordinate audit-related projects with a focus on SOX compliance, IT controls, and Cybersecurity. This role requires strong project management capabilities, exceptional stakeholder management, and the ability to work seamlessly with cross-functional teams. The ideal candidate will possess deep knowledge of SOX IT control audits, cybersecurity risk frameworks, and have strong communication and coordination skills to drive successful audit engagements and ensure organizational compliance. Key Responsibilities: Manage and oversee internal audit projects, particularly focused on IT general controls, SOX compliance, and cybersecurity audits. Lead end-to-end project planning, including scope definition, resource allocation, timelines, issue tracking, and status reporting. Collaborate with internal audit, IT, Product & Engineering, Cybersecurity, Finance, and Business teams to ensure effective execution of audit plans and remediation activities. Coordinate SOX ITGC (IT General Controls) and process-level control testing, working with internal and external auditors as required. Facilitate the identification, assessment, and remediation of cybersecurity risks, ensuring alignment with frameworks such as NIST, ISO 27001, and COBIT. Develop and maintain stakeholder relationships to ensure transparency and alignment on audit priorities and expectations. Provide clear, concise project status updates to senior leadership and executive stakeholders. Drive continuous improvement in audit processes and control environments through feedback and lessons learned.. Qualifications Bachelor s degree in Information Systems, Business Administration, Accounting, Cybersecurity, or related field. 3 - 7 years of experience in project management,

Ericsson is seeking an experienced GRC Specialist with 8 to 15 years of expertise in Governance, Risk, and Compliance to join our team in Noida or Bangalore. The ideal candidate will have a strong background in managing risk frameworks, compliance programs, and governance processes within large enterprises, preferably in telecom or IT sectors. Key Responsibilities: Develop, implement, and maintain governance, risk, and compliance frameworks aligned with global standards and Ericsson policies. Perform comprehensive risk assessments and compliance audits to identify gaps and recommend remediation actions. Ensure adherence to regulatory requirements such as ISO 27001, GDPR, NIST, COBIT, and ITIL. Manage and monitor compliance controls and policies to mitigate organizational risks. Collaborate with internal stakeholders and external auditors to facilitate audit readiness and compliance reporting. Drive continuous improvement initiatives for GRC processes and tools. Support incident response and business continuity planning from a GRC perspective. Lead awareness programs and training sessions on governance, risk, and compliance topics. Utilize and optimize GRC platforms (e.g., RSA Archer, MetricStream, ServiceNow GRC) for automated risk management and reporting. Required Skills and Qualifications: Bachelors or Masters degree in Information Technology, Cybersecurity, Business Administration, or related field. 8 to 15 years of experience in Governance, Risk, and Compliance roles. In-depth knowledge of GRC frameworks and standards (ISO 27001, NIST, COBIT, GDPR, ITIL). Practical experience with GRC tools and platforms. Strong understanding of cybersecurity risk management and control frameworks. Excellent analytical, organizational, and communication skills. Ability to work collaboratively across teams and influence senior stakeholders. Relevant certifications such as CISA, CISM, CRISC, CISSP, or similar preferred. Connect with me over LinkedIn at : https://www.linkedin.com/in/nitin-tushir-abc0048/

Position Title: Compliance Monitor About the Role We are seeking a proactive and detail-oriented Compliance Monitor to join our Information Security. The role involves coordination with government agencies and stakeholders for sharing and receiving critical information related to cyber and information security incidents. The selected candidate will also be responsible for necessary preparations related to Management Incident Summary Forum (MISF) meetings and strategic communication summaries for the management. Additionally, the candidate will identify and work on initiatives to strengthen the organization s cyber and information security posture and ensure periodic communication of relevant updates to all stakeholders. This position is ideal for candidates with a strong understanding of compliance, cyber security frameworks, and stakeholder management. Key Responsibilities Coordination with Government Agencies: Act as a liaison with government agencies such as NCSCC, NCIIPC, CERT-IN, NTRO/DOT, and other relevant bodies. Share and receive critical information, advisories, and feeds related to cyber and information security incidents. Maintain a repository of communications and updates from government agencies for organizational reference. Incident Management and Reporting: Coordinate the formation of the Management Incident Summary Framework (MISF) for reported cyber and information security incidents. Prepare detailed management summaries of incidents for strategic communication and decision-making. Ensure timely and accurate reporting of incidents to relevant stakeholders and authorities. Cybersecurity Posture Strengthening: Identify key areas for improvement in the organization s cyber and information security posture. Collaborate with internal teams to implement measures that address identified gaps and enhance security. Monitor and evaluate the effectiveness of implemented measures and recommend further improvements. Periodic Stakeholder Communication: Prepare and disseminate periodic updates, advisories, and best practices related to cyber and information security to all stakeholders. Ensure stakeholders are informed about relevant trends, threats, and organizational measures. Foster a culture of cybersecurity awareness across the organization. Qualifications and Skills Education: Bachelor s degree in information technology, Computer Science, Cybersecurity, or a related field. Work Experience: 3-5 years of total experience, with at least 2 years in compliance, cyber security coordination, or a related field. Experience in liaising with government agencies or regulatory bodies is a strong advantage. Certifications (Preferred): ISO 27001 Lead Auditor/Implementer CISSP (Certified Information Systems Security Professional) / CISA (Certified Information Systems Auditor) / CRISC (Certified in Risk and Information Systems Control) or similar Technical Skills: Strong knowledge of cyber security frameworks, standards, and regulatory requirements. Understanding of IT infrastructure, networks, and security controls. Soft Skills: Excellent communication and interpersonal skills for effective coordination with government agencies and internal stakeholders. Strong analytical and problem-solving abilities. Attention to detail and ability to prepare concise and accurate reports. Proactive approach to identifying and addressing compliance and security issues.

Hi All, Immediate opening for Data Security Associate with our investment banking client. Location: Mumbai locals only. 5 days office mandated Experience: 8-10 years Budget: Open Competitive Market rate [always keep it low] Interview Mode: 1st Round -Virtual, 2nd/3rd -compulsory face to face, may have more than 3 rounds. JD: Required: 8-10 years of experience in Information Security or Data Protection. 3+ years of hands-on experience with Thales Cipher Trust Suite or similar tools (e.g., Vormetric, Voltage). Strong understanding of encryption key lifecycle management, tokenization, and data masking strategies. Experience integrating obfuscation tools into databases (Oracle, MSSQL, MySQL) and enterprise applications. Good scripting and automation skills (e.g., Python, Shell, Ansible) preferred. Familiarity with cloud security concepts and integration of obfuscation solutions with AWS, Azure, or GCP. Working knowledge of data discovery tools like BigID, and classification tools like Microsoft Purview (MIP) is a plus. Understanding of compliance drivers such as GDPR, HIPAA, SOX, and RBI regulations. Beneficial: Thales Certified Engineer / Architect - CipherTrust CISSP, CISA, CDPSE, or CIPT will be a bonus

Introduction We believe that every candidate brings something special to the table, including you! So, even if you feel that you re close but not an exact match, we encourage you to apply. We d be thrilled to receive applications from exceptional individuals like yourself. Gallagher, a global industry leader in insurance, risk management, and consulting services, boasts a team of over 50,000 professionals worldwide. Our culture, known as The Gallagher Way,is driven by shared values and a passion for excellence. At the heart of our global operations, the Gallagher Center of Excellence (GCoE) in India, founded in 2006, upholds the values of quality, innovation, and teamwork. With 10,000+ professionals across five India locations, GCoE is where knowledge-driven individuals make a significant impact and build rewarding, long-term careers. Overview As a team Manager you will participate in the planning, fieldwork, and reporting phases for allocated Sarbanes Oxley (SOX) IT audit assignments. This will involve designing the required tests for execution, performing the detailed testing, and vetting the potential findings with key business liaisons. How youll make an impact Working knowledge on IT General Controls (ITGC) and IT Automated Controls (ITAC) including detailed testing on Logical Access, Change Management, Backup Restoration, and Incident Management. Experience in validating Test of Design (TOD) and Test of Effectiveness (TOE). Basic understanding of professional audit standards, COSO, SOX, and risk assessment practices. Good interpersonal skills, including listening, verbal, written and presentation communication skills, with the ability to communicate effectively with a range of stakeholder. Strong critical thinking, analytical, and problem-solving skills with excellent attention to detail. Working knowledge in Microsoft applications. Participate in initiatives in a fast paced environment and comfortable implementing and assimilating to change. Good customer service focus and the ability to strike a balance between oversight and getting buy-in from the businesses. Execute on individual performance goals. Maintain knowledge of current information technology and auditing practices through continuing professional education. Highly motivated with ability to meet deadlines and ensure quality in every aspect of assigned work. Good organizational and project management skills. Ability to manage/balance multiple priorities. About you Advance degree or certification (e.g. CISA), preferably in information technology or related field. Bachelor s degree, preferably in information technology or related field. Minimum total of 5 years in SOX ITGC Experience Minimum of two years of work experience direct end to end Team Management. (i.e. they should have direct reportees wherein they are involved in end to end management of review cycle, performance management etc.) Years of experience: 5 + (candidates with 5+ years of experience in SOX ITGC and minimum 2 years of experience in end to end team management experience) Must haves: C ISA Certified Minimum 5 years of experience in SOX ITGC Minimum 2 years e nd to e nd Team Management (should be involved in performance management, review cycle, appraisal cycle etc.) Additional Information We value inclusion and diversity Inclusion and diversity (ID) is a core part of our business, and it s embedded into the fabric of our organization. For more than 95 years, Gallagher has led with a commitment to sustainability and to support the commu nities where we live and work. Gallagher embraces our employees diverse identities, experiences and talents, allowing us to better serve our clients and communities. We see inclusion as a conscious commitment and diversity as a vital strength. By embracing diversity in all its forms, we live out Th e Gallagher Way to its fullest. Gallagher believes that all persons are entitled to equal employment opportunity and prohibits any form of discrimination by its managers, employees, vendors or customers based on race, color , religion, creed, gender (including pregnancy status), sexual orientation, gender identity (which includes transgender and other gender non-conforming individuals), gender expression, hair expression, marital status, parental status, age, national origin, ancestry, disability, medical condition, genetic information, veteran or military status, citizenship status, or any other characteristic protected (herein referred to as protected characteristics ) by applicable federal, state, or local laws. Equal employment opportunity will be extended in all aspects of the employer-employee relationship, including, but not limited to, recruitment, hiring, training, promotion, transfer, demotion, compensation, benefits, layoff, and termination. In addition, Gallagher will make reasonable accommodations to known physical or mental limitations of an otherwise qualified person with a disability, unless the accommodation would impose an undue hardship on the operation of our business. ","

Dear Candidate, We are hiring an IT Security Engineer to protect the organizations infrastructure and data by designing, implementing, and maintaining security tools and controls. Key Responsibilities: Design and deploy security solutions (firewalls, IDS/IPS, SIEM, EDR). Monitor threats, perform vulnerability assessments, and patch systems. Develop and enforce access controls, encryption, and compliance policies. Support incident response and forensic investigations. Conduct security awareness training and audits. Required Skills & Qualifications: Deep knowledge of cybersecurity principles and practices. Hands-on experience with security tools (e.g., Splunk, CrowdStrike, Palo Alto). Familiarity with regulatory frameworks (ISO 27001, NIST, GDPR). Scripting or automation experience (Python, PowerShell). Security certifications (e.g., CISSP, CEH, OSCP) preferred. Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Hi, We are having an opening for Lead Audit & Compliance Specialist -IT at our Mumbai location. Job Summary : The Lead Audit & Compliance Specialist plays a strategic and hands-on role in managing IT audits, compliance requirements, and risk mitigation initiatives across Sun Pharma's global IT landscape. This role is responsible for planning, coordinating, and executing internal and external IT audits, ensuring adherence to global compliance standards including SOX, GxP, and other regulatory frameworks. The incumbent will work across functions and geographies to embed a culture of compliance, maintain audit readiness, and strengthen IT governance. Key Responsibilities: Audit Lifecycle Management Lead and coordinate global IT audits, including preparation, evidence gathering, walkthroughs, and response submission. Manage the end-to-end lifecycle of audit findings, including tracking, remediation, and closure validation. Compliance & Regulatory Adherence Ensure IT compliance with GxP, SOX, ISO, and other applicable frameworks across infrastructure and service domains. Collaborate with internal stakeholders to implement global policies and ensure readiness for inspections. Documentation & Governance Maintain comprehensive documentation for IT controls, SOPs, risk registers, and mitigation actions. Establish audit dashboards and maintain compliance scorecards by geography and function. Internal Awareness & Training Drive audit and compliance awareness across IT teams through workshops, readiness drills, and role-based training. Continuous Improvement Identify compliance gaps and propose process enhancements or automation opportunities to reduce risk exposure. Specialized Knowledge Requirements Strong understanding of global regulatory standards including SOX, GxP, and ISO 27001 Experience with IT general controls (ITGC), audit frameworks, and risk management tools (e.g., Archer, ServiceNow GRC) Familiarity with ITSM/ITIL processes and audit mapping across Change, Incident, Problem, and Asset Management Exposure to Pharma or highly regulated industries is preferred Internal Stakeholders and Nature of Interaction CIO / Head of IT Service Assurance: Strategic guidance, audit governance, and risk updates Service Assurance, Infra, Cloud, and Application Leads: Evidence coordination, control implementation, RCA collaboration ITBPs, PMO, and HR Compliance: Policy alignment, audit readiness training, and data consistency External Stakeholders and Nature of Interaction Internal & External Auditors: Direct interaction during audit planning, walkthroughs, and evidence presentation Regulatory Inspectors: Respond to inspection findings and ensure documentation and controls are validated Consultants / Third-party Advisors: Best practices adoption, controls benchmarking, and co-sourcing guidance External Interaction % Approximately 3040% of role involves active engagement with auditors, regulatory bodies, and external advisors Nature of Communication Highly structured communication involving formal documentation, audit reports, control narratives, and risk dashboards Strategic presentation of findings to senior leadership and external stakeholders Tactical and operational interactions across teams to ensure data accuracy and audit response readiness Role Played in Negotiations Key influencer in discussions around audit scoping, remediation timelines, and closure sign-off Collaborates with Legal and Compliance teams on the language and commitments in control response narratives Key Decision-Making Expected Assessment of audit risk severity and prioritization of remediation actions Selection and implementation of compliance tools or frameworks for specific geographies or domains Recommendation of policy updates based on new or evolving regulatory standards Key Challenges for the Role Managing diverse compliance obligations across multiple jurisdictions Ensuring consistent and timely audit responses across distributed IT teams Driving cultural shift toward proactive compliance ownership Addressing historical non-compliance in legacy systems Extent and Nature of Innovation Required for the Role High degree of innovation required in designing automation for compliance workflows, dashboards, and evidence management Leveraging analytics to detect non-compliance trends and trigger preventive controls Enhancing audit readiness using AI-enabled documentation checks and control testing tools Job Requirements Educational Qualification: Master's in Information Technology, Risk Management, or related field Certifications: CISA, CRISC, or equivalent certifications are preferred ITIL and GRC platform certification (ServiceNow, Archer, etc.) Skills: Risk-based audit planning and control design Cross-functional collaboration and stakeholder management Tools-based audit management and compliance analytics Experience : 12-15+ years of experience in IT audit, risk, and compliance roles. Exposure to global audit environments and regulated industries (pharma/healthcare preferred)

Role & responsibilities Lead planning, fieldwork, and reporting phases for assigned SOX ITGC audit engagements. Design and execute detailed testing for IT General Controls and Automated Controls. Validate Test of Design (ToD) and Test of Effectiveness (ToE) for key control areas including Logical Access, Change Management, Backup & Restoration, and Incident Management. Manage and mentor a team, taking full responsibility for performance reviews, appraisals, and goal setting. Ensure audit documentation meets professional standards and internal quality benchmarks. Preferred candidate profile: CISA certification is a must. Bachelors or advanced degree in Information Technology or a related field. Minimum 5 years of experience in SOX ITGC audits. At least 2 years of hands-on team management experience, including appraisal and performance management. Strong knowledge of IT General and Automated Controls. Proficiency in validating ToD/ToE documentation. If you feel this opportunity is well aligned with your career progression plans, please feel free to reach me with your updated profile at rimjhim.sharma@crescendogroup.in