732 Cisa Jobs - Page 16

Introduction We believe that every candidate brings something special to the table, including you! So, even if you feel that you re close but not an exact match, we encourage you to apply. We d be thrilled to receive applications from exceptional individuals like yourself. Gallagher, a global industry leader in insurance, risk management, and consulting services, boasts a team of over 50,000 professionals worldwide. Our culture, known as The Gallagher Way,is driven by shared values and a passion for excellence. At the heart of our global operations, the Gallagher Center of Excellence (GCoE) in India, founded in 2006, upholds the values of quality, innovation, and teamwork. With 10,000+ professionals across five India locations, GCoE is where knowledge-driven individuals make a significant impact and build rewarding, long-term careers. Overview As a team Manager you will participate in the planning, fieldwork, and reporting phases for allocated Sarbanes Oxley (SOX) IT audit assignments. This will involve designing the required tests for execution, performing the detailed testing, and vetting the potential findings with key business liaisons. How youll make an impact Working knowledge on IT General Controls (ITGC) and IT Automated Controls (ITAC) including detailed testing on Logical Access, Change Management, Backup Restoration, and Incident Management. Experience in validating Test of Design (TOD) and Test of Effectiveness (TOE). Basic understanding of professional audit standards, COSO, SOX, and risk assessment practices. Good interpersonal skills, including listening, verbal, written and presentation communication skills, with the ability to communicate effectively with a range of stakeholder. Strong critical thinking, analytical, and problem-solving skills with excellent attention to detail. Working knowledge in Microsoft applications. Participate in initiatives in a fast paced environment and comfortable implementing and assimilating to change. Good customer service focus and the ability to strike a balance between oversight and getting buy-in from the businesses. Execute on individual performance goals. Maintain knowledge of current information technology and auditing practices through continuing professional education. Highly motivated with ability to meet deadlines and ensure quality in every aspect of assigned work. Good organizational and project management skills. Ability to manage/balance multiple priorities. About you Advance degree or certification (e.g. CISA), preferably in information technology or related field. Bachelor s degree, preferably in information technology or related field. Minimum total of 5 years in SOX ITGC Experience Minimum of two years of work experience direct end to end Team Management. (i.e. they should have direct reportees wherein they are involved in end to end management of review cycle, performance management etc.) Years of experience: 5 + (candidates with 5+ years of experience in SOX ITGC and minimum 2 years of experience in end to end team management experience) Must haves: C ISA Certified Minimum 5 years of experience in SOX ITGC Minimum 2 years e nd to e nd Team Management (should be involved in performance management, review cycle, appraisal cycle etc.) Additional Information We value inclusion and diversity Inclusion and diversity (ID) is a core part of our business, and it s embedded into the fabric of our organization. For more than 95 years, Gallagher has led with a commitment to sustainability and to support the commu nities where we live and work. Gallagher embraces our employees diverse identities, experiences and talents, allowing us to better serve our clients and communities. We see inclusion as a conscious commitment and diversity as a vital strength. By embracing diversity in all its forms, we live out Th e Gallagher Way to its fullest. Gallagher believes that all persons are entitled to equal employment opportunity and prohibits any form of discrimination by its managers, employees, vendors or customers based on race, color , religion, creed, gender (including pregnancy status), sexual orientation, gender identity (which includes transgender and other gender non-conforming individuals), gender expression, hair expression, marital status, parental status, age, national origin, ancestry, disability, medical condition, genetic information, veteran or military status, citizenship status, or any other characteristic protected (herein referred to as protected characteristics ) by applicable federal, state, or local laws. Equal employment opportunity will be extended in all aspects of the employer-employee relationship, including, but not limited to, recruitment, hiring, training, promotion, transfer, demotion, compensation, benefits, layoff, and termination. In addition, Gallagher will make reasonable accommodations to known physical or mental limitations of an otherwise qualified person with a disability, unless the accommodation would impose an undue hardship on the operation of our business. ","

Dear Candidate, We are hiring an IT Security Engineer to protect the organizations infrastructure and data by designing, implementing, and maintaining security tools and controls. Key Responsibilities: Design and deploy security solutions (firewalls, IDS/IPS, SIEM, EDR). Monitor threats, perform vulnerability assessments, and patch systems. Develop and enforce access controls, encryption, and compliance policies. Support incident response and forensic investigations. Conduct security awareness training and audits. Required Skills & Qualifications: Deep knowledge of cybersecurity principles and practices. Hands-on experience with security tools (e.g., Splunk, CrowdStrike, Palo Alto). Familiarity with regulatory frameworks (ISO 27001, NIST, GDPR). Scripting or automation experience (Python, PowerShell). Security certifications (e.g., CISSP, CEH, OSCP) preferred. Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Hi, We are having an opening for Lead Audit & Compliance Specialist -IT at our Mumbai location. Job Summary : The Lead Audit & Compliance Specialist plays a strategic and hands-on role in managing IT audits, compliance requirements, and risk mitigation initiatives across Sun Pharma's global IT landscape. This role is responsible for planning, coordinating, and executing internal and external IT audits, ensuring adherence to global compliance standards including SOX, GxP, and other regulatory frameworks. The incumbent will work across functions and geographies to embed a culture of compliance, maintain audit readiness, and strengthen IT governance. Key Responsibilities: Audit Lifecycle Management Lead and coordinate global IT audits, including preparation, evidence gathering, walkthroughs, and response submission. Manage the end-to-end lifecycle of audit findings, including tracking, remediation, and closure validation. Compliance & Regulatory Adherence Ensure IT compliance with GxP, SOX, ISO, and other applicable frameworks across infrastructure and service domains. Collaborate with internal stakeholders to implement global policies and ensure readiness for inspections. Documentation & Governance Maintain comprehensive documentation for IT controls, SOPs, risk registers, and mitigation actions. Establish audit dashboards and maintain compliance scorecards by geography and function. Internal Awareness & Training Drive audit and compliance awareness across IT teams through workshops, readiness drills, and role-based training. Continuous Improvement Identify compliance gaps and propose process enhancements or automation opportunities to reduce risk exposure. Specialized Knowledge Requirements Strong understanding of global regulatory standards including SOX, GxP, and ISO 27001 Experience with IT general controls (ITGC), audit frameworks, and risk management tools (e.g., Archer, ServiceNow GRC) Familiarity with ITSM/ITIL processes and audit mapping across Change, Incident, Problem, and Asset Management Exposure to Pharma or highly regulated industries is preferred Internal Stakeholders and Nature of Interaction CIO / Head of IT Service Assurance: Strategic guidance, audit governance, and risk updates Service Assurance, Infra, Cloud, and Application Leads: Evidence coordination, control implementation, RCA collaboration ITBPs, PMO, and HR Compliance: Policy alignment, audit readiness training, and data consistency External Stakeholders and Nature of Interaction Internal & External Auditors: Direct interaction during audit planning, walkthroughs, and evidence presentation Regulatory Inspectors: Respond to inspection findings and ensure documentation and controls are validated Consultants / Third-party Advisors: Best practices adoption, controls benchmarking, and co-sourcing guidance External Interaction % Approximately 3040% of role involves active engagement with auditors, regulatory bodies, and external advisors Nature of Communication Highly structured communication involving formal documentation, audit reports, control narratives, and risk dashboards Strategic presentation of findings to senior leadership and external stakeholders Tactical and operational interactions across teams to ensure data accuracy and audit response readiness Role Played in Negotiations Key influencer in discussions around audit scoping, remediation timelines, and closure sign-off Collaborates with Legal and Compliance teams on the language and commitments in control response narratives Key Decision-Making Expected Assessment of audit risk severity and prioritization of remediation actions Selection and implementation of compliance tools or frameworks for specific geographies or domains Recommendation of policy updates based on new or evolving regulatory standards Key Challenges for the Role Managing diverse compliance obligations across multiple jurisdictions Ensuring consistent and timely audit responses across distributed IT teams Driving cultural shift toward proactive compliance ownership Addressing historical non-compliance in legacy systems Extent and Nature of Innovation Required for the Role High degree of innovation required in designing automation for compliance workflows, dashboards, and evidence management Leveraging analytics to detect non-compliance trends and trigger preventive controls Enhancing audit readiness using AI-enabled documentation checks and control testing tools Job Requirements Educational Qualification: Master's in Information Technology, Risk Management, or related field Certifications: CISA, CRISC, or equivalent certifications are preferred ITIL and GRC platform certification (ServiceNow, Archer, etc.) Skills: Risk-based audit planning and control design Cross-functional collaboration and stakeholder management Tools-based audit management and compliance analytics Experience : 12-15+ years of experience in IT audit, risk, and compliance roles. Exposure to global audit environments and regulated industries (pharma/healthcare preferred)

Role & responsibilities Lead planning, fieldwork, and reporting phases for assigned SOX ITGC audit engagements. Design and execute detailed testing for IT General Controls and Automated Controls. Validate Test of Design (ToD) and Test of Effectiveness (ToE) for key control areas including Logical Access, Change Management, Backup & Restoration, and Incident Management. Manage and mentor a team, taking full responsibility for performance reviews, appraisals, and goal setting. Ensure audit documentation meets professional standards and internal quality benchmarks. Preferred candidate profile: CISA certification is a must. Bachelors or advanced degree in Information Technology or a related field. Minimum 5 years of experience in SOX ITGC audits. At least 2 years of hands-on team management experience, including appraisal and performance management. Strong knowledge of IT General and Automated Controls. Proficiency in validating ToD/ToE documentation. If you feel this opportunity is well aligned with your career progression plans, please feel free to reach me with your updated profile at rimjhim.sharma@crescendogroup.in

TransUnions Job Applicant Privacy Notice What Well Bring: TransUnion works with businesses and consumers to gather, analyze, and deliver critical information needed to build strong economies around the world. Protection of that information is critical to our customers and business. As part of our 2020 transformation journey, we became Global Audit & Advisory (GAA), formerly Internal Audit. As a Specialist III you will be part of the GAA team and be responsible for conducting Cybersecurity and IT audit engagements throughout the organization that support business objectives, best practices, and regulatory requirements. The incumbent will be responsible for the planning, execution, reporting, and follow-up on all audit engagements by participating on an audit team or at times independently leading engagements under the direction of GAA Management. This position will report directly to the Senior Lead and will work closely with other GAA Team Associates on key projects and initiatives as well as coordinate closely with our external auditors. The Global Audit & Advisory team is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of TU. GAA assists the organization in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organizations risk management, control and governance processes. GAA collaborates with the Business Units, Functional leadership and their Associates in developing strong, professional and independent relationships to ensure a comprehensive understanding of the business to enable value added recommendations that improve efficiency and effectiveness. What Youll Bring: Perform detailed examinations of cybersecurity and IT practices and controls throughout the organization using an established assessment process and framework. The essential duties are as follows: Independently perform Information technology (IT) security reviews. Initiate, scope, plan, research and conduct IT controls assessments and audits. Lead and coordinate with process owners to initiate, scope, plan, and execute periodic controls assessments as part of the internal audit function, focusing on identifying risks by evaluating the design and operating effectiveness of internal controls. Actively support security audit initiatives by aligning audit procedures with cybersecurity frameworks (e. g. , NIST, ISO 27001 etc. ), conducting control walkthroughs, testing IT security and IT general and application controls, and assessing compliance with internal security policies. Document the results of audit procedures performed that support the conclusions reached. Prepare audit reports based on the adequacy and effectiveness of controls evaluated. Support external audits and regulatory examinations as needed. Analyze information security areas including ( but not limited to these ) governance and risk management, access and password controls, cloud security, cybersecurity, physical security, system security architecture and design, BCP and Disaster Recovery, network security, application and operations security, Incident Management, data migrations and system implementations etc. Lead engagement and communicate issues to process owners, ensuring understanding of risks and actions needed to remediate risks and subsequently track remediation activities. Cross train members of the Global Audit Team, including new hires and mentor junior IT staff. Continuously monitor emerging security trends and evolving threat landscapes through ongoing research and professional development. Insights gained are integrated into the audit universe to ensure risk assessments and audit planning remain current and aligned with the organization s security posture. Perform risk assessments and assist in the development of the annual audit plan. Participate in departmental initiatives, administrative matters, and special projects. Assist with other audit engagements as needed to broaden exposure across various risk areas and support the timely execution of the overall audit plan. Impact Youll Make: What You Will Bring: 6 - 10 years of experience in an IT/Security Audit and Assessment, or Information Security Technical, Management and/or Governance role. Bachelor s or Master s degree in computer science/information technology, management information systems or related field. Industry certification such as CISSP, CISA, CISM, CEH and/or CIA required. Experience with Cloud Security audits (AWS, Azure, GCP). Knowledge of data protection laws and industry standards. Familiarity with GRC platforms (e. g. , AuditBoard, Onspring, Archer). Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of Information Security areas/domains. These include governance & risk management, access control, cybersecurity, physical security, security architecture and design, business continuity/disaster recovery, network security, application and operations security and compliance/incident management. Demonstrated ability to understand complex technologies, business processes, regulations and emerging risks. Strong technical and/or IT and Security audit background with practical knowledge of a wide variety of technologies including server infrastructure and operating systems, network and web infrastructures, database architecture, vulnerability and penetration testing assessment and Intrusion Detection/Prevention Systems. Good understanding of SOX legislation and IT and Security frameworks including COSO and COBIT. Self-starter with the ability to manage and prioritize responsibilities. Team player with proven skills in influencing people without having direct management authority. Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately. Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person. Strong risk analysis and problem solving skills. Must be flexible to ensure assessments are performed timely and manage multiple assessments simultaneously. This is a hybrid position and involves regular performance of job responsibilities virtually as well as in-person at an assigned TU office location for a minimum of two days a week. TransUnion Job Title Consultant, Audit and Advisory

Visa is seeking a Controls Monitoring & Testing Analyst within its Technology Risk Management program to review and assess Cybersecurity and Technology risks. The candidate will perform Risk Assessments, Design Effectiveness Assessments, and Operational Effectiveness Testing for key technology threat vectors such as security configuration management, firewall configuration, application, user access management, and availability & reliability. Responsibilities include managing stakeholder engagement plans, participating in process walkthroughs, tracking/reporting deliverables, and producing high-quality work papers for all lines of defense and risk stakeholders. Additionally, the candidate will interpret data from source systems to perform statistical sampling and aggregate assessment across various risk management levers, collaborate with technology partners, and distill information into management and executive-level reporting. Key Responsibilities: Technology & Cybersecurity Controls Testing: Perform independent technology and cybersecurity controls testing. Document testing results in detailed workpapers. Prepare management reports based on testing outcomes. Communicate findings with stakeholders. Automation for Continuous Monitoring: Develop automation for continuous controls monitoring/auditing for technology and cybersecurity. Monitor the results of automated controls, perform investigation and follow-ups as needed. Risk & Control Self-Assessment (RCSA): Execute RCSA Risk Business Partner (RBP) controls quality review and sample-based testing. Conduct Key Risk Indicator (KRI) testing. Training, Metrics Alignment & Reporting: Develop and track risk management training. Align metrics with reporting dashboards. Develop reporting and stakeholder communication. Bachelor s degree with 5 years of work experience in cyber, risk controls, or equivalent. Experience with technology and cyber processes and functions (e.g., Vulnerability, Availability & Reliability Risk, Cyber Defense, Third Par

About Us At SentinelOne, we re redefining cybersecurity by pushing the limits of what s possible leveraging AI-powered, data-driven innovation to stay ahead of tomorrow s threats. From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do. We re looking for passionate individuals who thrive in collaborative environments and are eager to drive impact. If you re excited about solving complex challenges in bold, innovative ways, we d love to connect with you. Who are we looking for? Reporting to the Manager- Internal Audit, this position is a highly visible and an impactful role across the company. The Analyst- Internal Audit, based in India and will work with all levels of management to promote business integrity and robust internal control structures, compliance with Sarbanes-Oxley legislation, and recommendation for process improvements. Essential Functions/duties: Assist in both Business and IT SOX planning, scoping, and risk assessment process through close collaboration with external auditors and business process owners Conduct Business & IT walkthroughs and controls testing according to established audit standards Engage in Internal audit projects, ERM, operational and financial audits. Develop high-quality process and audit testing documentation for design effectiveness and operating effectiveness of Business process controls & ITGCs. Perform testing of application controls, key reports, interfaces, integrations, and segregations of duties rules Sound understanding of GAAP, COSO, SOX and PCAOB rules; experience in the use of auditing and assessment frameworks and the application of professional standards. Develop and maintain comprehensive documentation including flow charts, process narratives and risk and control matrices and any others required Evaluate audit findings and coordinate remediation of deficiencies Develop business relationships and proactively interact with process owners to gather information, resolve problems, and make recommendations for improvement and optimization Demonstrate initiative and provide timely updates to internal audit management Manage multiple tasks effectively and deliver projects timely Documentation and activities remain current and in compliance with the IIA s IPPF Standards and are consistent with best practices. Develop metrics for ongoing operational activities and leverage technology and data analytics to enhance IA operations. Help manage governance of the Internal Audit function and mature and evolve our audit methodology and operational audit program Perform other tasks and projects as assigned in support of the internal audit team and corporate objectives Qualifications: Bachelor s degree in Accounting, Finance, or related field preferred Recognized professional qualification(s): CA/CPA/CIA/CISA is preferred Minimum of 4-5 years of audit experience, preferably within the technology industry Positive attitude and willingness to learn Ability to take direction, learn quickly, work independently, and maintain a level of professional skepticism Ability to handle multiple priorities and deadlines, with high standards for quality, accuracy, and attention to detail Demonstrate basic research capabilities with strong analytical and creative problem-solving skills Working knowledge of data analysis and business intelligence tools is a plus (PowerBI, Tableau). Experience with Big 4 accounting firms or global public companies is strongly preferred. Strong written and verbal communication skills

Proficient in Risk assessment and analysis methodologies Risk management software and tools proficiency Knowledge of regulatory (GDPR,PCI-DSS, Anti-Money Laundering (AML)) requirements and compliance standards. Understanding of insurance principles and coverage. Industry-specific certifications (CRISC, CISM, ISO 27001:LA) Project management expertise. A thorough understanding of: ISO 27001 (Information Security Management) NIST Cybersecurity Framework SOC 1 and SOC 2 Standards

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, youll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. How will you make an impact in this role? Responsible for contacting clients with overdue accounts to secure the settlement of the account. Also they do preventive work to avoid future overdues with accounts that have a high exposure. As part of the Finance Data Governance Organization (FDG) within Corporate Controllership, this role is responsible for overseeing the end-to-end process of financial regulatory data attestation, ensuring the accuracy, completeness, and traceability of data submitted to regulatory bodies. The ideal candidate will have deep knowledge of financial regulations, a strong command of data governance principles, and proven experience implementing attestation processes in complex, regulated financial environments Responsibilities Lead the design, implementation, and ongoing execution of the regulatory data attestation framework across Finance. Establish standards, controls, and documentation protocols to ensure consistent and auditable sign-off on regulatory data submissions (e.g., FR Y-9C, CCAR, Basel, BCBS 239). Partner closely with various teams to define roles and responsibilities for data ownership, validation, and attestation. Develop and manage a formalized attestation process that includes data lineage, quality checks, control evidence, and sign-off workflows. Ensure alignment with internal policies, external regulatory expectations, and proactively highlight data quality issues that impact regulatory reporting. Drive continuous improvement through root cause analysis, remediation planning, and control enhancements. Lead a high-performing team of data governance professionals, data analysts, and regulatory specialists. Provide executive-level reporting on attestation status, data risks, and control effectiveness to senior leadership and regulators. Qualifications 10+ years of experience in regulatory reporting, finance data governance, or compliance roles in a large financial institution. Deep understanding of regulatory reporting processes, requirements, and controls across U.S. and global financial regulations. Proven experience establishing or managing attestation or data certification frameworks. Strong knowledge of data governance, control design, data quality, and lineage practices. Experience with data governance and workflow tools (e.g., Collibra, Informatica, Alation, ServiceNow). Excellent leadership, stakeholder engagement, and communication skills. Bachelor s degree in Finance, Accounting, Information Management, or related field; advanced degree or certifications (e.g., CA, CPA, CISA, CDMP) preferred.

Unlock your potential as an experienced audit professional with our Information Technology audit team. Job Summary As a Corporate Technology (CT) Audit Vice President within the Corporate Technology Audit team, you are responsible for evaluating the sufficiency of control environments across various corporate functions, such as Global Finance, Corporate Treasury, Risk Management, Human Resources, Compliance, Legal, and the Corporate Administrative Office. You will accomplish this through a comprehensive audit program, executed and overseen by a global team of integrated technology and business audit specialists. Job Responsibilities Lead and participate on audit engagements, from planning to reporting, and produce quality deliverables to both department and professional standards, while ensuring audits are completed timely and within budget Work closely with global Audit colleagues in the early identification of emerging control issues, and report them in a timely manner to Audit management and business stakeholders Recognize the confidential nature of Internal Audit communications and access to information; exercise discipline in protecting the confidentiality and security of information in accordance with firm policy Partner with stakeholders, business management, other control groups (i.e. risk management, compliance, fraud prevention), external auditors, and regulators, establishing good working relationships while maintaining independence Finalize audit findings and use judgment to provide an overall opinion on the control environment by developing recommendations to enhance internal controls Communicate audit findings to management, and identify opportunities for improvement in the design and effectiveness of key controls Implement and execute an effective program of continuous auditing for assigned areas, including monitoring of key metrics to identify control issues and adverse trends Effectively manage teams where required, performing timely review of work performed and providing honest and constructive feedback Stay up-to-date with evolving industry/regulatory changes impacting the business and participate in appropriate control forums Find ways to improve efficiency with existing technical infrastructure through automation while embracing the innovative opportunities offered by new technologies Required qualifications, capabilities, and skills Minimum 7 years of internal or external auditing experience, or relevant business experience Bachelors degree (or relevant financial services experience) required Experience with internal audit methodology and applying concepts in audit delivery and execution Solid understanding of internal control concepts, with the ability to evaluate and determine the adequacy of controls by considering business and technology risks in an integrated manner Excellent written, verbal, and presentation skills; adept at presenting complex and sensitive issues to senior management Great interpersonal and influencing skills, with the ability to establish credibility and create partnerships with senior business and control partners Advanced analytical skills, particularly in regard to assessing the probability and impact of an internal control weakness Enthusiastic and self-motivated, with a keen interest in learning; effective under pressure and willing to take personal responsibility/accountability Adaptable to changing business priorities and ability to multitask in a constantly changing environment Willing to travel as needed Preferred qualifications, capabilities, and skills CISA Advanced Degree in Computer Science or Information Systems

Are you looking for an exciting opportunity to join a dynamic and growing team in a fast paced and challenging area? This is a unique opportunity for you to work in our Technology Audit team and partner with the various lines of business to provide risk and control assessments on Infrastructure Platforms Job Summary As an Infrastructure Audit Vice President within the Technology Audit team, you will be responsible for risk assessments, control identification, audit testing, control evaluation, and follow-up and verification of issue closure related to Global Technology Infrastructure. You will participate in or lead audits. In addition, you will be involved in assessing the adequacy of controls around various projects including major application development initiatives, infrastructure build-outs, and product development and will be expected to develop on-going relationships with senior technology leaders. This role will report locally into Audit Director in India and functionally to Audit Director onshore and will be based in Bengaluru (India). Job Responsibilities Establish strong relationships with management in technology, related control groups such as Risk Management, Compliance, and Audit colleagues. Lead audit engagements covering GTI including risk assessments, audit planning, audit testing, directing audit staff, control evaluation, audit report drafting, and follow-up and verification of issue closure. Accountable for meeting deliverables and adhering to department standards. Provide coaching and feedback to other team members. Monitor key risk indicators, significant change activities and escalation of emerging technology issues to management in a timely fashion. Stay up-to-date with evolving technology changes and market events impacting technology processes. Develop recommendations to strengthen internal controls and improve operational efficiency. Work closely with business and technology audit colleagues to ensure that key risks are identified and assessed in the program of audit coverage. Perform audit work in accordance with department and professional standards, and complete assignments in an efficient manner. Write audit work papers and reports with minimal intervention by the Audit manager and should have attention to detail to ensure accuracy and completeness of audit coverage. Partner with colleagues, stakeholders and control community members to evaluate, test and report on the adequacy and effectiveness of management controls with appropriate recommendations for improvement. This may be delivered through specific audit reviews or through ongoing involvement in major activities or projects. Required Qualifications, capabilities and skills Minimum 10 years of relevant experience in internal/external auditing, or consulting. Solid understanding of internal control concepts with the ability to evaluate and determine the adequacy of controls by considering business and technology risks. Knowledge of system development life cycle concepts with an ability to quickly learn a complex, distributed computing environment. Good understanding of controls related to operating system, networking and database platforms. Ability to manage multiple tasks concurrently in an efficient and effective manner with minimal supervision. Experience in planning and executing audits in accordance with professional standards. Excellent verbal and written communication skills. Also, good interpersonal skills with the ability to present complex and sensitive issues to senior management, and influence change. Team player who works well individually and in teams, shares information and collaborates with colleagues during execution of the audit plan. Enthusiastic, self-motivated, strong interest in learning, effective under pressure and willing to take personal responsibility / accountability Must have experience planning/leading/executing audits or similar projects, and providing staff with written and verbal feedback. Proficiency in risk analysis, and strong analytical skills particularly in regard to assessing the probability and impact of an internal control weakness. Working knowledge of IT controls and processes, such as Access Administration, Change Management, Security Configuration and Business Resiliency Preferred Qualifications, capabilities and skills Certified Information Systems Auditor (CISA) and/or Certified Information Systems Security Professional (CISSP) designation considered an advantage. Knowledge of distributed and cloud technologies considered a plus.

The Second line of Defense Controls Testing partner for the Cyber and Technology Risk Management (CTRM) division will be a team leader who will work closely with peers, stakeholders, and their manager on Second Line s Controls Testing program focused, on Cyber and Technology Controls Testing/Validations as well as Cyber and Technology related assessments. Responsibilities will include: Lead 2LOD Cyber and Technology Risk Management team in India focused on controls testing/validation, assessments, and overall support to Cyber and Technology Risk Management initiatives Manage testing/validation requirements for controls testing team, monitor progress, and ensure timeliness and quality of team s work Test, Validate, and Assert to Business and Application Owner control testing methodology and test procedures Perform 2LOD validation work, including plan preparation, workpapers, finding, and report results to risk committees Manage day-to-day risk issues, design, and implementation of new controls with various teams Examine cyber risk controls, evaluate the design and operational effectiveness, determine exposure to risk, and work with business to develop remediation strategies Assess risk as a Second-Line governance role through the Risk and Control testing; Risk Identification; and Change Initiative Risk Assessment processes, as applicable Provide Second-Line risks and control testing findings to Risk Management leadership and risk committees Understanding of the Three Lines of Defense governance model Ability to assess and effectively communicate the operational, and technical findings and control issues to executive and business leadership, using language that is relevant to and understandable by the business Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls Strong project management skills, including the ability to adapt to change quickly, multi-task and demonstrate flexibility in prioritization based on requested tasks Strong working knowledge of banking/financial regulatory requirements to perform and ensure an appropriate level of testing Qualifications - External 10-12 years of IT Audit experience to include but not limited to: Cyber Resilience, Cybersecurity, Risk Management, IT Risk and Control, and/or IT Audit 3+ years leading controls testing and/or audit teams CISSP, CISM, CISA, CRISC, or equivalent certifications highly preferred Familiarity with the NIST Cybersecurity Framework Strong working knowledge of the inherent cyber risks in the financial services industry Cloud, MFA, Password vaulting (e.g. CyberArk), and Secure SDLC experience Analytical and communication skills required to summarize and analyze information Organizational skills required to coordinate risk related activities with peers and senior executives Advanced Microsoft Office 365 skills

Location: Bangalore or Hyderabad Senior Digital Risk Advisor - DRG Join a team of digital risk governance and controls professionals helping Swiss Re to fulfil its mission in making the world more resilient. As a Senior Digital Risk Advisor, you will have first-line responsibility for ensuring an effective and efficient risk and control framework is implemented across the different IT domains at Swiss Re. Whats more, youll be working in a hybrid setup, perfectly balancing work from home and the office premises. About the team The Digital Risk Governance Controls team is a key part of Swiss Res Security Team, focused on defining and managing risks related to digital topics. Were looking for an experienced and highly motivated expert who can define and develop an efficient first-line risk and control framework that supports a strong risk-aware culture within the company. In your role, you will Actively manage the implementation of the digital and technology risk framework Maintain oversight o n the quality of internal measures implemented to address digital risk, ensuring controls, processes and standards are appropriately designed and operating effectively Ensure compliance with rules, regulations, and policies - making sure we meet our risk appetite and driving corrective actions where opportunities exist Actively collaborate with key stakeholders across the three lines of defense to automate, measure performance and continuously improve our risk position U nderstand complex concepts and identif y solutions to problems Be someone who believes in continuous innovation, is curious and relentless in finding a better way every day Your qualifications A track record of successful delivery in IT risk and control -related roles, such as IT Governance, IT audit, or digital risk management Practical knowledge of external IT good practices - particularly NIST - but also others , such as ISO and COBIT Qualified in an appropriate discipline such as CISA, CGEIT, CRISC Good teamwork and strong collaboration as well as a willingness to share knowledge and evolve within and across different teams The ability to effectively communicate with a broad spectrum of stakeholders - from s enior m anage rs to IT engineers , developers and operations staff Be curious, proactive, result-oriented and confident in decision making at speed Passion, drive and a belief in the value of digital risk management as an enabler of business performance Fluency in spoken and written English About Swiss Re . If you are an experienced professional returning to the workforce after a career break, we encourage you to apply for open positions that match your skills and experience. Keywords: Reference Code: 134243

Location: Bangalore or Hyderabad Digital Risk Advisor Join a team of digital risk governance and controls professionals helping Swiss Re to fulfil its mission in making the world more resilient. As a Senior Digital Risk Advisor, you will be responsible for the first-line digital technology operations risk and control activities - ensuring risks are identified, controls applied, and performance is monitored, measured, and reported to our technology and business leaders. About the team The Digital Risk Governance Controls team is a key part of Swiss Res Security Team, focused on defining and managing risks related to digital topics. Were looking for an experienced and highly motivated expert who will help to drive the companys risk culture. In your role, you will Be part of a team of digital risk experts supporting Applications and Business stakeholders with applying digital risk governance principles and standards Actively contribute to the implementation of the digital risk framework as the trusted digital risk partner Ensure IT threats and risks are understood, issues handled timely, and IT controls designed and operating effectively Embed controls into operational procedures by collaborating with our digital technology teams to automate, measure performance, and continuously improve our risk position Build operational transparency with continuous monitoring and assessment of controls so that we meet our risk appetite and drive corrective actions where needed Be someone who believes in continuous innovation, is curious and adamant in finding a better way every day Your qualifications Nobody is perfect and meets 100% of our requirements. If you, however, meet some of the criteria below and are curious about the world of risk and control activities, well be more than happy to meet you! First experience s in IT risk and control-related roles, such as IT Governance, IT audit, or digital risk management CISA, CGEIT, CRISC or similar qualifications are an advantage Good teamwork and strong collaboration as well as a willingness to share knowledge and evolve within the team and across teams Capability to continuously build and maintain a strong collaborative network within the IT domains Be curious, proactive, result-oriented and confident in decision-making at speed Passion, drive and a belief in the value of digital risk management as an enabler of business performance Fluency in spoken and written English About Swiss Re . If you are an experienced professional returning to the workforce after a career break, we encourage you to apply for open positions that match your skills and experience. Keywords: Reference Code: 134238

Location: Bangalore or Hyderabad Band: D Senior Digital Risk Advisor Join a team of digital risk governance and controls professionals helping Swiss Re to fulfil its mission in making the world more resilient. As a Senior Digital Risk Advisor, you will be responsible for the first-line digital technology operations risk and control activities - ensuring risks are identified, controls applied, and performance is monitored, measured, and reported to our technology and business leaders. About the team The Digital Risk Governance Controls team is a key part of Swiss Res Security Team, focused on defining and managing risks related to digital topics. Were looking for an experienced and highly motivated expert who will help to drive the companys risk culture. In your role, you will Be part of a team of digital risk experts supporting Applications and Business stakeholders with applying digital risk governance principles and standards Actively contribute to the implementation of the digital risk framework as the trusted digital risk partner Ensure IT threats and risks are understood, issues are handled timely, and that IT controls are designed and operating effectively Embed controls into operational procedures by collaborating with our digital technology teams to automate, measure performance, and continuously improve our risk position Build operational transparency with continuous monitoring and assessment of controls so that we meet our risk appetite and drive corrective actions where needed Be someone who believes in continuous innovation, is curious and adamant in finding a better way every day Your qualifications A track record of successful delivery in IT risk and control-related roles, such as IT Governance, IT audit, or digital risk management Industry knowledge of insurance, reinsurance or banking business, and modern technology solutions General understanding of Risk Management Frameworks such as COBIT, ISO 31000 and COSO ERM CISA, CGEIT, CRISC or similar qualifications are an advantage Good teamwork and strong collaboration as well as a willingness to share knowledge and evolve within the team and across teams Capability to continuously build and maintain a strong collaborative network within the IT domains The ability to effectively communicate with a broad spectrum of stakeholders - from senior managers to IT engineers , developers and operations staff Be curious, proactive, result-oriented and confident in decision-making at speed Passion, drive and a belief in the value of digital risk management as an enabler of business performance Fluency in spoken and written English About Swiss Re . If you are an experienced professional returning to the workforce after a career break, we encourage you to apply for open positions that match your skills and experience. Keywords: Reference Code: 134239

Description Rightpoint, a Genpact company (NYSE: G) is a global experience leader. Over 500 employees work with clients end-to-end, from defining and enabling vision to ensuring ongoing market relevance. Our diverse teams lead with empathy, data and creativity always in service of the experience. From whiteboard to roll-out, we help our clients embed experience across their operations from front to back office to accelerate digital transformation through a human-centric lens. Are you someone who wants to create change in the way business is doneDo you want to work with inspired and like-minded intrapreneursUs too! We take our work very seriously, but we have fun doing it. And we re searching for passionate, talented people to join the Rightpoint team. Our Commitment to You No matter who you are, where you come from, who you love, what you believe, or what you get excited about, we bring people together to make phenomenal work. Thats what makes us Rightpoint! Job Title : Information Security and Compliance Analyst Location : India Introduction Reporting to the IT Security and Compliance lead, the person in this role will support our Information Security Management System and be instrumental in driving and organizing our ongoing SOX and ISO 27001 compliance efforts. This person will help analyze and track vulnerability findings and conduct vulnerability management efforts. The Ideal candidate will have exceptional written communication skills and the ability to manage complex documentation and audit requests. We are looking for a person with a passion for ensuring security best practices are followed consistently across the organization. What You ll Be Doing and the Impact You ll Make: Coordinate and track SOX and ISO 27001 compliance efforts, including control reviews, evidence collection, process documentation, and internal readiness assessments Organize and conduct comprehensive searches to determine the applicability of data security policies to client contracts Serve as the point of contact for auditors and internal stakeholders during compliance reviews, ensuring clear and timely communication Maintain and organize a central repository of compliance documentation, policies, and procedures with a high standard of clarity and accuracy Review, triage, and analyze vulnerability findings from internal scans and external tools; prioritize and categorize based on risk and potential business impact. Work closely with IT and application owners to coordinate remediation efforts, follow up on open vulnerabilities, and ensure timely resolution Assist in developing security policies, procedures, and user guidance aligned with industry best practices Generate concise and meaningful reports and dashboards for internal leadership and auditors Track exceptions, manage control gaps, and help drive risk mitigation strategies Contribute to security awareness and training efforts by preparing clear documentation and guidance materials What We d Love to See: 3+ years of experience in information security, IT compliance, or related roles Demonstrated experience supporting or managing SOX, ISO 27001 or similar compliance activities Familiarity with vulnerability management tools Outstanding written communication skills, especially in drafting audit responses, procedures, and internal documentation Meticulous attention to detail, with a strong ability to manage and organize complex deadline-driven tasks Comfortable working independently in a remote or distributed team environment. Preferred Qualifications Certifications such as CISA, ISO 27001 Implementation, CISSP, or Security+ Experience working with compliance frameworks such as NIST, GDPR, or SOC 2 Prior experience in a multinational or regulated environment. Familiarity with project tracking tools (e.g. JIRA, Confluence, SharePoint). This is a global role requiring frequent flexibility for meetings with US-based colleagues. Role may include occasional after-hours (or before-hours) support during incidents or critical remediation windows. Work Environment and Expectations This is a global role requiring frequent flexibility for meetings with US-based colleagues Role may include occasional after-hours (or before-hours) support during incidents or critical remediation windows Required Education: Bachelors Degree in Computer Science, MIS, or related field. Benefits and Perks at Rightpoint 30 Paid leaves Public Holidays Casual and open office environment Flexible Work Schedule Family medical insurance Life insurance Accidental Insurance Regular Cultural Social Events including Diwali Party, Team Parties, Team outings, etc. Continuous Training, Certifications, and Learning Opportunities First-hand experience dealing with security incidents. EEO Statement Rightpoint, a Genpact Company, is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. We are committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.

Conduct comprehensive IT audits to evaluate the effectiveness and efficiency of IT systems and processes. Assess and document IT Governance, Risks and Compliance's vulnerabilities and control deficiencies. Ensure compliance with RBI guidelines and industry standards (e.g., ISO 27001, NIST, COBIT, COSO). Develop and implement audit plans and methodologies. Review and analyze evidence, document audit findings, and propose practical solutions. Collaborate with IT and business teams to improve IT governance and control frameworks. Prepare detailed audit reports and present findings to senior management. Rigor in tracking and follow-up of IS audit open points on the implementation of audit recommendations. Evaluate and test IT General Controls (ITGCs), automated controls, and key reports. Participate in risk assessments and design audit programs. Review regulatory submissions and ensure timely and accurate documentation. Perform IT vendor audits and assist in IT Governance audits. Stay updated on industry trends, emerging threats, and regulatory changes. Required Qualifications, Capabilities, and Skills: A bachelor's or masters degree in computer science, Information Technology, or Engineering, with at least 5 years of experience in IT Technical and Process Audit, along with at least one industry-recognized certification such as CISA, CRISC, or CISM. Strong understanding of RBI guidelines for NBFCs. Knowledge of Governance, Risk & Compliance function, Software development processes, IT systems, Network architecture, Databases, and Cybersecurity measures. Extensive knowledge of industry security frameworks (e.g., NIST, CIS) and ISO 27001/2 standards. Proven experience in implementing or testing IT General Controls. Basic understanding of AI-ML models, their risks, and audit testing procedures. Excellent verbal and written communication skills to effectively present audit findings and recommendations. Ability to analyze complex data, identify risks, and provide actionable recommendations. Experience in identifying and evaluating IT risks and developing mitigation strategies. Ability to identify issues and develop practical solutions. Experience in planning and managing audit projects to ensure timely completion. Meticulous in documenting audit processes and findings. Ability to work effectively with cross-functional teams and stakeholders. Capable of managing multiple audits simultaneously and meeting deadlines in a dynamic, fast-paced environment. Highly motivated, enthusiastic, performs well under pressure, and takes personal responsibility and accountability. Upholds the highest standards of professionalism, integrity, and ethical conduct.

The IS/IT Internal Auditor is part of a global team and will primarily be responsible for executing IT SOX testing. On occasion, the IS/IT Auditor may also participate in internal audits that are focused on IT, financial, or operational risks globally across Nokia. The candidate will be spending the majority of their time focused on IT controls testing, including but not limited to IT General Controls (ITGCs), as well as IT application controls, operational controls, and other topics as needed. The candidate will be tasked with presenting conclusions related to their testing and will need to be able to present and support the results of their testing to leadership functions across Nokia. You have: Bachelors degree in information technology, Management Information Systems,Computer Science 4-5 years of prior IT SOX experience, and/or 2-3 years of IS/IT experience, and/or 2-3 years of internal or external audit experience required. Hands-on experience in IT General Controls, SOX controls including User access management, Logical access, Change management, Data Protection, and other entity level controls. Knowledge or experience working with, or auditing the SAP Business Suite (e.g. ERP, CRM, SCM, MDM, PLM) is highly desirable. Experience working with Wdesk platform or similar is desirable. It would be nice if you also had: Working knowledge or experience in Information Technology as a developer or tester highly desirable. Engineering, or other IT/business related field most desired. Experience with data analytics and visualization tools (e.g., ACL, IDEA, PowerBI, Tableau, etc) is desirable. Professional certifications helpful- e.g., CISA, or SOX equivalent. Test Internal IT controls identified as relevant for the adherence to Sarbanes Oxley 404. Majority of work will be focused on technology and applications. The candidate will participate in IT system walkthroughs, and request, obtain and test IT SOX related evidence. The individual will perform tests of IT operative effectiveness, all while meeting the deadlines and budget under the direction of the Lead/Manager, IT Internal Audit - SOX. Complete necessary documentation supporting testing conclusions and meeting or exceeding Nokia documentation standards. Assist in evaluating, re-enforcing and/or promoting the IT SOX program standards and approaches as it relates to documentation, control design, evaluation, and effectiveness testing. Assist in IT SOX scoping and risk assessment activities.Candidate is responsible for identifying issues and making recommendations which help drive process improvements and efficiencies. Candidate will follow-up on IT SOX identified issues and test remediation efforts. Provide assurance that operations and processes conform to Nokia policies and procedures. Contribute to the improvement of the IT SOX testing program through automation/analytics.

IT SOX Compliance Analyst - Docusign1 Job Title: IT SOX Compliance Analyst (Second Shift) : We are seeking a motivated and detail-oriented IT SOX Compliance Analyst to support our Sarbanes-Oxley (SOX) compliance initiatives, with a focus on IT General Controls (ITGCs) and IT application controls. This role requires collaboration with internal audit teams and IT control owners to ensure effective control design, implementation, and remediation. The position is aligned to support global teams, requiring availability during the 2 PM to 11 PM IST shift. Key Responsibilities: Support the assessment, design, and implementation of IT General Controls (ITGCs) and IT application controls across key systems. Collaborate with internal audit and IT control owners to evaluate risks, discuss control deficiencies, and support audit-related activities. Assist in the preparation of documentation, including control deficiency memos and remediation plans. Oversee and facilitate end-to-end IT control walkthroughs to ensure proper documentation and understanding of control processes. Skills & Qualifications: Solid understanding of the Sarbanes-Oxley (SOX) Act, specifically ITGC and IT application control requirements. Experience in internal audit, IT risk management, and control testing. Strong communication and documentation skills, with the ability to work cross-functionally. Must be available to work during the 2 PM to 11 PM IST shift to support global operations.

About NCR Atleos Position Summary At NCR Atleos, our Internal Audit Department (IAD) purpose is to help enable competent and informed decisions to add value and improve operations, while contributing meaningfully to Board and organizational confidence. We are indispensable business partners, with a brand focused on insight, impact and excellence. We believe that everything we do is to enhance value, provide insights, and instill confidence. To do this, we must be relevant, connected, flexible, and courageous. NCR Atleos IAD is seeking a Senior IT Auditor to support our India Internal Audit (IA) team. In this position, you will play a crucial role in enhancing our companys internal control environment and risk management processes. You will be responsible for leading and executing IT audits across all technology layers, assessing IT risks, and providing expert recommendations to the management. This role demands a balance of technical proficiency, strategic thinking, and excellent communication skills. Key Areas of Responsibility: Audit Planning: Participate in risk assessments where needed and assist in developing and implementing a comprehensive IT audit plan that aligns with the organizations objectives and risk. Audit Execution: Execute IT audits, including identifying and assessing IT risks in business processes, security policies, and system implementations. Lead audits of IT infrastructure, applications, and data management systems to assess compliance with internal policies, external regulations and SOX. Recognize and adapt to changing circumstances. Identify IT risks and recommend mitigating controls. Analyze and evaluate IT operations and strategies to identify efficiency improvements and cost-saving opportunities. Assess compliance and maturity in line with relevant laws, regulations, standards (e.g., SOX, GDPR, ISO) and frameworks (e.g., COBIT, NIST, ITIL). Communication: Communicate timely any significant changes to budget or scope and any significant audit findings, risks, and recommendations to the Internal Audit Manager. Collaboration: Work closely with IT, InfoSec (IS) and other business units to understand IT infrastructure, applications, and operations. Mentor and guide junior IT auditors, enhancing their skills and ensuring quality audit practices. Reporting: Draft detailed Audit observations, highlighting issues, risks, and actionable recommendations. Assist the IA manager with presenting findings to responsible business management. Follow-up and Monitoring: Assist the IA Manager with monitoring open audit recommendations and follow-up to encouraging timely implementation and help avoid past-due management actions. Continuous Improvement: Stay abreast of emerging technologies, audit methodologies, and regulatory changes. Contribute to innovation and improvements to the IT audit process, controls and the overall Internal Audit Department. Qualifications: Bachelors or Masters degree in Information Technology, Computer Science, Accounting, or a related field Minimum of 3 years of experience in IT auditing, with a proven track record in leading audits and managing audit projects Understanding of IT audit methodologies, IT governance frameworks (e.g., COBIT, NIST, ITIL), and regulatory requirements (e.g., SOX, ISO, GDPR) Experience with AuditBoard and analytic tools e.g. Power BI and Tableau a plus Professional certifications such as Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) are strongly desired Strong analytical and problem-solving skills with an ability to analyze data and identify control weaknesses Excellent verbal and written communication skills, with the ability to articulate complex IT issues in business terms. Proficient in English Ability to travel and a team player with a commitment to personal and professional growth. Commitment to ethical conduct, integrity, and the promotion of a culture of accountability and continuous improvement Strong organization and management skills in a multi-tasking environment Positive individual who enjoys working in a fun and dynamic team environment EEO Statement NCR Atleos is an equal-opportunity employer. It is NCR Atleos policy to hire, train, promote, and pay associates based on their job-related qualifications, ability, and performance, without regard to race, color, creed, religion, national origin, citizenship status, sex, sexual orientation, gender identity/expression, pregnancy, marital status, age, mental or physical disability, genetic information, medical condition, military or veteran status, or any other factor protected by law. Statement to Third Party Agencies To ALL recruitment agenciesNCR Atleos only accepts resumes from agencies on the NCR Atleos preferred supplier list. Please do not forward resumes to our applicant tracking system, NCR Atleos employees, or any NCR Atleos facility. NCR Atleos is not responsible for any fees or charges associated with unsolicited resumes.

1. Information Security Management Assist CISO in implementation and management of entire ISMS life cycle Responsible for development, Periodic review, control and management of ISMS policies and procedure Monitor the adequacy of operational procedures, policies and process, create and monitor compliance Coordinate the Organizations ISO 27001:2013 recertification and SOC2 attestation process in terms of Planning, Coordination with Business owners and stakeholders and scheduling Audit meetings, Audit execution and Closure. Ensure compliance at an organizational level, achieved through identifying the applicable requirements which in the case of Quinnox are the ISO 27001 standard, Customer Contractual Security obligations and defined internal policies and procedures. Monitor performance of GDPR controls and respond to the quarterly compliance checklist. Ensure GDPR Data Processing Impact assessments are carried out periodically and gaps are addressed Plan and conduct the annual Management Review meeting. Demonstrate the performance of ISMS through the year and seek feedback / advice from the Leadership Council. Review and respond to risk assessment questionnaire by our clients Review MSA Security clauses of the existing clients and prospects Participate in POC of new security tools and implementation 2. Information Security Risk Management Carrying out Organization Wide Information Security Risk Management exercise on an Annual Basis to Quantify the Risks associated with the Information Assets and accordingly devise the Risk Mitigation strategies. Developing and Maintaining Risk Registers of all the Projects/Support Functions. Creating a Risk Summary report for the executive management. 3. Technical Vulnerability Management Monitor and review anti-virus and patch report across all endpoints and ensure that all endpoints are up-to-date with latest AV patches. Ensure SIEM and DLP alerts are monitored and corrective actions taken to address potential threats Ensure monthly scanning of infrastructure is carried out and vulnerabilities are remediated in time Defining the Scope of external VAPT and facilitating the VAPT vendor personnel with the requisite information. Facilitate the external VAPT exercise at org level, reviewing the VAPT findings for verifying the authenticity of the reported observations and ensure timely mitigation. 4. Audit Management: Act as point of contact for all external audits of ITIM to define scope and parties necessary to participate. Act as a repository of audit data to prevent duplication of audited processes Based on known annual audits, develop a schedule for audits which allows for distribution of audits throughout the course of the year Plan, schedule and execute internal ISMS audits twice a year Record the audit findings and track the closure of NC after following up with the concerned departments Summarize the audit findings and associated CAPA to include in steering committee meetings. Act as point contact during external audits and ensure smooth execution through careful planning ahead of time. 5. Change Management; Incident Management; ISMS Document Control: Ensure that all changes to critical infrastructure takes place through appropriate change control Reviewing change records for appropriateness and ensure that all they are filled in with the correct and relevant information by the responsible teams. Approve or reject changes in line with our change control policy Work and Incident Response Coordinator who, in consultation of IT head/CISO will be responsible for timely escalation and reporting of security incidents. Reviewing incident records for appropriateness and ensure that RCA and corrective actions are captured appropriately. Ensure all Incidents and security events are reviewed on an ongoing basis and appropriate corrective measures taken to remediate the issues. Maintaining, tracking and updating Change and Incident records (Record Management). Control of ISMS Documents and Records 6. Information Security Training & Awareness: Ensure dissemination of knowledge on our ISMS policies and procedures through awareness campaigns. Ensure the ISMS training compliance across all locations. Publishing security updates through newsletters on a periodic and ongoing basis. 7. Business Continuity: Perform business impact analysis, risk assessment, mitigation plans / recovery strategies and BCP testing for the company's critical business processes, operations and the technology that supports them. Ensure BCP tests, DR Drills conducted as per schedule Conduct BCP training to the crisis response team and project managers at least once a year Identify single point of failures through risk assessment and propose controls Competencies/Skills required: Must have managed Information Security in a medium / large size organization. Should be well versed with all aspects of Information security and risk management. Could have worked as an information security consultant in any of the consultancy service provider firms. Qualifications and Education Requirements: Minimum education Bachelor of Engineering Certifications such as CISSP, ISO 27001 (ISMS) Implementer / Lead Auditor, CISA, CISM will be an added advantage. Additional Notes: Ideal candidate for this position would be one who has completed an entire lifecycle of Information Security Management System in a medium or large organization. External Job Title

IT AUDIT

Eviden, part of the Atos Group, with an annual revenue of circa " 5 billion is a global leader in data-driven, trusted and sustainable digital transformation. As a next generation digital business with worldwide leading positions in digital, cloud, data, advanced computing and security, it brings deep expertise for all industries in more than 47 countries. By uniting unique high-end technologies across the full digital continuum with 47,000 world-class talents, Eviden expands the possibilities of data and technology, now and for generations to come. RoleGRC Consultant Location: Bangalore (JP Nagar), Navi Mumbai (Mahape) Experience: 3+ years Highest Qualification: Any Full Time Graduate Note: Hands on experience in ISO 27001 Implementation is mandatory for this role Experienced in managing cyber security services like Cyber Risk & Compliance consulting. Experience in setting up end to end Cyber Security frameworks, Compliance Standard implementation, including knowledge in testing (VAPT, Web & mobiles appsec, secure code review) Should be adept at conducting gap analysis, risk assessments, Impact assessments, governance and strategy development, Have worked with organizations to develop and implement various industry security standards like, IS0 27001, ISO 20000, PCI DSS, SOC2, GDPR, Privacy standards etc... Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Specific Duties and Responsibilities Include: To manage cyber security projects across EMEA region for cyber security services like Cyber security testing & cyber consulting Maintaining margins Business development like having presales discussions with various teams Assist in Business development of various security standards Must Have Skills: Excellent communication and presentation skills. Able to effectively interact with various clients/sales teams and manage clients Good to have Skills / CertificationISO27001:2013 Lead Auditor CISSP, CISA, CISM, ISO22301, OSCP, CEH, SANS, Cloud certifications, Privacy certifications like CIPP/E, CIPM Qualification: BE/ BTech, MCA, MBA with specialization in Information Security

We have a team of security compliance leaders overseeing solutions for this complex environment, collaborating with security architects and Cloud DevOps teams internally and around IBM. The security compliance leader’s role is to determine the secure operation of the all computer systems, servers, and network connections in accordance with our policies, procedures, and compliance requirements. A security compliance leader in our team will participate in some or all of the following: Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Job Title: Client Data Protection Opportunity Support (CDPOS) Specialist + Level 09/10 + CF Location: India Management Level: 09 Specialist/10 Senior Analyst Must have skill :Information Security process and procedures As part of the CDPOS Client Response team, the CDPOS RFP Specialist is primarily responsible for supporting Accenture business development teams to respond to a) client Information Security (IS) and Vendor questionnaires (which are commonly issued as part of Request for Proposal (RFP) process), b) reviewing client Information Security policies / standards, c) completing client Risk Management market surveys, and d) supporting IS and DP conversations with both Client and Accenture Account teams. The role sits within the pre-contract, business development space interfacing with multiple stakeholders common to the contract development process (Solution Architects, Legal, Contract Management and Security leads). The Specialist will act as an Information Security Subject Matter Expert who will support multiple Accenture business development teams (operating across multiple countries) to respond to client information security and data privacy requests related to Accenture IS policies / standards / processes and recognized security frameworks. Key Responsibilities: Respond to client security questionnaires and management market surveys Liaise with account business development team, IT and technical teams to understand specific client security requirements set out in security questionnaire / market survey and determine appropriate responses that meet both client technical requirements and Accenture Information Security standards. Agree a project schedule to respond to requirements and communicate progress with key stakeholders. Perform quality checks on final information security submission Participate in client meetings focused on Information Security controls (if required) Establish and maintain effective working relationships across multiple stakeholders who interact with the Accenture business development process - account management, business development, technical / solution leads, Information Security, Legal and Finance representatives Contribute to the creation of high-quality and reusable IS solutions by updating the CDPOS RFP database with new information security related proposal data (new product release documents / new responses created / changes to Accenture IS Standards & Policies and other Accenture wide developments) Continually build own knowledge on the features of Accenture products, IS practice, services and commonly used IT concepts to respond to client and account questions that are technical in nature Skills and Experience: Possess an understanding and awareness of typical information security framework and common information security standards Demonstrate working knowledge of the Accenture business development process (with practical experience working with stakeholders in the process being an advantage) Be comfortable challenging account executives who are most commonly above peer group - influencing executive decisions and addressing conflicts and challenges Developed an appreciation of Information security best practices, auditing, and overall risk management Possess strong organizational skills with the ability to handle multiple work activities under tight, short-term deadlines (whilst meeting account and qualitative expectations) Demonstrate effective prioritization and time management capability Achieved work experience assessing and implementing information security and data protection controls Strong relationship development skills with an ability to influence and interact with organizational leadership and account executive across multiple countries Preferably hold at least one recognized security certification such as ISO 27001 LA, CISSP, CISA, CISM or CRISC Demonstrate good verbal and written communication skills Possess a good knowledge of MS Office applications (Excel, Word, Power Point) About Our Company | AccentureQualification Good to have skill: Overview on ITIL Experience: Minimum of 1yr