505 Cisa Jobs - Page 2

About the Role: Core Responsibilities: Plan, execute, and report on internal IT audits. Evaluate the effectiveness of IT controls, identify risks, and provide recommendations for improvement. Conduct regular access reviews to ensure that users have appropriate access levels based on their roles. Evaluate the effectiveness of access controls in safeguarding sensitive information. Recommend improvements for identity and access management (IAM) processes. Perform internal risk assessments to identify vulnerabilities and ensure timely mitigation strategies. Work closely with IT, legal, and business teams to address audit findings and track remediation efforts. Preference and Experience: The candidate must have experience in IT auditing, IT risk management, or related fields. Proficiency in compliance with frameworks like ISO 27001, SOC 2, PCI DSS, ITGC, or other relevant standards. Hands-on experience conducting on-site and remote assessments of third-party vendors to evaluate their security posture and related controls. Proficiency in MS Office Suite with experience creating and presenting dashboards and reports. Must be CISA certified. Must have the capability to represent the audit reports to Management. Stay updated on the latest developments in IT audit and compliance practices. Comfortable traveling for on-site visits to the client side for audit purposes.

: Job TitleInformation Security Risk Specialist , AVP LocationMumbai, India Role Description An Information Technology & Security Risk Specialist to join the 2nd LoD Information Security & Technology Risk Team. The team is global, this role is within the Mumbai team (currently 1 person) which is being built out to support the global team. Should have a proven depth of knowledge and keen interest of Information Security and Technology and their application in large financial institutions. Working with other team members the role will input subject matter expertise and drive innovative approaches in applying risk management in an evolving threat environment. The team has a global footprint in Frankfurt, Singapore, London, Mumbai and USA. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Provide data and analytics reporting to support the team in monitoring the Information Security and Technology Risk Appetite, breaches and remediation. Where required support the implementation of automated data and analytics reporting process. Support the team delivery of Non-Financial Risk Management (NFRM) priorities such as risk & control assessments, scenario analysis, risk appetite. Monitor and challenge 1LOD Risk and Control Assessments (including results of 1LOD control testing/assurance). Perform 2LOD control assurance through targeted reviews of areas of concern. Gain an understanding and be able to articulate key Information Security and Technology regulatory requirements across APAC/MEA and their impact and implementation into the Information Security and Technology Risk Framework. Your skills and experience University degree (Computer Science, Business Administration or equivalent). Majors in Information Security and / or Risk Management are a plus. Experience (4+ years) in Information Security or Information Technology with experience in the Finance industry and/or a major Technology or Consultancy company preferred. Some level of technical understanding and training either as a data analyst, developer, business analyst or project manager. Knowledge of Information Security and Technology industry regulatory standards and/or Risk Frameworks (e.g. EBA Guidelines ISO / 27000 Series, COBIT 2019, DORA) are a plus. Relevant professional certifications e.g. CISSP, CISA, CISM, CRISC, ITIL, ISO27001 Lead Auditor or similar are a plus. Experience of working in large global teams yet comfortable working independently without day-to-day oversight and steer. Strong communication skills (English required). How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

: Job Title Risk & Control Specialist, AVP LocationBangalore, India Role Description Risk, Finance, Treasury (RFT) Technology is the technology partner to the CRO (Chief Risk Office) and CFO (Chief Financial Office) divisions. The Chief Risk Office is responsible to identify, aggregate, manage and mitigate Financial and Non-Financial risks and includes Market & Valuation Risk Management (MVRM), Credit Risk Management and Non-Financial Risk Management (NFRM). The Chief Finance Office includes Finance and Treasury and is responsible for a broad range of activities designed to ensure the financial and regulatory integrity of the Deutsche Bank Group including official production of PnL, Financial control, Group & Local Financial Reporting, Capital Management, Balance Sheet Management and Planning, and Liquidity & Treasury Reporting and Analysis. RFT Technology support the definition of the IT strategy and provision of solutions to allow CRO and CFO to manage all aspects of the Risk and Finance processes. Over the last couple of years, the regulatory landscape and associated demand to meet the mandated regulatory standards and reporting expectations has exponentially increased in complexity requiring Deutsche bank to significantly invest in its infrastructure and platform capability. The Risk and Control Specialist role supports RFT Technology Management managing all aspects of the Audit lifecycle. This includes (i) ensuring all identified risks (Audit Findings) and proactively managed and closed on time and (ii) identifying and assessing risks and their impact (self identified issues), planning remediation actions, and monitoring and reporting of their progress. The role requires strong stakeholder engagement, including close interaction with the Divisional Risk Leads, Regional leads, 2LoD such as Non-Financial Risk Management (NFRM) and 3LoD Group Audit as well as the groups frontline technology groups. This will include Chief Information Officers (CIOs), Development & Infrastructure Leads, Programme managers, Architects, and Production Support areas This is an exciting opportunity for a high-performing and motivated individual who is looking to contribute to the banks priority to reduce risk in a sustainable way. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Managing findings life-cycle events (e.g. closures, risk downgrades, risk acceptances) with finding owners/ risk leads to ensure they are addressed, appropriately documented within agreed timelines. Collaboration with internal teams to educate and promote Risk and Controls standards, Finding Management Procedure and Central Function checkliststo ensure successful handling oflife cycle events Understand and advocate DB Policies, Procedures, Controls and standards, Finding Management Procedure and Central Function checkliststo ensure successful remediation and handling oflife cycle events with stakeholder Coordinate with Portfolio Owners/risk leads for the upcoming audit schedule and request if any potential SIIs are to be raised for the audit scope. Conduct reviews of all Life Cycle Events before submission to CAF (Central Approval Function), assist with edits to improve quality of documentation Participate in Risk and Control meetings with Portfolio owners / CIO-1 totrack and review the status of remediationagainst risk topics Coordination and management with Portfolio Owners/Delegates, Embedded Risk Team (ERT), Control Owners, CAF members & collaboratively work together to ensure Risk is addressed in a sustainable way, be able to troubleshoot to eliminate blockers. Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums. Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present self-identified findings and proposals for risk mitigation Your skills and experience Overall 8+ years of experience in any of the SDLC/STLC engagement and minimum 2 years on risk and audit related experience in IT Risk. Previous experience with IT risk assessment, audit, controls validation and emerging risk identification. A strong team player who can collaborate with people at all levels in a global matrix organization The ability to manage multiple tasks and efficiently prioritize workload with limited supervision and resilient under pressure. The ability to quickly build a network across RFT and among subject matter experts. Strong analytical and problem-solving skills to evaluate risk Result oriented and ability to deliver under tight timelines. Excellent communication, both written and verbal Desire to learn about new and emerging technologies and continuous upskilling. Must be comfortable with navigating ambiguity to extract meaningful risk insights. Ability to assimilate large quantities of information in short periods of time. How well support you . . .

Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Planning, conducting walkthroughs, drafting process understanding and relevant controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Documenting and Reviewing Test of Designs and Test of Effectiveness controls. Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., Validations of audit issues. Conducting special reviews. What will you need to know: Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, drafting skills, communication, and interpersonal skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.)

Develop and implement Cyber security and Cyber Crime Programs Implement Security functions like Risk Management, Audit Management, BC/DR Management, Vulnerability management, IAM, End-point Security, etc.

- Act as the primary support contact for payment partners (e.g., Payfacs, ISOs). - Handle inquiries related to settlements, transaction statuses, integration, and account settings. - Troubleshoot issues related to transaction processing, reconciliations, chargebacks, and payout delays. - Support partners with onboarding processes, including technical integration (API or host-to-host integrations). - Guide partners through KYC documentation processes and regulatory compliance requirements. - Monitor payment flows and flag any inconsistencies or performance degradation across payment channels. - Deliver periodic performance and transaction reports to partners. - Work closely with product, risk, finance, and engineering teams to enhance partner experience and provide feedback. What you will need to have: - 5+ years of experience in payment operations or financial services. - Strong understanding of payment flows and industry standards (e.g., 3DS, PCI-DSS, chargebacks). - Familiarity with payment gateways, acquiring, issuing, and payment APIs. - Experience with support tools and reporting tools. - Bachelors degree in a relevant field or an equivalent combination of education, work, and/or military experience. What would be great to have: - 7+ years of relevant experience in payment operations. - Proven track record of managing SLAs and prioritizing tasks. - Ability to stay composed under pressure and manage multiple projects simultaneously. - Excellent communication and problem-solving skills.

Provide guidance and direction to the planning process and the execution of fieldwork such as overseeing interviews and walkthroughs, reviewing materials, the design and execution of audit testing, analyzing results, drawing conclusions within the allotted time scheduled. Manage the audit lifecycle, staffing, scheduling, methodology and approach to testing and fieldwork and finally, the quality and timeliness of all work products you oversee. You will be expected to provide weekly, monthly, or periodic status reporting and work with the CAAS leadership team to ensure the appropriate allocation and assignment of resources. Assist the Audit Director in the development and mentoring of Senior and Staff Auditors by providing regular and timely feedback regarding their execution of tasks performed during each audit engagement and their overall performance. What you will need to have: 7+ years of audit experience applying Auditing principles, methodology and standards in a risk-based environment across a variety of audit areas at varying degrees of complexity 5 + years of financial services industry experience and/or experience working in a public accounting firm 2+ years of experience managing other professionals Active professional Audit certification such as CPA, CIA, CISA, CFE Bachelors degree or an equivalent combination of education, work, and/or military experience What would be great to have: Experience working with risk assessment methodologies, control activities, control monitoring, control evaluations and measurement of control effectiveness in accordance with regulatory compliance requirements such as corporate governance, consumer protection, AML/CTF and Financial Crimes, data protection/data privacy, ethics or conduct risk Important info about this role: Were better together. This role is fully on-site. This is a full-time, direct-hire position, and no contract options for unsolicited agency submissions will be considered.

Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Planning, conducting walkthroughs, drafting process understanding and relevant controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Documenting and Reviewing Test of Designs and Test of Effectiveness controls. Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., Validations of audit issues. Conducting special reviews. What will you need to know: Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, drafting skills, communication, and interpersonal skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.)

Project Management Working as a team leader & resource management. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Conduct comprehensive Cyber and Technology controls audits, IT General controls (ITGC) audits. Planning, conducting technology domain/controls related walkthroughs, drafting, and reviewing process understanding and its controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Reviewing Test of Designs and Test of Effectiveness controls Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Validations of audit issues. Conducting special reviews / investigations. Carrying out audit planning including scheduling and resource allocation Conducting discussions with Management representatives on the audit observations/ findings and preparation of Audit Committee Submissions. Conducting internal staff trainings Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., What will you need to know: Experience: At least 5 years of managerial experience (overall 10 years of IT Audit experience) in the areas of IT Internal Audit, ITGC, Cyber security, Infrastructure/Network, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Should possess strong understanding, capability and skillsets in auditing IT controls, IT risk mitigation and technology related processes reviews. Should be proficient and have good knowledge in testing IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, team management and drafting skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.)

We are seeking a highly skilled and experienced Contract Security Auditor to join our team for a 1-year engagement. This critical role will be instrumental in enhancing our organization's security posture. The ideal candidate will be an unbiased expert, capable of meticulously assessing our current security controls against various global standards. If you thrive in an environment where you can make a significant impact and demonstrate exceptional performance, this contract offers a unique pathway to a permanent position within our core security team. Responsibilities: As our Contract Security Auditor, you will be responsible for: Comprehensive Security Assessments: Conducting in-depth security audits of our current systems, processes, and controls against established frameworks and regulations including, but not limited to, ISO 27001, SOC 2, HIPAA, and GDPR. Gap Analysis & Risk Identification: Identifying gaps, vulnerabilities, and non-compliance issues within our information security management system (ISMS) and operational procedures. Corrective Action Planning: Developing detailed, actionable recommendations for corrective actions and control improvements, collaborating with relevant teams to ensure practical and effective solutions. Implementation Oversight & Verification: Monitoring and confirming the successful implementation of corrective actions, ensuring that identified deficiencies are fully remediated and bring the organization into compliance. Documentation & Reporting: Creating clear, concise, and comprehensive audit reports, detailing findings, recommendations, and evidence of compliance or non-compliance. Preparation: Assisting in the preparation of documentation, evidence, and personnel for future internal and third party audits Stakeholder Communication: Effectively communicating audit findings, risks, and progress directly to senior management Policy & Procedure Review: Reviewing and providing input on the adequacy and effectiveness of existing security policies, standards, and procedures. Continuous Improvement: Contributing to the continuous improvement of the organization's overall security program and compliance efforts. Qualifications: Experience: Minimum of 7 years of dedicated experience in information security auditing, compliance, or risk management. Demonstrable experience leading and executing audits against multiple frameworks, specifically ISO 27001, SOC 2, HIPAA, and GDPR. Proven track record of successfully identifying control deficiencies and recommending effective remediation strategies. Technical Skills: Strong understanding of information security principles, technologies, and best practices (e.g., access control, network security, data encryption, incident response). Familiarity with common enterprise IT environments, cloud services, and BPO operational models. In depth understanding of US security best practices and requirements Certifications (Highly Preferred): Relevant industry certifications such as CISA, CISSP, CRISC, Lead Auditor certifications (ISO 27001, SOC 2), or similar. Soft Skills: Unbiased & Objective: Proven ability to conduct audits impartially and provide objective assessments. Analytical & Problem-Solving: Exceptional analytical skills with the ability to interpret complex data, identify root causes, and propose practical solutions. Communication: Excellent written and verbal communication skills, with the ability to articulate complex security concepts to both technical and non-technical audiences. Interpersonal: Strong interpersonal skills to build rapport and collaborate effectively with diverse teams. Project Management: Ability to manage multiple audit engagements concurrently, prioritize tasks, and meet deadlines. Contract Details: Term: 1-year contract with potential for conversion to a permanent full-time position. Location: Remote Start Date: Immediate availability preferred. Why Join Us? This is an exciting opportunity to play a pivotal role in strengthening the security foundation of a dynamic US based BPO. You will have the autonomy to drive significant change and see the direct impact of your work. For a high-performing individual, this contract serves as a direct pipeline to a long-term career with our growing security team, offering stability and continued professional development. Application Process: To apply, please submit your resume and a cover letter detailing your relevant experience along with your self-introduction video at Navnita.chakravarty@ardem.com About ARDEM Data Services ARDEM is a leading Business Process Outsourcing and Business Process Automation Service provider. For over twenty years ARDEM has successfully delivered business process outsourcing and business process automation services to our clients in USA and Canada. We are growing rapidly. We are constantly innovating to become a better service provider for our customers. We continuously strive for excellence to become the Best Business Process Outsourcing and Business Process Automation company.

We help the world run better At SAP, we enable you to bring out your best. Our company culture is focused on collaboration and a shared passion to help the world run better. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from. What you`ll do We are seeking an Audit and Compliance Specialist to uphold the integrity of our certification processes for SAP s external accreditations, including SOC, NIST, PCI, C5, and ISO frameworks. This pivotal role involves a blend of technology and strategy, requiring hands-on engagement with auditing tools and methodologies to ensure compliance and remediation measures are top-notch. Your key responsibilities will be: Streamlining audit support in collaboration with SAP teams. Overseeing the execution and continuous improvement of external audits. Crafting insightful audit dashboards and communicating findings effectively to leadership. Enhancing operational protocols through vigilant monitoring, analysis, and evaluation. Spearheading audit procedures across SAP s diverse global business sectors. Elevating expertise in cutting-edge audit standards, cybersecurity trends, AI and cloud innovations. Aligning audit practices with overarching business goals and visions. Shaping policy through robust internal control dialogues. Fostering a collaborative environment for sharing best practices in audit support. Driving policy innovation by developing new processes, controls, methodologies. This role is an opportunity to make a significant impact on the integrity of our operations and contribute to our commitment to excellence. We look forward to welcoming a dedicated professional who is ready to take on this exciting challenge. What you bring (maximum character count 750): We re seeking a dynamic professional with: 8-12 years of audit, consulting, or industry experience, ideally from a Big 4 Audit firm. A Bachelor s/Master s degree in Business Administration, Computer Science, or related fields. Knowledge in IT/Cloud Audit frameworks such as C5, SOX, SSAE 16 - SOC 1 & SOC 2, PCI compliance, NIST, and ISO 27001. Understanding of business and IT processes, systems, controls, and emerging technologies. Strong English communication skills and ability to work collaboratively. German proficiency is a plus. A strong personality for effective interaction with customers. A team player mindset with a can do attitude. CISA, PMP, CISM, ISO27001, CCSP, or CISSP certification, or the willingness to obtain them. Join our dynamic team and make a significant impact. We look forward to welcoming you. #SecurityT3 Bring out your best SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, you can bring out your best. We win with inclusion SAP s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone - regardless of background - feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world. SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy . Specific conditions may apply for roles in Vocational Training. EOE AA M/F/Vet/Disability: Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability. Successful candidates might be required to undergo a background verification with an external vendor. Requisition ID: 422281 | Work Area: Information Technology | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time | Additional Locations: #LI-Hybrid. Requisition ID: 422281 Posted Date: Jun 7, 2025 Work Area: Information Technology Career Status: Professional Employment Type: Regular Full Time Expected Travel: 0 - 10% Location:

About New Relic New Relic is a leader in observability, empowering engineers with real-time insights to build better software, faster. We are deeply committed to fostering an environment of innovation and collaboration, where our technology and people thrive. Our mission is to be the observability platform of choice & the system of intelligence for customers. As the Lead Product Security & Compliance Manager at New Relic, you will play a critical role in ensuring our innovative products meet global compliance standards and customer expectations. You will be a key partner to our product, engineering, legal, and security teams, providing guidance and oversight on a wide range of compliance and regulatory matters. This is an exciting opportunity to build and scale a product compliance program in a fast-paced, high-growth SaaS environment at the forefront of the observability and AI-powered analytics space. This role requires a deep understanding of the evolving regulatory landscape, a strong technical foundation, and proven experience in partnering with engineering teams to embed compliance into the software development lifecycle. What you ll do Serve as the central point of contact for product compliance, working closely with Product Management, Engineering, Legal, Security, and Sales to integrate compliance requirements into the entire product lifecycle, from design to launch and beyond. Shape product capabilities to proactively balance compliance requirements with speed-to-market. Review product features and internal architecture to assess against compliance requirements. Identify and evaluate risks, including oversight and monitoring of our risk program in relation to product features. Stay abreast of global regulatory trends and translate them into actionable insights and requirements for product teams. Identify automation opportunities to enhance the review process in partnership with security and legal teams, incorporating minimum requirements that all capabilities must meet. This role requires: Bachelors degree in Computer Science, Information Security, or related field. Minimum of 8 years of experience as a Security & Compliance Product Manager, Security and Compliance manager, audit experience, FedRAMP experience. Strong knowledge of and experience in security risk management and with frameworks including related regulatory compliance requirements (e.g., SOC 2, ISO 27001, HITRUST, HIPAA, PCI-DSS, and NIST). Knowledge of or experience working with, Cloud technologies/environments, AWS, Azure, GCP, or other related cloud experience. Use creative and critical-thinking skills and, through the development of automation and implementation of procedures that minimize operational overhead, help your stakeholders meet the spirit of security controls. Minimum of 8 years of experience as a Security & Compliance Product Manager, Security and Compliance manager, technical/engineering product manager, audit experience, FedRAMP experience Bonus points if you have List nice-to-have criteria, such as attributes/behavioral values, strongly desired qualifications, and working conditions. Experience with compliance in the context of AI/ML-powered products. Knowledge of government compliance standards such as FedRAMP. Knowledge of/experience working in heavily regulated software or software as a service industry. Familiarity with the observability and application performance monitoring (APM) market. Familiarity with New Relic products and capabilities Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or other relevant certifications. Fostering a diverse, welcoming and inclusive environment is important to us. We work hard to make everyone feel comfortable bringing their best, most authentic selves to work every day. We celebrate our talented Relics different backgrounds and abilities, and recognize the different paths they took to reach us - including nontraditional ones. Their experiences and perspectives inspire us to make our products and company the best they can be. We re looking for people who feel connected to our mission and values, not just candidates who check off all the boxes. If you require a reasonable accommodation to complete any part of the application or recruiting process, please reach out to resume@newrelic.com . We believe in empowering all Relics to achieve professional and business success through a flexible workforce model. This model allows us to work in a variety of workplaces that best support our success, including fully office-based, fully remote, or hybrid. Our hiring process In compliance with applicable law, all persons hired will be required to verify identity and eligibility to work and to complete employment eligibility verification. Note: Our stewardship of the data of thousands of customers means that a criminal background check is required to join New Relic. We will consider qualified applicants with arrest and conviction records based on individual circumstances and in accordance with applicable law including, but not limited to, the San Francisco Fair Chance Ordinance . Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. New Relic does not accept unsolicited headhunter and agency resumes, and will not pay fees to any third-party agency or company that does not have a signed agreement with New Relic. Candidates are evaluated based on qualifications, regardless of race, religion, ethnicity, national origin, sex, sexual orientation, gender expression or identity, age, disability, neurodiversity, veteran or marital status, political viewpoint, or other legally protected characteristics. Review our Applicant Privacy Notice at https: / / newrelic.com / termsandconditions / applicant-privacy-policy

IT Infrastructure Compliance Manager job consist of creation of IT Compliance Framework, track all compliances as per regulatory requirements and to ensure IT Compliance adherence to regulatory requirements. To identify Technology Compliance requirement for IT Infrastructure Units To draft Compliance policies & procedure To work with IT Infra Units to implement compliance controls. To track Status of compliance To remediate noncompliance as per the governance structure To interface with External Auditors for all IT Infra Units To ensure all audit points are closed as per the defined TAT Key Decisions / Dimensions Compliance Status of Control as per the documented policy and procedure Major Challenges To identify all compliance requirement Create a horizontal control framework and track it across IT Infra Units Required Qualifications and Experience a) Qualifications Engineering / Computer Graduate with 3-5 years of Information Security Governance / IT Compliance Experience/IT Audit in BFSI organization Relevant Certifications like CISA/ISO 27001 LA b) Work Experience Prior Experience of RBI/SEBI/IRDA Regulatory requirements for Technology Compliances Prior experience of Implementation & Sustenance of Technology Compliance requirements Working Knowledge of Security Governance Practices across Datacenter, Cloud, Servers, Endpoints, Security Technologies, Application & Database Good Written and Verbal Communication with Presentation Skills Good Team Player and sound in stakeholder management

manage&improve Governance,Risk,and Compliance,GRC frameworks,setting up and leading assessments,implementing strategies,advising clients on how to mitigate cybersecurity risks and achieve compliance with industry standards and regulatory requirements

Roles and Responsibilities : Conduct regular security testing and vulnerability assessments to identify potential risks and threats to the organization's IT systems. Develop and implement effective mitigation strategies to address identified vulnerabilities, ensuring compliance with relevant regulations such as SOX, PCI DSS, GDPR, CCPA, etc. Collaborate with cross-functional teams to ensure seamless integration of security controls into software development lifecycle (SDLC) using tools like CCM/CSCF/OWASP. Provide expert guidance on cybersecurity best practices to stakeholders across the organization. Job Requirements : 7-15 years of experience in Cyber Security Testing & Vulnerability Assessment. Strong understanding of regulatory frameworks such as SOX, PCI DSS, GDPR, CCPA etc. . Proficiency in tools like Bis/CCM/CSCF/OWASP for conducting security tests. Certifications like CISSP/CISA/CEH are desirable.

Job Posting Title: Internal Audit IT Location: Thane What does a successful Internal Audit IT do at FISERV? Efficiently manage and conduct the audit projects as per The Institute of Internal Auditors standards and in accordance with Fiserv global Internal Audit framework and methodologies. What will you do: Project Management Working as a team leader & resource management. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Conduct comprehensive Cyber and Technology controls audits, IT General controls (ITGC) audits. Planning, conducting technology domain/controls related walkthroughs, drafting, and reviewing process understanding and its controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Reviewing Test of Designs and Test of Effectiveness controls Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Validations of audit issues. Conducting special reviews / investigations. Carrying out audit planning including scheduling and resource allocation Conducting discussions with Management representatives on the audit observations/ findings and preparation of Audit Committee Submissions. Conducting internal staff trainings Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., What will you need to know: Experience: At least 5 years of managerial experience (overall 10 years of IT Audit experience) in the areas of IT Internal Audit, ITGC, Cyber security, Infrastructure/Network, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Should possess strong understanding, capability and skillsets in auditing IT controls, IT risk mitigation and technology related processes reviews. Should be proficient and have good knowledge in testing IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, team management and drafting skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.) What would be great to have: Desired certifications: CISA / CISSP / CISM / CCNA certified professionals Qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree]

As an Internal Fraud Risk Manager at Tide, you'll be instrumental in building a new global internal fraud function. Reporting to the Head of Internal Fraud, you'll collaborate with stakeholders such as the CRO, CAO, Director of Financial Crime Risk, and CISO, and engage directly with Tide's Executive and Senior Leadership Team. This role spans all of Tide's markets, offering broad exposure and the chance to help shape a fraud-resilient culture in a high-growth fintech environment. Key Responsibilities Support the design and implementation of Tide's internal fraud risk management framework Conduct internal fraud risk assessments to identify and mitigate vulnerabilities across the business Work with leadership to implement fraud prevention strategies, policies, and controls Design and monitor Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) Provide subject matter expertise on internal fraud risks and evolving threat landscapes Contribute to the development and delivery of fraud awareness training and communications Build and maintain a monitoring program leveraging system logs and data analytics to identify fraud indicators Conduct and manage internal fraud investigations aligned with industry standards Advise the business on remediation strategies to reduce recurrence and risk exposure What We're Looking For 5+ years of experience in internal fraud risk management and investigations Recognized as a subject matter expert in internal fraud Relevant certifications such as: Certified Fraud Examiner (CFE) Certificate in Fraud Risk Management (CFRM) ICA Diploma in Financial Crime Prevention Certified Internal Auditor (CIA) Accounting qualifications (e.g., CA, ACCA, CIMA) Certified Information Systems Auditor (CISA) Experience operating across multiple jurisdictions/geographies Strong background in fraud frameworks, forensic investigations, and regulatory compliance Proven ability to collaborate and influence at all levelsinternally and externally Organized, resilient, and comfortable with high-paced, high-volume environments Passionate about cultivating a culture of risk awareness and integrity

Core Responsibilities Assist with technical control design, implementation and monitoring, support incident responses and assist with providing root cause analysis support for incidents. Monitor for attacks, intrusions, and un-usual, unauthorised or illegal activities when the Security Analysts are finding the instance challenging. Keep an eye on the alerts from systems including SEIM solutions and vulnerability monitoring services and check if the Analysts are able to handle the flow appropriately, if not then jump in and investigate if there are any abnormality in the inflow. Monitor identity and access management, including monitoring for abuse of permissions by authorised systems users if the stats are fluctuating or when you see a spike in the alerts. Assist with Information Security Reporting and metrics, providing input into improving information security reporting and metrics. Identify/recommend improvements on internal investigation capabilities via tool and process building/automation. Provide support to recovering from security breaches; participate in investigation and remediation of security incidents, which may include working as part of a team Assist in perform deep-dive incident analysis, determining if critical systems or data sets has been impacted. Assist with the definition and configuration of compliance policies for security technologies. Conduct research on emerging threats in support of security enhancement and development efforts; recommend security improvements, upgrades, and/or purchases. Support the incident response of minor incidents by advising on remediation actions, escalating major incidents to the designated parties. Recording lessons learnt whilst supporting on improving existing processes and procedures. Providing support of new analytic methods for detecting threats. Continuously seeking to identify potential service and process improvements. Participate in the implementation of technologies and platforms supporting the corporate infrastructure. Ensure that you fully understand and comply with the organisation’s Risk Management Policies as they relate to your area of responsibility. Ensure that you fully understand and comply with the organisation’s Data Governance Policies as they relate to your area of responsibility. Maintain the company’s compliance standards and ensure timely completion of all mandatory on-line training modules and attestations. Monitoring technical controls that are in place Addressing quires raised by the Security Analysts during investigation or other BAU. Assist Security Analysts in decision making and help in setting up standards. Will be responsible to suggest new fine tunings in the environment to the vendor or to the technical counterparts. Process review and upgradation recommendation when required. Setting up simplified and effective steps in BAU that in turn improves the quality of the work Implementation of new process based on business requirements and communicating the same with the team Team building and team management activities will be one of the key responsibility.

About Us: Paytm Money is a leading digital investment platform dedicated to providing secure and innovative financial solutions to our users. We prioritize the protection of our customers' data and assets through robust security practices. Role Overview: We are seeking an experienced Information Security Manager to lead our security initiatives and ensure the integrity, confidentiality, and availability of our systems and data. This role is crucial in safeguarding our digital assets and maintaining compliance with industry standards. 1.Should take care of Infosec functions by coordinating with various stakeholders 2.Drive VAPT activity end to end 3.Attend all cyber security compliance directions issued from time to time by the regulator 4.Coordination with SOC & CISO team to follow up the incidents till closure 5.Follow escalation matrix for delayed issues 6.Assist in Internal and External Audits (Regulatory) and work towards closure of observations if any 7. Prepare and review new/existing policies, procedures 8. Should possess technical skills and knowledge to handle/manage security solutions if required 9. Exposure to Cloud Environment 10. Knowledge of Application Security is a plus. Qualifications: * Experience: 7+ years of experience in information security or related fields, with a proven track record in managing security programs. * Technical Skills: Strong understanding of security frameworks, tools, and technologies, including firewalls, intrusion detection systems, and encryption. * Certifications: Relevant security certifications such as CISSP, CISM, or equivalent are highly desirable. * Analytical Skills: Excellent analytical and problem-solving skills to assess complex security issues and develop effective solutions. * Communication: Strong communication skills to effectively convey security concepts and collaborate with cross-functional teams. * Education: Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field. Masters degree or relevant certifications preferred. What We Offer: A dynamic and innovative work environment. Opportunity to make a significant impact on the security landscape of a leading fintech platform. Competitive salary and comprehensive benefits package.

Saviynt is looking for Principal Architect - Identity Management to design, deploy, configure and implement its leading Identity Governance (IGA) solution based on customer requirements. As an expert in deploying Identity Governance solutions, the primary responsibility will be to lead Saviynt solution deployments to meet customer requirements. WHAT YOU WILL BE DOING Provide thought leadership to customers for IGA in general and Saviynt in specific Provide industry wide best solution for the customer s use cases meeting functional as we'll as non functional requirements Provide consulting and advisory skills, capable of addressing customer expectations Architect and deploy Saviynt Identity Governance solution to meet customer requirements Design, deploy, implement, and integrate Saviynt with critical applications and infrastructure Follow approved life cycle methodologies, create documentation for design and testing Interact/coordinate with customers as required Provide technical oversight and direction to mid-level and junior Engineers Train and Groom top talent to be experts in Saviynt technology and IAM in general Assist operations team as required, coordinate with the product engineering team to advocate for the new features in the product Resolve technical issues through debugging, research, and investigation. Technical pre-sales support for direct and partner sales teams Provide technical expertise and real-life experience in creating solutions, designs, proof of concept, and implementation Conduct research and use knowledge of competitive solutions to effectively address and dispel customer objections Ensures delivery of high-quality product on time and within budget WHAT YOU BRING Bachelor s/equivalent in Engineering 14+ years of industry experience in design, development, customization, configuration, deployment of any Identity Management and Governance products Thorough domain knowledge on User Lifecycle Management, Provisioning and Reconciliation, Auditing, Reporting, and user activity Monitoring, Access Certification, SOD, Cloud Security Direct customer interaction and management skills Strong technical presentation and communication skills, both verbal and written Knowledge of Java/J2EE, SQL, Web Services (REST/SOAP), Directories, etc Strong consulting and advisory experience Good problem solving and analytical skills Experience with RFP responses and proposals Good To Have: Cybersecurity certifications (CISSP, CISA, CISM, CompTIA Security+ and CEH etc) Saviynt or any equivalent IGA product certification If required for this role, you will: - Complete security privacy literacy and awareness training during onboarding and annually thereafter - Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to): Data Classification, Retention Handling Policy Incident Response Policy/Procedures Business Continuity/Disaster Recovery Policy/Procedures Mobile Device Policy Account Management Policy Access Control Policy Personnel Security Policy Privacy Policy

Roles and Responsibilities : Conduct regular security testing and vulnerability assessments to identify potential risks and threats to the organization's IT systems. Develop and implement effective mitigation strategies to address identified vulnerabilities, ensuring compliance with relevant regulations such as SOX, PCI DSS, GDPR, CCPA, etc. Collaborate with cross-functional teams to ensure seamless integration of security controls into software development life cycles (SDLC) using tools like CCM/CSCF/BIS/SOC. Provide expert guidance on cybersecurity best practices to stakeholders across the organization. Job Requirements : 7-15 years of experience in IT services & consulting industry with a focus on cybersecurity testing and compliance. Strong understanding of regulatory frameworks such as SOX, PCI DSS, GDPR, CCPA etc. . Certifications like CISSP/CISA/CCM/CSCF are desirable but not mandatory.

As a Principal - Tech Content Strategist, you will lead the end-to-end development of engaging, instructionally sound learning experiences in the Security domain. Acting as a subject matter expert (SME), you'll translate complex frameworks into clear, outcome-focused content across digital formats. This role demands strong instructional design expertise, a deep understanding of learner needs, and the ability to creatively script and plan high-impact learning assets from video courses to assessments. Job Responsibilities Own the content development lifecycle plan, research, script, storyboard review, strategic video review and iterate for Security Design creative and effective learning experiences grounded in instructional design principles, addressing diverse learner personas and real-world scenarios. Author and script engaging digital content, including on-demand videos, interactive walkthroughs/lessons, assessments, and job aids. Collaborate with visual designers, editors, and technical experts to bring content to life in a compelling and accessible format. Align content with industry certification frameworks (eg, CEH, CISM, CISSP, CompTIA) and learner performance outcomes. Apply learner-centered design by identifying learning gaps and tailoring content that improves retention, engagement, and job readiness. Utilize Generative AI tools to accelerate and enhance content ideation, scripting, and personalization while maintaining content quality. Ensure instructional consistency, voice, and quality across all course deliverables and formats. Optionally support bootcamps (virtual training delivery) and mentor junior content developers. Skills Required Minimum 5+ years of hands-on experience in Security, including practical exposure to content planning and development. Demonstrated experience in instructional design, especially in developing digital learning products from concept to delivery. Excellent scripting, writing, and communication skills; able to distill complex concepts into concise, engaging narratives. Strong creativity and storytelling ability with an understanding of how to structure content for different learning styles. Fluency with and experience in Python, Java, C++, C#, Javascript, SQL, Bash, Powershell, or other relevant technologies Experience working with Security tools such as Splunk, Wireshark, Kali Linux, or Metasploit. Relevant certifications in Security (eg, CISA, CCSP, CEH, CompTIA Security+, Pentest+, CYSA+, CASP+). Preferred/Additional Skills: Familiarity with Generative AI tools like ChatGPT, Claude, or similar for content creation and enhancement. Training delivery experience (live/ virtual/ hybrid formats) is an added advantage. Understanding of instructional design models such as ADDIE, SAM, or Bloom s Taxonomy. Experience in analyzing learner feedback and improving content based on performance and engagement data

As a Fortune 50 company with more than 400,000 team members worldwide, Target is an iconic brand and one of America's leading retailers. Joining Target means promoting a culture of mutual care and respect and striving to make the most meaningful and positive impact. Becoming a Target team member means joining a community that values different voices and lifts each other up . Here, we believe your unique perspective is important, and you'll build relationships by being authentic and respectful. Overview about TII At Target, we have a timeless purpose and a proven strategy. And that hasnt happened by accident. Some of the best minds from different backgrounds come together at Target to redefine retail in an inclusive learning environment that values people and delivers world-class outcomes. That winning formula is especially apparent in Bengaluru, where Target in India operates as a fully integrated part of Targets global team and has more than 4,000 team members supporting the companys global strategy and operations. Internal Audit provides independent assurance and risk insights to and collaborates with business owners across the enterprise. Youll use professional judgment, analytics, agile concepts and other innovations daily. Youll understand, assess the effectiveness of and help improve risk management capabilities (e.g., processes and controls) for Targets strategic, business and compliance objectives. Roles & Responsibilities: As an Auditor, you will be a part of the Internal Audit team and responsible for: Demonstrating a strong acumen for risks & controls in areas like Finance, HR, Corporate Real Estate, Supply Chain, Vendor Management, Marketing, etc. Performing walkthrough, testing and reporting on internal controls in compliance with Sarbanes-Oxley Act (SOX) and Internal Controls over Financial Reporting (ICoFR). Participating in IT & Business process walkthroughs in collaboration with the control owners, 2nd line teams & Targets external auditors, documenting the process narratives & developing detailed test procedures. Performing Design & Operating effectiveness testing for assigned IT General Controls (ITGC) areas like logical access, change management, backup operations & job scheduling. Performing Design & Operating effectiveness testing for assigned IT Application Controls for various standard and off-the-shelf applications (ITAC) while adhering to Internal Audit & PCAOB standards. Demonstrating a good understanding of US GAAP & Indian Accounting Standards, Labor laws & Companies Act requirements. Testing configuration of standard applications (Like SAP, Oracle, etc.) and non-SAP application, reviewing variations, Interface Controls testing, building sample scenarios, source code reviews and key reports testing. Developing a strong understanding of Targets risk management framework, internal policies & control procedures and ensuring control objectives are met during the course of the engagement. Planning & executing internal financial, operational and/or compliance audits in adherence to the Internal Audit Policies & Procedures Ensuring all work papers meet the documentation & quality requirements throughout the lifecycle of an engagement (Planning, Fieldwork, Reporting & Wrap Up) Communicating any findings noted during the testing and working with the internal audit business auditors, 2nd line team, control owners & external auditors to assess the impact of the findings. Managing relationships with key internal & external stakeholders and ensure adherence to project timelines & deliverables. Identifying opportunities for use of Data Analytics & Automation to enhance Internal Audits ability to perform efficient testing/audit. Demonstrating a high level of engagement at work by closely interacting with HQ Internal Audit Team, participating in Internal Audit engagements, trainings, team building & community relations activities Being independent, innovative & proactive in taking steps for your personal development by willingly taking on stretch assignments, cross-functional engagements & acquiring new skills. Job duties may change at any time due to business needs About you: 3 or 4 year college degree (Accounting, Commerce, IT or related field preferred). 3-6 years of internal or external audit experience focused on SOX 302/404 audit & compliance. Working Knowledge of auditing business processes, ITGC & ITAC Exposure to Risk Management and Governance Frameworks/ Systems & ERP systems Experience in SAP IT Controls audit, SAP security baseline & best practices in SAP Security is preferred. Knowledge of key IT regulations, standards and benchmarks used by the IT industry (e.g. SOX, COBIT, SSAE18/ISAE 3402 etc.) Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self- assurance, and professionalism. Experienced in using data and analytical tools, including MS-Excel, to solve business problems. Preferences: CIA, CA, ACCA, CPA, CIMA, CISA Big 4, retail experience is a plus. Useful Links- Life at Target- https://india.target.com/ Benefits- https://india.target.com/life-at-target/workplace/benefits Culture- https://india.target.com/life-at-target/belonging

About Us Our purpose at Avient Corporation is to be an innovator of materials solutions that help our customers succeed, while enabling a sustainable world. Innovation goes far beyond materials science; it s powered by the passion, creativity, and diverse expertise of 9,000 professionals worldwide. Whether you re a finance wizard, a tech enthusiast, an operational powerhouse, an HR changemaker, or a trailblazer in materials development, you ll find your place at Avient. Join our global team and help shape the future with sustainable solutions that transform possibilities into realities. Your unique perspective could be the key to our next breakthrough! Job Summary The Governance, Risk, Compliance (GRC) and Programs Manager at Avient is responsible for leading a global team monitoring cyber regulations and ensuring compliance. This role involves creating and implementing a comprehensive training and awareness program to educate all users on IT best practices, information classification, and handling requirements. Additionally, the manager will oversee the execution of the cyber transformation portfolio, ensuring timely and high-quality delivery. Essential Functions Establish, implement and lead a comprehensive risk management program aligned with applicable regulations and industry best practices Author policies and standards defining the requirements for procedures that meet cyber and business requirements Drive and demonstrate cyber maturity as measured by the NIST Cybersecurity Framework Engage with internal and external stakeholders to address cybersecurity risk management needs and expectations Assess and recommend solutions to third party and supply chain risks Lead the cyber resilience program Lead the security awareness and training program. Design engaging content for general users, specialized use cases and specific training needs for technical staff and developers Identify and leverage internal communications channels to cultivate a risk-aware, ethical, and continually improving culture Provide program oversight to ensure risks are managed across the cyber transformation portfolio Other leadership duties as assigned Education and Experience Qualifications Bachelor s degree in computer science, information systems or related field or experience 10+ years progressive experience in compliance and technology leadership roles Substantial experience leading large, complex projects Additional Qualifications CISA, CISM, CISSP and GRC certifications preferred Project Management certification Manufacturing and Operational Technology (OT) experience

Job_Description":" Job Summary: The IT Compliance and Security Analyst is responsible for ensuringthe organization\u2019s IT infrastructure, policies, and processes comply withregulatory and industry security standards. This role involves conducting riskassessments, managing audits, enforcing security policies, and mitigatingpotential vulnerabilities to protect organizational assets. Key Responsibilities: 1. IT Compliance & Risk Management Ensure adherence to IT security compliance frameworks such as SOC 2, ISO 27001, NIST, HIPAA, GDPR, and PCI-DSS. Conduct risk assessments and gap analyses to identify compliance risks and recommend mitigation strategies. Assist in the development, implementation, and maintenance of IT security policies and procedures. Stay updated on evolving compliance regulations and security best practices. 2. Security Monitoring & Incident Response Review security alerts and investigate potential threats or incidents. Support incident response activities, including forensic analysis, reporting, and mitigation plans. Work with IT teams to ensure security controls are implemented and maintained effectively. 3. Audit & Documentation Own internal and external security audits from IT perspective, including evidence collection and audit coordination and track to closure. Maintain records and documentation related to security controls, compliance reports, and risk assessments. Liaise with stakeholders and follow up diligently until issues are fully resolved or mitigated. Take a 360-degree approach to identifying and prioritising required evidence, ensuring it is provided correctly the first time (FTR \u2013 First Time Right). Ensure all compliance tasks are completed on time and tracked properly, preventing any delays or breaches that could lead to non-compliance. Track audit findings and ensure timely remediation of identified gaps. Conduct rigorous follow-ups on all ongoing tasks, ensuring nothing is overlooked and providing timely updates to the respective stakeholders. 4. Security Awareness &Training Conduct compliance awareness training programs for employees. Educate teams on compliance best practices, requirements. 5. Vendor & Third-PartyCompliance Assess third-party vendors for compliance risks. Ensure vendor contracts align with IT security policies and regulatory requirements. Technical understanding of IT infrastructure-related compliances ensures adherence to compliance standards and all processes. Required Qualifications & Skills: Bachelor\u2019s degree in information security, IT, Computer Science, or a related field. 5+ years of experience in IT compliance, risk management, or audit functions. Able to discuss past role(s) to demonstrate capabilities for this role. Knowledge of security frameworks such as ISO 27001, SOC 2, NIST, GDPR, HIPAA, or PCI-DSS. Experience with IT governance, risk assessment, and regulatory compliance. Strong analytical, problem-solving, and communication skills. Certifications such as CISA, CEH, or Security+ are a plus. Preferred Skills: Familiarity with security tools such as SIEM, vulnerability scanners, patch management, and endpoint protection Experience in cloud security compliance (AWS, Azure, GCP). Understanding of Data Loss Prevention (DLP) and Identity & Access Management (IAM). Ability to work collaboratively with IT, Legal, and business teams. Requirements Job Summary: The IT Compliance and Security Analyst is responsible for ensuringthe organization\u2019s IT infrastructure, policies, and processes comply withregulatory and industry security standards. This role involves conducting riskassessments, managing audits, enforcing security policies, and mitigatingpotential vulnerabilities to protect organizational assets. Key Responsibilities: 1. IT Compliance & Risk Management Ensure adherence to IT security compliance frameworks such as SOC 2, ISO 27001, NIST, HIPAA, GDPR, and PCI-DSS. Conduct risk assessments and gap analyses to identify compliance risks and recommend mitigation strategies. Assist in the development, implementation, and maintenance of IT security policies and procedures. Stay updated on evolving compliance regulations and security best practices. 2. Security Monitoring & Incident Response Review security alerts and investigate potential threats or incidents. Support incident response activities, including forensic analysis, reporting, and mitigation plans. Work with IT teams to ensure security controls are implemented and maintained effectively. 3. Audit & Documentation Own internal and external security audits from IT perspective, including evidence collection and audit coordination and track to closure. Maintain records and documentation related to security controls, compliance reports, and risk assessments. Liaise with stakeholders and follow up diligently until issues are fully resolved or mitigated. Take a 360-degree approach to identifying and prioritising required evidence, ensuring it is provided correctly the first time (FTR \u2013 First Time Right). Ensure all compliance tasks are completed on time and tracked properly, preventing any delays or breaches that could lead to non-compliance. Track audit findings and ensure timely remediation of identified gaps. Conduct rigorous follow-ups on all ongoing tasks, ensuring nothing is overlooked and providing timely updates to the respective stakeholders. 4. Security Awareness &Training Conduct compliance awareness training programs for employees. Educate teams on compliance best practices, requirements. 5. Vendor & Third-PartyCompliance Assess third-party vendors for compliance risks. Ensure vendor contracts align with IT security policies and regulatory requirements. Technical understanding of IT infrastructure-related compliances ensures adherence to compliance standards and all processes. Required Qualifications & Skills: Bachelor\u2019s degree in information security, IT, Computer Science, or a related field. 5+ years of experience in IT compliance, risk management, or audit functions. Able to discuss past role(s) to demonstrate capabilities for this role. Knowledge of security frameworks such as ISO 27001, SOC 2, NIST, GDPR, HIPAA, or PCI-DSS. Experience with IT governance, risk assessment, and regulatory compliance. Strong analytical, problem-solving, and communication skills. Certifications such as CISA, CEH, or Security+ are a plus. Preferred Skills: Familiarity with security tools such as SIEM, vulnerability scanners, patch management, and endpoint protection Experience in cloud security compliance (AWS, Azure, GCP). Understanding of Data Loss Prevention (DLP) and Identity & Access Management (IAM). Ability to work collaboratively with IT, Legal, and business teams.