864 Cisa Jobs - Page 22

IT SOX Compliance Analyst - Docusign1 Job Title: IT SOX Compliance Analyst (Second Shift) : We are seeking a motivated and detail-oriented IT SOX Compliance Analyst to support our Sarbanes-Oxley (SOX) compliance initiatives, with a focus on IT General Controls (ITGCs) and IT application controls. This role requires collaboration with internal audit teams and IT control owners to ensure effective control design, implementation, and remediation. The position is aligned to support global teams, requiring availability during the 2 PM to 11 PM IST shift. Key Responsibilities: Support the assessment, design, and implementation of IT General Controls (ITGCs) and IT application controls across key systems. Collaborate with internal audit and IT control owners to evaluate risks, discuss control deficiencies, and support audit-related activities. Assist in the preparation of documentation, including control deficiency memos and remediation plans. Oversee and facilitate end-to-end IT control walkthroughs to ensure proper documentation and understanding of control processes. Skills & Qualifications: Solid understanding of the Sarbanes-Oxley (SOX) Act, specifically ITGC and IT application control requirements. Experience in internal audit, IT risk management, and control testing. Strong communication and documentation skills, with the ability to work cross-functionally. Must be available to work during the 2 PM to 11 PM IST shift to support global operations.

About NCR Atleos Position Summary At NCR Atleos, our Internal Audit Department (IAD) purpose is to help enable competent and informed decisions to add value and improve operations, while contributing meaningfully to Board and organizational confidence. We are indispensable business partners, with a brand focused on insight, impact and excellence. We believe that everything we do is to enhance value, provide insights, and instill confidence. To do this, we must be relevant, connected, flexible, and courageous. NCR Atleos IAD is seeking a Senior IT Auditor to support our India Internal Audit (IA) team. In this position, you will play a crucial role in enhancing our companys internal control environment and risk management processes. You will be responsible for leading and executing IT audits across all technology layers, assessing IT risks, and providing expert recommendations to the management. This role demands a balance of technical proficiency, strategic thinking, and excellent communication skills. Key Areas of Responsibility: Audit Planning: Participate in risk assessments where needed and assist in developing and implementing a comprehensive IT audit plan that aligns with the organizations objectives and risk. Audit Execution: Execute IT audits, including identifying and assessing IT risks in business processes, security policies, and system implementations. Lead audits of IT infrastructure, applications, and data management systems to assess compliance with internal policies, external regulations and SOX. Recognize and adapt to changing circumstances. Identify IT risks and recommend mitigating controls. Analyze and evaluate IT operations and strategies to identify efficiency improvements and cost-saving opportunities. Assess compliance and maturity in line with relevant laws, regulations, standards (e.g., SOX, GDPR, ISO) and frameworks (e.g., COBIT, NIST, ITIL). Communication: Communicate timely any significant changes to budget or scope and any significant audit findings, risks, and recommendations to the Internal Audit Manager. Collaboration: Work closely with IT, InfoSec (IS) and other business units to understand IT infrastructure, applications, and operations. Mentor and guide junior IT auditors, enhancing their skills and ensuring quality audit practices. Reporting: Draft detailed Audit observations, highlighting issues, risks, and actionable recommendations. Assist the IA manager with presenting findings to responsible business management. Follow-up and Monitoring: Assist the IA Manager with monitoring open audit recommendations and follow-up to encouraging timely implementation and help avoid past-due management actions. Continuous Improvement: Stay abreast of emerging technologies, audit methodologies, and regulatory changes. Contribute to innovation and improvements to the IT audit process, controls and the overall Internal Audit Department. Qualifications: Bachelors or Masters degree in Information Technology, Computer Science, Accounting, or a related field Minimum of 3 years of experience in IT auditing, with a proven track record in leading audits and managing audit projects Understanding of IT audit methodologies, IT governance frameworks (e.g., COBIT, NIST, ITIL), and regulatory requirements (e.g., SOX, ISO, GDPR) Experience with AuditBoard and analytic tools e.g. Power BI and Tableau a plus Professional certifications such as Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) are strongly desired Strong analytical and problem-solving skills with an ability to analyze data and identify control weaknesses Excellent verbal and written communication skills, with the ability to articulate complex IT issues in business terms. Proficient in English Ability to travel and a team player with a commitment to personal and professional growth. Commitment to ethical conduct, integrity, and the promotion of a culture of accountability and continuous improvement Strong organization and management skills in a multi-tasking environment Positive individual who enjoys working in a fun and dynamic team environment EEO Statement NCR Atleos is an equal-opportunity employer. It is NCR Atleos policy to hire, train, promote, and pay associates based on their job-related qualifications, ability, and performance, without regard to race, color, creed, religion, national origin, citizenship status, sex, sexual orientation, gender identity/expression, pregnancy, marital status, age, mental or physical disability, genetic information, medical condition, military or veteran status, or any other factor protected by law. Statement to Third Party Agencies To ALL recruitment agenciesNCR Atleos only accepts resumes from agencies on the NCR Atleos preferred supplier list. Please do not forward resumes to our applicant tracking system, NCR Atleos employees, or any NCR Atleos facility. NCR Atleos is not responsible for any fees or charges associated with unsolicited resumes.

1. Information Security Management Assist CISO in implementation and management of entire ISMS life cycle Responsible for development, Periodic review, control and management of ISMS policies and procedure Monitor the adequacy of operational procedures, policies and process, create and monitor compliance Coordinate the Organizations ISO 27001:2013 recertification and SOC2 attestation process in terms of Planning, Coordination with Business owners and stakeholders and scheduling Audit meetings, Audit execution and Closure. Ensure compliance at an organizational level, achieved through identifying the applicable requirements which in the case of Quinnox are the ISO 27001 standard, Customer Contractual Security obligations and defined internal policies and procedures. Monitor performance of GDPR controls and respond to the quarterly compliance checklist. Ensure GDPR Data Processing Impact assessments are carried out periodically and gaps are addressed Plan and conduct the annual Management Review meeting. Demonstrate the performance of ISMS through the year and seek feedback / advice from the Leadership Council. Review and respond to risk assessment questionnaire by our clients Review MSA Security clauses of the existing clients and prospects Participate in POC of new security tools and implementation 2. Information Security Risk Management Carrying out Organization Wide Information Security Risk Management exercise on an Annual Basis to Quantify the Risks associated with the Information Assets and accordingly devise the Risk Mitigation strategies. Developing and Maintaining Risk Registers of all the Projects/Support Functions. Creating a Risk Summary report for the executive management. 3. Technical Vulnerability Management Monitor and review anti-virus and patch report across all endpoints and ensure that all endpoints are up-to-date with latest AV patches. Ensure SIEM and DLP alerts are monitored and corrective actions taken to address potential threats Ensure monthly scanning of infrastructure is carried out and vulnerabilities are remediated in time Defining the Scope of external VAPT and facilitating the VAPT vendor personnel with the requisite information. Facilitate the external VAPT exercise at org level, reviewing the VAPT findings for verifying the authenticity of the reported observations and ensure timely mitigation. 4. Audit Management: Act as point of contact for all external audits of ITIM to define scope and parties necessary to participate. Act as a repository of audit data to prevent duplication of audited processes Based on known annual audits, develop a schedule for audits which allows for distribution of audits throughout the course of the year Plan, schedule and execute internal ISMS audits twice a year Record the audit findings and track the closure of NC after following up with the concerned departments Summarize the audit findings and associated CAPA to include in steering committee meetings. Act as point contact during external audits and ensure smooth execution through careful planning ahead of time. 5. Change Management; Incident Management; ISMS Document Control: Ensure that all changes to critical infrastructure takes place through appropriate change control Reviewing change records for appropriateness and ensure that all they are filled in with the correct and relevant information by the responsible teams. Approve or reject changes in line with our change control policy Work and Incident Response Coordinator who, in consultation of IT head/CISO will be responsible for timely escalation and reporting of security incidents. Reviewing incident records for appropriateness and ensure that RCA and corrective actions are captured appropriately. Ensure all Incidents and security events are reviewed on an ongoing basis and appropriate corrective measures taken to remediate the issues. Maintaining, tracking and updating Change and Incident records (Record Management). Control of ISMS Documents and Records 6. Information Security Training & Awareness: Ensure dissemination of knowledge on our ISMS policies and procedures through awareness campaigns. Ensure the ISMS training compliance across all locations. Publishing security updates through newsletters on a periodic and ongoing basis. 7. Business Continuity: Perform business impact analysis, risk assessment, mitigation plans / recovery strategies and BCP testing for the company's critical business processes, operations and the technology that supports them. Ensure BCP tests, DR Drills conducted as per schedule Conduct BCP training to the crisis response team and project managers at least once a year Identify single point of failures through risk assessment and propose controls Competencies/Skills required: Must have managed Information Security in a medium / large size organization. Should be well versed with all aspects of Information security and risk management. Could have worked as an information security consultant in any of the consultancy service provider firms. Qualifications and Education Requirements: Minimum education Bachelor of Engineering Certifications such as CISSP, ISO 27001 (ISMS) Implementer / Lead Auditor, CISA, CISM will be an added advantage. Additional Notes: Ideal candidate for this position would be one who has completed an entire lifecycle of Information Security Management System in a medium or large organization. External Job Title

IT AUDIT

Eviden, part of the Atos Group, with an annual revenue of circa " 5 billion is a global leader in data-driven, trusted and sustainable digital transformation. As a next generation digital business with worldwide leading positions in digital, cloud, data, advanced computing and security, it brings deep expertise for all industries in more than 47 countries. By uniting unique high-end technologies across the full digital continuum with 47,000 world-class talents, Eviden expands the possibilities of data and technology, now and for generations to come. RoleGRC Consultant Location: Bangalore (JP Nagar), Navi Mumbai (Mahape) Experience: 3+ years Highest Qualification: Any Full Time Graduate Note: Hands on experience in ISO 27001 Implementation is mandatory for this role Experienced in managing cyber security services like Cyber Risk & Compliance consulting. Experience in setting up end to end Cyber Security frameworks, Compliance Standard implementation, including knowledge in testing (VAPT, Web & mobiles appsec, secure code review) Should be adept at conducting gap analysis, risk assessments, Impact assessments, governance and strategy development, Have worked with organizations to develop and implement various industry security standards like, IS0 27001, ISO 20000, PCI DSS, SOC2, GDPR, Privacy standards etc... Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Specific Duties and Responsibilities Include: To manage cyber security projects across EMEA region for cyber security services like Cyber security testing & cyber consulting Maintaining margins Business development like having presales discussions with various teams Assist in Business development of various security standards Must Have Skills: Excellent communication and presentation skills. Able to effectively interact with various clients/sales teams and manage clients Good to have Skills / CertificationISO27001:2013 Lead Auditor CISSP, CISA, CISM, ISO22301, OSCP, CEH, SANS, Cloud certifications, Privacy certifications like CIPP/E, CIPM Qualification: BE/ BTech, MCA, MBA with specialization in Information Security

We have a team of security compliance leaders overseeing solutions for this complex environment, collaborating with security architects and Cloud DevOps teams internally and around IBM. The security compliance leader’s role is to determine the secure operation of the all computer systems, servers, and network connections in accordance with our policies, procedures, and compliance requirements. A security compliance leader in our team will participate in some or all of the following: Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Job Title: Client Data Protection Opportunity Support (CDPOS) Specialist + Level 09/10 + CF Location: India Management Level: 09 Specialist/10 Senior Analyst Must have skill :Information Security process and procedures As part of the CDPOS Client Response team, the CDPOS RFP Specialist is primarily responsible for supporting Accenture business development teams to respond to a) client Information Security (IS) and Vendor questionnaires (which are commonly issued as part of Request for Proposal (RFP) process), b) reviewing client Information Security policies / standards, c) completing client Risk Management market surveys, and d) supporting IS and DP conversations with both Client and Accenture Account teams. The role sits within the pre-contract, business development space interfacing with multiple stakeholders common to the contract development process (Solution Architects, Legal, Contract Management and Security leads). The Specialist will act as an Information Security Subject Matter Expert who will support multiple Accenture business development teams (operating across multiple countries) to respond to client information security and data privacy requests related to Accenture IS policies / standards / processes and recognized security frameworks. Key Responsibilities: Respond to client security questionnaires and management market surveys Liaise with account business development team, IT and technical teams to understand specific client security requirements set out in security questionnaire / market survey and determine appropriate responses that meet both client technical requirements and Accenture Information Security standards. Agree a project schedule to respond to requirements and communicate progress with key stakeholders. Perform quality checks on final information security submission Participate in client meetings focused on Information Security controls (if required) Establish and maintain effective working relationships across multiple stakeholders who interact with the Accenture business development process - account management, business development, technical / solution leads, Information Security, Legal and Finance representatives Contribute to the creation of high-quality and reusable IS solutions by updating the CDPOS RFP database with new information security related proposal data (new product release documents / new responses created / changes to Accenture IS Standards & Policies and other Accenture wide developments) Continually build own knowledge on the features of Accenture products, IS practice, services and commonly used IT concepts to respond to client and account questions that are technical in nature Skills and Experience: Possess an understanding and awareness of typical information security framework and common information security standards Demonstrate working knowledge of the Accenture business development process (with practical experience working with stakeholders in the process being an advantage) Be comfortable challenging account executives who are most commonly above peer group - influencing executive decisions and addressing conflicts and challenges Developed an appreciation of Information security best practices, auditing, and overall risk management Possess strong organizational skills with the ability to handle multiple work activities under tight, short-term deadlines (whilst meeting account and qualitative expectations) Demonstrate effective prioritization and time management capability Achieved work experience assessing and implementing information security and data protection controls Strong relationship development skills with an ability to influence and interact with organizational leadership and account executive across multiple countries Preferably hold at least one recognized security certification such as ISO 27001 LA, CISSP, CISA, CISM or CRISC Demonstrate good verbal and written communication skills Possess a good knowledge of MS Office applications (Excel, Word, Power Point) About Our Company | AccentureQualification Good to have skill: Overview on ITIL Experience: Minimum of 1yr

This is a remote position, so you ll be working remotely from your home. You may occasionally visit a GoDaddy office to meet with your team for events or meetings. Join Our Team Do you want to be an Information Security Leader at GoDaddyWe help solve large scale and cross-company issues, while ensuring that partnership with the development and operational communities remains front of mind. GoDaddy is looking for a Principal Security Engineer with security risk management experience, technical depth, strong leadership abilities, and experience with building and performing information security audits and gap assessments. You must be comfortable communicating with internal teams and external auditors, designing and leading security campaigns, prioritising resolution of audit findings while applying a risk-based approach. As a team, we will help identify any gaps in security control implementation, design solutions to manage security risks at scale and provide the information needed to make risk-based decisions and planning. What youll get to do... Build and manage a Security Controls framework that encompasses the regulatory and industry compliance frameworks we comply with. Perform detailed analysis and review of information security controls, as well as targeted gap assessments to identify any deviations from the framework. Propose and manage enterprise-wide security campaigns for managing deviations to reduce risk. Partner with other InfoSec and Engineering teams to define and prioritise security initiatives and investments using a risk-based approach. Align risk management initiatives with applicable compliance regulations. Your experience should include... 10+ years of experience in Information Security or related fields such as Software Development, System Administration, QA Engineer, IT Audit, etc. Minimum of 6+ years of progressive experience managing programs related to information security and information security audits. Experience with building unified security controls frameworks. Experience with managing audits utilizing compliance frameworks such as PCI DSS, NIST CSF, NIST 800-53, ISO, SOC-2 etc. Experience with Security Engineering concepts such as Threat modeling, architecture reviews, etc. You might also have... Certifications such as PCI QSA/ ISA, CISA, CRISC, ISO Lead Assessor, CISSP, etc. Prior experience with system administration, scripting, and/or automation techniques. Weve got your back... We offer a range of total rewards that may include paid time off, retirement savings (e.g., 401k, pension schemes), bonus/incentive eligibility, equity grants, participation in our employee stock purchase plan, competitive health benefits, and other family-friendly benefits including parental leave. GoDaddy s benefits vary based on individual role and location and can be reviewed in more detail during the interview process. We also embrace our diverse culture and offer a range of Employee Resource Groups ( Culture ). Have a side hustleNo problem. We love entrepreneurs! Most importantly, come as you are and make your own way.

Job Title - IT Audit Senior Analyst Management Level: ML10 Location: Bangalore Must have skills: IT Audit experience, Understanding of Security Standards like ISO27001, PCI DSS, HIPAA, NIST 800-53 Good to have skills: Possession of a one or more of these professional certifications (ISO27001 Lead Auditor, CISA, CISSP, CIA, CCSK, AWS Cloud Practitioner, Azure Fundamentals) is preferred. Job Summary : Roles & Responsibilities: Participate in execution of the risk-based audit plan, reporting results to Accenture Leadership and the Audit Committee of the Board of Directors Conduct a wide-ranging scope of audits with an emphasis on assessing emerging areas of risk including cyber security, artificial intelligence, cloud computing, robotic process automation, and the Internet of Things. Through advisory services, work with our business partners to help them proactively identify and manage risk in new technologies, new go-to-market offerings, and critical corporate initiatives. Shape the future of the Accenture Internal Audit through involvement in departmental initiatives that enable us to become more efficient and effective in everything we do. Ensure your technical skill set and business acumen stay current and relevant through participation in our robust training program. Professional & Technical Skills: Experience conducting IT external and internal audits or assessments, preferably for a global organization. Strong IT knowledge in infrastructure technologies (networking, data centers and hosting, virtualization, cloud etc.), application development and support, and emerging technologies. Experience leveraging predictive models and custom analytics in audit planning and execution is preferred. Technical knowledge and familiarity with control requirements in areas including ERP applications, Windows and Unix operating systems, cyber security, and vendor management. Strong verbal and written communication skills and proficiency with the English language. Demonstrated analytical thinking, teamwork, and collaboration skills. Possession of a relevant professional certification (CISA, CISSP, CIA, CPA, CCSK) is preferred. Ability to adopt flexible work hours to collaborate with global teams and travel (up to 20%). Additional Information: We Are: Accenture is helping transform leading organizations and communities around the world. Choose Accenture and make delivering innovative work part of your extraordinary career. Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. Accenture is consistently recognized onFORTUNEs 100 Best Companies to Work Forand DiversityIncs Top 50 Companies for Diversitylists. The Internal Audit Department provides the Audit Committee of the Board of Directors with an independent and objective assessment of the reliability and integrity of financial and select operating information, the effectiveness and efficiency of Accenture plc and its consolidated subsidiaries (the Company) systems and internal controls, and compliance with the Companys policies and procedures. Internal Audit Services also provides advisory services designed to add value and improve the Companys operations through bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, controls, operations, and governance processes. You Are: An agile, highly-motivated, innovative thinker with a background in audit, risk, or compliance looking to join a fast-paced, global internal audit organization that has embraced transformative capabilities including advanced analytics, dynamic risk assessment processes, and automation to retain its role as a trusted advisor to the business. Why Should I Join the Accenture Team You are looking for an internal audit role that provides you with exposure to senior levels of leadership, enables you to work with emerging technologies, provides opportunities for international travel and flexible work arrangements (work from home), requires little to no SOX testing, and offers a competitive salary and benefits package. About Our Company | AccentureQualification Experience: Minimum 2 years experience in IT auditing, testing IT General controls and information security controls, or related technical role focusing on security compliance activities Strong IT knowledge in infrastructure technologies (networking, data centers and hosting, virtualization, cloud etc.), application development and support, and emerging technologies. Educational Qualification: Undergraduate degree in Computer Science, Information Systems, Accounting, Business Administration, or Finance. MBA, Masters in Engineering.

Skill required: Control Testing - Agile testing Designation: Regulatory Compliance Associate Qualifications: Any Graduation Years of Experience: 1 to 3 years About Accenture Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. Visit us at www.accenture.com What would you do Help clients transform their compliance function from reactive to proactive through an intelligent compliance operating model powered by data, intelligent technologies and talentLooking for someone with SOX testing experience.Conduct testing tasks within Agile models and integration processes and manage development sprints. Automated/IT control testing skill is required What are we looking for Commitment to qualityWritten and verbal communicationRisk managementAbility to work well in a teamAbility to meet deadlinesAutomated / IT control testing experience is must Roles and Responsibilities: In this role you are required to solve routine problems, largely through precedent and referral to general guidelines Your expected interactions are within your own team and direct supervisor You will be provided detailed to moderate level of instruction on daily work tasks and detailed instruction on new assignments The decisions that you make would impact your own work You will be an individual contributor as a part of a team, with a predetermined, focused scope of work Please note that this role may require you to work in rotational shifts Qualification Any Graduation

Syensqo is all about chemistry. We re not just referring to chemical reactions here, but also to the magic that occurs when the brightest minds get to work together. This is where our true strength lies. In you. In your future colleagues and in all your differences. And of course, in your ideas to improve lives while preserving our planet s beauty for the generations to come. Job Summary: The Policy and Compliance Officer will be responsible for developing, implementing, and maintaining policies and procedures to ensure compliance with regulatory requirements and internal standards within the Unified Endpoint Management (UEM) team. This role will involve close collaboration with the Chief Information Security Officer (CISO) office and cybersecurity teams to ensure that all endpoint devices are managed and protected in accordance with security and compliance standards. Key Responsibilities: Policy Development and Implementation: Develop, review, and update policies and procedures related to endpoint management. Ensure policies are aligned with regulatory requirements, industry standards, and security best practices. Communicate and enforce policies across the organization. Compliance Monitoring and Reporting: Monitor compliance with established policies and procedures. Conduct regular audits and assessments to identify areas of non-compliance. Prepare and present compliance reports to the Unified Endpoint Manager, CISO office, and other stakeholders. Risk Management: Identify potential compliance and security risks and develop mitigation strategies. Collaborate with the IT security team and CISO office to ensure endpoint security measures are in place and effective. Stay updated on emerging threats, regulatory changes, and security trends that may impact endpoint management. Training and Awareness: Develop and deliver training programs to educate employees on compliance requirements, security best practices, and endpoint protection. Promote a culture of compliance and security awareness within the organization. Incident Management: Assist in the investigation and resolution of compliance and security-related incidents. Document incidents and corrective actions taken to prevent recurrence. Collaboration and Support: Work closely with IT, legal, CISO office, and cybersecurity teams to ensure a cohesive approach to compliance and security. Provide guidance and support to team members on compliance and security-related matters. Qualifications: Bachelor s degree in Information Technology, Cybersecurity, Business Administration, or a related field. Minimum of 3-5 years of experience in a compliance or policy development role, preferably within IT, cybersecurity, or endpoint management. Strong understanding of regulatory requirements, industry standards, and security best practices related to endpoint management. Excellent analytical, problem-solving, and communication skills. Ability to work independently and as part of a team. Relevant certifications (e.g., CISA, CISM, CISSP) are a plus. About us Syensqo is a science company developing groundbreaking solutions that enhance the way we live, work, travel and play. Inspired by the scientific councils which Ernest Solvay initiated in 1911, we bring great minds together to push the limits of science and innovation for the benefit of our customers, with a diverse, global team of more than 13,000 associates. Our solutions contribute to safer, cleaner, and more sustainable products found in homes, food and consumer goods, planes, cars, batteries, smart devices and health care applications. Our innovation power enables us to deliver on the ambition of a circular economy and explore breakthrough technologies that advance humanity. At Syensqo, we seek to promote unity and not uniformity. We value the diversity that individuals bring and we invite you to consider a future with us, regardless of background, age, gender, national origin, ethnicity, religion, sexual orientation, ability or identity. We encourage individuals who may require any assistance or accommodations to let us know to ensure a seamless application experience. We are here to support you throughout the application journey and want to ensure all candidates are treated equally. If you are unsure whether you meet all the criteria or qualifications listed in the job description, we still encourage you to apply. Job ID 32365 Regular Pune, India View in Google Maps Apply to this job

IT Governance Risk & Compliance Senior Analyst Job Locations IN-KA-Bengaluru Requisition ID Category (Portal Searching) Information Technology Position Type (Portal Searching) Experienced Professional Overview Connecting clients to markets and talent to opportunity With 4,300 employees and over 400,000 retail and institutional clients from more than 80 offices spread across five continents, we re a Fortune-100, Nasdaq-listed provider, connecting clients to the global markets focusing on innovation, human connection, and providing world-class products and services to all types of investors. At StoneX, we offer you the opportunity to be part of an institutional-grade financial services network that connects companies, organizations, and investors to the global markets ecosystem. As a team member, youll benefit from our unique blend of digital platforms, comprehensive clearing and execution services, personalized high-touch support, and deep industry expertise. Elevate your career with us and make a significant impact in the world of global finance. StoneX, a Nasdaq-listed provider, connecting clients to the global markets focusing on innovation, human connection, and providing world-class products and services to all types of investors. Whether you want to forge a career connecting our retail clients to potential trading opportunities, or ingrain yourself in the world of institutional investing, The StoneX Group is made up of four segments that offer endless potential for progression and growth. Responsibilities Working within the IT organization and reporting to the Associate Director of Governance, Risk Compliance ( GRC ), the Governance, Risk & Compliance Analyst is responsible to help support the day to day assurance operations related to policy compliance, process and organizational policies and security requirements governance, as well as risk management functions. You will assist with the collection of data from multiple systems to allow for proper reporting of the Information Security program effectiveness . The Governance Risk & Compliance Analyst will create impact in the following ways: You will engage business personnel to ensure all requisite data and information is complete, accurate, and consistently delivered. You will use your experience and knowledge of security in working with a team to deliver on Governance, Risk and Compliance goals related to developing the complete perspective for operational and management visibility of overall compliance to the Information Security program, policies, and practices Reporting to the Manager of Governance, Risk Compliance (GRC), the Governance, Risk & Compliance Senior Analyst supports daily assurance operations related to policy compliance, governance, and risk management. You will gather data from multiple systems to report on the Information Security programs effectiveness. Major Responsibilities: Coordinate the development of best practice policies and standards based on various governance frameworks Ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements. Design and implement an effective exception process to facilitate and manage requests for non-compliance with policies and standards. Develop and lead information security awareness and training initiatives, including phishing exercises. Develop and implement relevant cyber and IT risk metrics and reporting to management and risk committees. Develop and manage an information security risk register to address risk issues and action plans from all sources, e.g., IT audit, technology risk assessments, vulnerability scans, penetration testing, etc. Implement GRC software platform for policy administration, compliance and risk management. Coordinate information security internal audit, external audit, regulatory and SOX reviews to help represent the company from an information security and technology risk perspective. Coordinate responses to RFI\RFPs and client security related questionnaires. Establish a compliance management framework to manage all third line of defense reviews and results. Maintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance. Coordinate with legal, compliance functions to ensure proper implementation of data privacy legislation and disclosure Identify, analyze, respond to and monitor IT risk. Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives. Conduct third part vendor risk assessments, make recommendations and perform periodic reviews. Manage tracking of identified findings and actions to closure and reporting to leadership. Develop and maintain a Cyber and IT Control Framework. Develop a Cyber and IT controls catalog to align with the organizations risk appetite and tolerance levels to support business objectives. Ensure all controls are assigned control owners to establish accountability. Design and implement Cyber and IT controls assessment and assurance process to ensure controls function effectively and efficiently. Qualifications The right candidate will do this by bringing their education and professional experience in the following spaces: Bachelor s degree. Master s degree a plus. Minimum over 5 years of relevant experience, preferably in financial services. Strong background in information technology with a clear understanding of the challenges of information security. Demonstrated understanding of secure, complex information systems environment in a global financial service sell side environment. Relevant experience in the GRC space. Good understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc. Direct experience with regulatory compliance reviews and examinations. Current Information Security Certification (e.g. CISSP, CISM, CISA, or related security certification) preferred. Project and program management skills. Strong written and verbal communication and presentation skills, and ability to work with all levels of the organization. Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management. Excellent leadership and teamwork skills. Ability to influence others. Team player with the ability to work independently. Resourceful, energetic, self-starter, flexible, goal-oriented Strong personal integrity Preferred candidates will possess current Information Security Certifications (e.g., CISSP, CISM, CISA, or related). Options Apply for this job online Apply Share Email this job to a friend Refer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed

Job Title Internal Controls Lead Division WBS Location India Onsite Purpose of Role: Weir Company is seeking an experienced and dedicated Internal Controls Lead to join our Weir Global Business Services team in Bangalore. The successful candidate will be responsible for overseeing and enhancing the internal control environment, ensuring compliance with regulatory requirements, and supporting the companys strategic objectives across processes like OTC, PTP and RTR Why choose Weir: Be part of a global organization dedicated to building a better future: At Weir, the growing world depends on us. It depends on us constantly reinventing, quickly adapting and continually finding better, faster, more sustainable ways to access the resources it needs to thrive. And it depends on each of us doing the best work of our lives. It s a big challenge - but it is exciting. An opportunity to g row your own way: Everything moves fast in the dynamic world of Weir. This creates opportunities for us to take on new challenges, explore new areas, learn, progress and excel. Best of all, there is no set path that our people must take. Instead, everyone is given the support and freedom to tailor-make their own career and do the best work of their lives. Feel empowered to be yourself and belong : Weir is a welcoming, inclusive place, where each individual s contribution is recognized and all employees are encouraged to innovate, collaborate and be themselves. We continually focus on people and their wellbeing. We believe in fairness and choose to be honest, transparent and authentic in everything we do. Key Responsibilities: Make sure WBS internal controls team is working under policies and procedures defined by CoE Governance Risk & Controls to ensure compliance with regulatory requirements and company standards. Conduct regular risk assessments and identify areas for improvement in internal controls within WBS processes. Collaborate with various departments and cross towers to ensure the effective implementation of internal controls and provide guidance on control-related issues. Monitor and evaluate the effectiveness of internal controls and recommend enhancements as needed. Prepare and present reports on the status of WBS internal controls so this could be reported to audit committee and senior leadership. Lead and manage internal control projects, including the coordination of internal and external audits. Provide training and support to employees on internal control policies and procedures. Job Knowledge/Education and Qualifications: Bachelors degree in Accounting, Finance, Business Administration, or a related field. Professional certification such as CPA, CIA, or CISA is preferred. Minimum of 5 years of experience in internal controls, audit, or a related field. Strong knowledge of internal control frameworks, such as COSO or COBIT. Excellent analytical, problem-solving, and communication skills. Ability to work independently and manage multiple projects simultaneously. Proficiency in Microsoft Office Suite and familiarity with ERP systems. Preferred Skills: Experience in a global business services environment. Knowledge of industry-specific regulations and compliance requirements. Strong leadership and team management skills. For additional information about what it is like to work at Weir, please visit our Career Page and LinkedIn Life Page . Compensation: (Where compensation on the job posting is required) #esco or #minerals (division) #LI-remote (working option) #LI-AB1 (Recruiter personal #)

We are seeking a skilled Data Security Consultant with expertise in Data Loss Prevention (DLP) as the primary focus. The ideal candidate will also have experience with technologies such as Hardware Security Modules (HSM), Information Rights Management (IRM), Data Classification, and Public Key Infrastructure (PKI). Key Responsibilities: Develop and implement DLP strategies to protect sensitive data across various platforms. Administration of Data Security assets (Plan-Do-Check-Act cycle). Monitor and maintain existing jobs/tasks related to security solutions, including sync, backup, password management, and reporting. Oversee daily, weekly, monthly, and ad-hoc preconfigured notifications, reports, and dashboards. Perform health checks as scheduled; fine-tune and recommend fixes for any issues discovered during checks. Conduct periodic configuration reviews to ensure optimal performance and security. Undertake critical security patch management to keep Data Security Solutions up to date and secure. Onboard new assets, accounts, and user policies into the Data Security Solutions. Collaborate with OEM vendors for issue resolution and follow-up as needed. Assist Level 3 (L3) team members with their roles and responsibilities. Stay updated on industry trends and emerging threats related to data security. Qualifications: Bachelors degree in Computer Science, Information Technology, or a related field. Minimum of 5 years of experience in Data security technologies. Proven experience in DLP technologies and strategies. Strong understanding of HSM, IRM, Data Classification, and PKI. Excellent analytical and problem-solving skills. Relevant certifications (e.g., CISSP, CISM, CISA, product certifications) are a plus.

Job Title - Information Security Management System (ISMS) domains + 9/10 + CF Management Level: 09 or 10 Location: Bangalore Must have skills: Information Security Management System (ISMS) domains Good to have skills: Software/Application Development, Cloud /infrastructure concepts Must have skills: Excellent English communication skills both in speaking and writing Knowledge of Information Security concepts and Information Security Management System (ISMS) domains Information security risk analysis Able to confidently present and assert findings with global counterparts Able to handle and balance time when working on multiple tasks Good attention to details Experienced in auditing/assessment Willing to continuously learn Microsoft Office (Excel, Word, Outlook, MS Teams) Good to have skills: Basic knowledge or familiarity with Software/Application Development, Cloud /infrastructure concepts Knowledge on various data privacy regulations such as GDPR, PCI and HIPAA Job Summary : A Client Data Protection (CDP) assessment is a review of a client accounts CDP plan and implemented controls to ensure that the clients sensitive business and personnel data is safeguarded. The assessment is intended to address data protection issues related to applications, systems, and business processes. The CDP Assessor will: Gather relevant information via interviews, meetings with account teams, review of supporting artifacts, about the client account and their processes Identify by conducting Risk Analysis all areas or processes that are vulnerable and where client sensitive data may be compromised Identify, rate and document risks found in the assessment Recommend security measures to remediate assessment findings Follow-up with the account team to review progress for closing findings Learn and apply new data privacy regulations, risk on emerging technologies etc. Roles & Responsibilities: The CDP Assessor will: Gather relevant information via interviews, meetings with account teams, review of supporting artifacts, about the client account and their processes Identify by conducting Risk Analysis all areas or processes that are vulnerable and where client sensitive data may be compromised Identify, rate and document risks found in the assessment Recommend security measures to remediate assessment findings Follow-up with the account team to review progress for closing findings Learn and apply new data privacy regulations, risk on emerging technologies etc. Complete and submit timely required assessment deliverables Professional & Technical Skills: Holder of any of the following Certifications is preferred but not required: Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) Information Security Management System (ISMS) 27001 Lead Auditor Additional Information: Work involves virtually meeting with teams from various Accenture locations around the world so there is a need from time to time to find an overlapping time with those teams that may be outside of the home location time-zone. About Our Company | AccentureQualification Experience: Minimum 2 year(s) of experience on Information Security-related work is required Educational Qualification: Bachelors degree in any Information Technology or Information Security course

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Lead, you will lead the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Work with asset owners to ensure the timely and efficient collection of computer security events and logs for the purpose of detecting and responding to information security incidents. Roles & Responsibilities:- Lead the implementation and delivery of Security Services projects- Leverage global delivery capability for successful project execution- Ensure adherence to project timelines and quality standards Professional & Technical Skills- Proficiency in any Security Information and Event Management (SIEM)- Experience with Security Risk Assessment, Google SecOps- Strong understanding of security principles and practices- Experience in implementing security solutions- Knowledge of threat detection and incident response- Ability to analyze and interpret security data- Engage with multiple teams and contribute on key decisions- Expected to be an SME- Collaborate and manage the team to perform- Responsible for team decisions- Provide solutions to problems for their immediate team and across multiple teams- Verify custom reports, manage log source groups, and validate log sources with client- Maintain a close partnership with SIEM on feature requests, upgrade planning, and product roadmap alignment- Focus on content creation regarding advanced threat analysis (rules, variables, trending, watch lists, etc.) of incoming data and for self-monitoring of the solution itself.- Perform supporting tasks such as system hardening, high availability configurations, and developing backup strategies.- Identify and implement Automation opportunities in project- Troubleshoot issues with log sources or systems with vendor, and report system defects as needed- Coordinate & lead the technical discussions with Client/vendors.- Identify root cause of security incidents.- Implement SOC best practices to deliver business outcomes Professional & Technical Skills: -Experience in Information Security, Risk Management, Infrastructure Security and Compliance- Experience on SOC Operation-Experience in working UBA and Advanced Threat Detection- Any Security device Installations, Configuration, and troubleshooting (e.g., firewall, IDS, etc.)- Hands on experience in any SIEM tool- Mid-level expertise in UNIX, Linux, and Windows- Experience working in a diversified, virtual environment.-Scripting experience in any language- Experience in data manipulation and regular expressions- Experience with Database installation & configuration- Certifications such as CISSP, ITIL, CISA, CISM, GIAC-GCIA, AWS/Azure/Cloud based Certifications- Advanced Certification from any SIEM vendor on products such as ArcSight, QRadar, McAfee Nitro, RSA SA, SPLUNK, Google SecOps etc. Additional Information:- The candidate should have a minimum of 7.5 years of experience in Security Information and Event Management (SIEM)- This position is based at our Bengaluru office- A 15 years full time education is required Qualification 15 years full time education

Skills Required : Team Coordination, Leadership, sox, Itgc, IT Audit, IT Governance, Information Technology Education/Qualification : B.Tech, MBA, CA Desirable Skills : IT Risk Management, Cobit, Cisa, Cism, Cissp, team leading, Risk Compliance, Information Security, IT Risk

Hi , As per response to your profile which is uploaded in Job portals. We have an excellent job openings for Application Security-Techno Manager -Mumbai Location in IT MNC If your already received email or not looking for job change/ irrelevant - please ignore it. Note: Apply for only Relevant & interested candidates.(Apply for only Immediate to 30 days joiners) Job Description: Please find the Key skills for AppSec Lead - 10-18 years of experience in Application Security, Network Security, and IT Risk & Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. skill: Vulnerability Assessment,Manual Penetration Testing using OWASP checklists,Penetration Testing,OWASP Top 10,OWASP ZAP,Ethical Hacking,Static/dynamic testing of mobile applications,Vulnerability Mitigation, any Certificates like CISSP, CISA, CISM, CRISC. Educational criteria: B.Sc (IT/CS/Security) / B.Tech/BE in Computer Science,BCA/MCA/MS/MSC/M TECH,ME Those who have relevant experience and Skills, as mentioned above please revert back soon. It"s a kind request, Please provide the below mentioned details in Ur CV/mail before u send it to us. Total Exp: Relevant Exp:- Current Company: Current CTC: Expected CTC: Current Location: Preferred location: Mumbai Only Notice Period: Apply only for Immediate to 30 days NP. DOB: Degree: Many Thanks Regards Sreenivas Sreenivasa.k@happiestminds.com

The Global Information Security (GIS) Technology Risk Management Analyst will work with peers in Global Information Security (GIS) and across the Technology Division to ensure that third party technology risks are properly identified, assessed, monitored, and communicated in support of the overall Third Party Risk Management (TPRM) program. The Analyst will assist with the continuous improvement and daily operation of the GIS Third Party Risk Management (GIS TPRM) program. Responsibilities Include: Work with peers to identify and assess Information Security risks Conduct risk assessments using CME Groups established GIS Third Party Risk Management assessment process Collaboratively author and edit various assessment related documents including Deficiencies Observed, Summary of Work, Risk Advisory Memos, exceptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities Participate in and contribute to various working groups across the Technology Division, including, but not limited to, Third Party Risk Management working group, Governance, Risk Management, and Compliance (GRC) working group, etc. Assist the GIS TPRM function with: Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage third party technology risks Providing advisory and consulting services to the Information Technology Management Team related to InfoSec risks, treatment strategies, and decision-making Assist in the preparation of management reports, presentations, metrics, and other documentation required to support governance functions Assist in compiling and delivering business and operational metrics at regular intervals Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support Problem Solving: Objectively assess the impact, likelihood, and velocity of identified risks Objectively advise on any number of controls that will mitigate risk while not imposing undue burden on those who must implement the controls Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers Rapidly analyze complex technical details Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the company Decision Making: Recommend risk treatment decisions Recommend remediation actions when risk mitigation is desired Recommend improvements to methods, instrumentation, training, documentation, and processes Recommend solutions for automating and streamlining GIS TPRM risk management practices Working Relationships: Interacts with peers across all elements of the Technology Division Communicate regularly with cross-functional peers outside of the Technology Division, including Legal, Information Governance, Global Operations, Global Assurance (Internal Audit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership Interact occasionally with industry peers from other Systemically Important Financial MarketUtilities (SIFMUs),research organizations, solution providers, etc. Required Experience: Bachelors Degree or equivalent experience Minimum of 4 to 6 years of relevant experience in publicly traded companies or finance/technology industry operations with third party risk management experience a plus Experience in at least two of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit Experience working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, COBIT, etc.) Demonstrable knowledge of a broad range of InfoSec technologies and practices Demonstrable, impeccable writing skills for technical, management, and executive audiences Additional preferred experience: Demonstrable knowledge of InfoSec risk management methods and practices Experience with operating GRC solutions Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.) CME Group: Where Futures are Made CME Group is the worlds leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And were looking for more.

Your Impact Youll be responsible for engaging with senior customer representatives including CISO and other C-suite stakeholders to engage on topics around CyberSecurity, adjacent technical areas, and application of technology and programs in the business. Provides trusted support, advice and guidance on the latest trends and developments in CyberSecurity and how these can be used to provide lasting business value and impact for our customers. Applying your wide and deep experience in solving these challenges elsewhere youll help our customers with their journey, articulating Ciscos unique value proposition and architecture for CyberSecurity and how Cisco can help our customers succeed with their CyberSecurity goals. By establishing yourself as a trusted advisor and building lasting relationships, youll help bridge the communications gap between customer needs and what Cisco can offer. Identifies opportunities for Cisco to provide additional products and services that are aligned to achieving the customers CyberSecurity goals. Results and Outcomes Youll proactively strengthen and expand Ciscos presence and technology leadership in the CyberSecurity domain through externally visible activities such as blog posts, social media posts, papers, external speaking engagements and serving on external forums and boards. Youll continually acquire the knowledge and expertise necessary to pioneer new thinking and approaches. Youll contribute new materials and innovative articles rather than solely parroting existing materials or campaigns. Youll have a strongly accretive impact on Ciscos CyberSecurity business as evidenced by pipeline generation and supporting sales of products. Youll actively contribute to talent development, ensuring the principals of improving inclusion and diversity are honoured and promoted. Minimum Qualifications: * Bachelor or Masters degree in a relevant area, an MBA is preferred * CertificationsCISSP, CRISC, CISA and CISMand advantage. * Telco expertise and hands on implementation * 15+ years relevant experience with at least five (5 )years as: a CISO, Head of Risk or equivalent in a major organization; Partner or Associate, Principal, or Managing Director in a big 4+1 company or other leading consulting organization; or a combination thereof. * Proven experience and recognized as a thought leader in CyberSecurity in one or more industry verticals such as Financial Services; Service Provider; Manufacturing, Mining, Transportation, Oil and Gas, or Utilities; or Technology. * A proven record of business leadership in a technical domain and experience in transformational or strategic programs, with evidence of where past contributions have a significant impact on business. * Proven track record of C-suite engagement with an extensive personal contact base. * Published author, conference speaker and social media presence. Preferred Skills * Proven experience and recognized as a thought leader in CyberSecurity in Service Provider is highly desired * Proven experience in delivering security solutions, knowing cisco security solution is a plus.

. Our most valuable asset is our people . At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the As a Risk management specialist at ZS Associates, youll be responsible for identifying, and mitigating compliance and operational risks in line with the firms standards. Youll also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry best practices. By partnering with various stakeholders, including Product Owners and Business function Managers, you will contribute to the reporting of a comprehensive view of technology risk posture and its impact on the business. Youll have advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape. What youll do: Develop the culture of risk management across the organisation, and ensure effective identification, quantification, communication, and management of risks focusing on root cause analysis and resolution recommendations across domains Cyber, HR, Legal, Finance, etc. Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance. Provide SME support to functional managers or Internal stakeholders in understanding and applying responsibilities towards risk and compliance providing recommendations as appropriate. Support the CIO and CISO, and work with internal stakeholders to: Participate in consultation and conduct gap analysis against new requirements Coordinate and facilitate IT / cyber security audits. Support Risk Owners and Tech teams in documenting control procedures, guidelines, etc. Ensure risk and control activities are completed in a timely and appropriate manner applying the correct governance route Report and publish Risks to senior leadership inclusive of providing content for Senior Leadership risk and control review forums/Committees. Ensure all governance attestations and sign-off from Senior leadership are completed including the conduct risk measures. Co-ordinate and track the tickets / findings in areas like IT Operational Risks and Information Security Risks, Control Self assessments , Internal/External Audit findings with appropriate CAPA, BCP / Disaster recovery , Problem tickets with root cause analysis. Audit event co-ordination, Audit liaison and issue closure oversight (SOC 2 Type 2, ISO 27001, etc.) Lead pre-audit preparation activities with stakeholders (SOC 2 Type 2, ISO 27001, etc.) Provide first line of defense support in assessing risk and reviewing control issues Documentation of control procedures, standards and guidelines, etc. What youll bring: Bachelor s degree in IT or relevant field with a strong academic background A minimum of 7-10 Years of experience in Risk management and internal controls governance Strong communication & strategic influencing skills. Relevant experience working with senior leaders, building internal networks, and delivering high impact programs in complex -matrixed environments. Formal training or certification in Information Security, and/or 5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation. Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies. Proficient in MS Office productivity suite (e.g., Word, Excel, PowerPoint, SharePoint). Advanced Excel skills strongly preferred CISM/CRISC/CISA/CISSP/CIA/MBA or relevant Risk Management / Audit certification Basic working knowledge of following (Majority of the points, if not all): -COBIT Control Objectives for Information and Related Technology -ISO/IEC 27001:2013 Code of Practice for Information Security Management -NIST SP 800-53 -NIST CSF -SOC1/SOC2/SOC3 -HIPAA/HITECH Security and Privacy Audit Protocol -Shared Assessments Standard Information Gathering (SIG) framework -US SOX Sarbanes Oxley Act -US HIPAA/HITECH Act -EU GDPR General Data Protection Regulation -US EU Privacy Shield -India Companies Act Additional Skills: Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives. Program level management up to and including Executive presentation and reporting. Knowledge and Experience of Technology Infrastructure. Understanding of Infrastructure Security Stakeholder management Willingness to adapt to evolving industry standards and technologies Ability to manage a wide variety of tasks and meet deadlines, and reliability/dependability Proven ability to work creatively and analytically in a problem-solving environment Perks & Benefits: . Travel: . Considering applying? . To Complete Your Application:

SUMMARY: This position is reporting to the Director or Sr Manager/Manager, IT Internal Audit and part of a strong, dynamic global internal audit function. This Senior position will be a member of the Internal Audit IT team focusing on global projects based in our offices. ESSENTIAL DUTIES AND RESPONSIBILITIES: Reporting to the Director or Sr Manager/Manager, IT Internal Audit, the Senior will assist leading and executing projects for the IT Audit & Data Analytics pillars, assisting in Internal Audit function improvement projects, and collaborating with the other internal audit pillars - Finance & Operations audit, Internal Controls, Channel audit, and Audit Operations. Execution of projects in the IT audit pillar including: Assisting in performance of annual risk assessment of the business, development of an overall audit plan, and periodic refreshes of the risk assessment and the audit plan Executing projects on the internal audit plan including IT, operational, compliance, site, and cross functional audits across the global business Assisting in executing project risk assessments, planning, and scoping decisions on individual audit and advisory projects Executing controls documentation, testing, and fieldwork for audit and advisory projects Assisting in drafting audit and advisory observations and reports Assisting in coordinating, planning, reviewing, and executing on Management s assessment of Internal Controls over Financial Reporting (SOX) Developing, cultivating, and growing relationships with key stakeholders across various business functional and operational areas Developing relationships with the external auditor Taking ownership of career and skill development, including coaching and mentoring opportunities and attending training Identifying opportunities and helping the maturation of the data analytics function, including working to audit robotic process automations, application controls, and other IT dependent controls in close coordination with the finance & operations audit and Data Analytics pillar teams Qualifications Required and preferred knowledge and job skills: Work experience: 3+ years of relevant work experience required. Strong preference for experience with public account

Job Summary: The Cyber Security Team Lead will support the Head of Information Security in the development, implementation, and management of the organisation s information security strategy. This role involves overseeing daily operations, ensuring the security of information assets, managing security incidents, and fostering a security-conscious culture within the organisation. Key Responsibilities: Strategic Support: Assist in the development and execution of the organisations information security strategy and policies. Provide strategic guidance and leadership in all areas of information security. Operational Management: Oversee day-to-day security operations, including monitoring, threat management, and incident response. Ensure effective 24/7 monitoring and incident handling. Risk Management: Identify and assess security risks, and develop mitigation strategies. Conduct regular security audits and vulnerability assessments. Incident Response: Lead the response to security incidents and breaches, ensuring timely and effective resolution. Develop and maintain the incident response plan, including conducting regular drills. Compliance and Governance: Ensure compliance with relevant security standards, regulations, and frameworks (e.g., ISO 27001, NIST, GDPR). Maintain up-to-date documentation of security policies, procedures, and incidents. Team Leadership: Supervise and mentor the information security team, providing guidance and support. Foster a collaborative and high-performance team environment. Training and Awareness: Develop and deliver security training and awareness programs for employees. Promote a culture of security awareness throughout the organisation. Stakeholder Collaboration: Collaborate with IT, legal, HR, and other departments to ensure cohesive security practices. Serve as a key point of contact for security-related matters with external partners and vendors. Qualifications: Education: Bachelor s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master s degree is a plus. Certifications: Relevant certifications such as CISSP, CISM, CISA, or equivalent. Experience: Minimum of 10 -15 years of experience in information security, with at least 3 - 5 years in a leadership role. Proven experience in managing security operations, incident response, and risk management. Skills and Competencies: Technical Expertise: Strong knowledge of information security principles, technologies, and best practices. Experience with security tools and technologies such as SIEM, firewalls, IDS/IPS, and endpoint protection. Analytical Skills: Ability to analyse complex security issues and develop effective solutions. Strong risk assessment and management skills. Leadership and Communication: Excellent leadership and team management skills. Strong verbal and written communication skills, with the ability to convey complex security concepts to non-technical stakeholders. Problem-Solving: Strong critical thinking and problem-solving abilities. Ability to remain calm and effective in high-pressure situations. Additional Requirements: Availability for on-call duties and to respond to security incidents outside regular working hours. Willingness to travel as needed. Hybrid Policy - 2 to 3 days in a month work from Office* #LI-Hybrid What we offer Benefits We offer excellent benefits including an incentive programme, generous annual and parental leave policies, volunteering days and well-being support throughout the year, as well as free access to all Economist content. Country specific benefits are also offered. Our Values Our values are a collective set of beliefs and behaviours that strengthen The Economist Groups purpose and demonstrate where we want to be as an organisation. They reflect on our mission to pursue progress for individuals, organisations and the world. Independence We are not bound to any party or interest and encourage exploration and free-thinking. We champion freedom, both within our organisation and around the world. Integrity We are bold in our efforts to uncover the truth and stand up for what we believe in. We inspire trust through our rigour, fact-checking and transparency. Excellence We aspire to the highest standards in all we do. We are ambitious and inquisitive in our pursuit of continuous progress and innovation. Inclusivity We value diversity in thought and background and encourage healthy debate with a breadth of perspectives. We treat our colleagues and customers fairly and respectfully. Openness

Maintains, populates and reviews vulnerability, risk, control and issue management tools. Engages with management to ensure vulnerabilities, risks, controls and issues are dealt with escalating as needed. Serves as liaison and point of contact for new risk issues, including process assistance, tools, tracking status and status of issues advancing to closure. Escalating and facilitating discussions to explore risk acceptance, waivers or policy deviations ensuring traction of issues; Collaborates with various levels of management, teams, security, corporate risk. Conducts deep dives on risk, compliance, and security-related processes including vulnerability management reporting, policy compliance reporting, and other projects as assigned; Provides statistical information to various levels of management, Develops control processes and works closely with key stakeholders on writing and documenting processes. Collaborate with internal audit team to review controls that owners document prior to scheduled audits; Performs policy compliance reviews for policies such as Technology Lifecycle Management (TLMP), Third Party Risk Management (TPRM), Cloud. Develops plans and manage implementation of annual policy compliance tracking such as TLMP or TPRM.Assists personnel in compliance actions or raises non-compliance issues Creates and reports metrics for policy compliance; maintains documentation standards; communicates compliance solutions; supports internal audits; provides TSSI compliance training; evaluates EITS RCSA. Skill/competency required: University bachelor degree in Computer Science or related field, Posses technical professional certifications CRISC, CISM, CISA, CISSP. 5 years experience of working in an IT governance role, Advanced English level Experience of cross-regional work for a regulated multinational company, regional regulation awareness and/or management. About Experian Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, all using our unique combination of data, analytics and software. We also assist millions of people to realise their financial goals and help them save time and money. We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments. We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.co m Experience and Skills University Bachelor Degree Additional Information Our uniqueness is that we celebrate yours. Experians culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI, work/life balance, development, authenticity, collaboration, wellness, reward & recognition, volunteering... the list goes on. Experians people first approach is award-winning; Worlds Best Workplaces 2024 (Fortune Global Top 25), Great Place To Work in 24 countries, and Glassdoor Best Places to Work 2024 to name a few. Check out Experian Life on social or our Careers Site and Glassdoor to understand why. Benefits Experian care for employees work life balance, health, safety and wellbeing. In support of this endeavor, we offer best-in-class family well-being benefits, enhanced medical benefits and paid time off. This is a hybrid remote/in-office role and reporting to Director. This is individual contributor (Non-Managerial) role Experian Careers - Creating a better tomorrow together Find out what its like to work for Experian by clicking here

Fynd is India s largest omnichannel platform and multi-platform tech company with expertise in retail tech and products in AI, ML, big data ops, gaming+crypto, image editing and learning space. Founded in 2012 by 3 IIT Bombay alumni: Farooq Adam, Harsh Shah and Sreeraman MG. We are headquartered in Mumbai and have 1000+ brands under management, more than 10k stores and servicing 23k + pin codes. We are seeking a highly skilled Data Protection Officer (DPO) / GRC Officer responsible for ensuring compliance with global security and data protection regulations. The ideal candidate will oversee governance, risk, and compliance (GRC) programs, implement security frameworks, and safeguard sensitive data across the organization. What will you do at Fynd ? 1. Governance, Risk, and Compliance (GRC): Develop, implement, and maintain GRC frameworks to align with regulatory and industry standards. Establish risk assessment methodologies and ensure mitigation strategies are in place. Conduct IT General Controls (ITGC) assessments to ensure effective security controls and processes. Oversee third-party risk assessments, ensuring vendors comply with security policies. 2. Data Protection & Privacy Compliance: Implement and oversee compliance with DPDP (Digital Personal Data Protection Act, India) and GDPR regulations. Act as the point of contact for data protection authorities and internal privacy matters. Conduct Data Protection Impact Assessments (DPIAs) and privacy risk assessments. Develop and enforce privacy policies, data retention, and protection measures. 3. Information Security Compliance & Certifications: Lead and maintain compliance with ISO 27001, ensuring policies and controls meet certification requirements. Manage SOC 2 compliance efforts, including security, availability, processing integrity, confidentiality, and privacy principles. Oversee PCI-DSS compliance for handling cardholder data securely. Ensure alignment with NIST security frameworks for risk management and cybersecurity resilience. 4. Business Continuity & Incident Management: Develop and maintain a Business Continuity Management (BCM) program, including disaster recovery plans. Lead security incident response and investigations to mitigate data breaches and cybersecurity threats. Conduct regular tabletop exercises and audits to test resilience and readiness. Some Specific Requirements Bachelor s/Master s degree in Information Security, Cybersecurity, Compliance, or a related field. Professional certifications such as CIPP/E, CIPM, CISSP, CISM, CISA, ISO 27001 Lead Auditor, or CRISC are highly preferred. 5+ years of experience in Data Protection, Compliance, GRC, or Cybersecurity roles. Strong knowledge of regulatory frameworks (SOC2, ISO27001, GDPR, DPDP, PCI-DSS, NIST, ITGC, Third-Party Risk Management). Experience in implementing GRC tools and automating compliance processes. Excellent stakeholder management skills with the ability to work cross-functionally. Strong analytical, problem-solving, and decision-making skills. What do we offer? Growth Growth knows no bounds, as we foster an environment that encourages creativity, embraces challenges, and cultivates a culture of continuous expansion. We are looking at new product lines, international markets and brilliant people to grow even further. We teach, groom and nurture our people to become leaders. You get to grow with a company that is growing exponentially. Flex University We help you upskill by organising in-house courses on important subjects Learning Wallet: You can also do an external course to upskill and grow, we reimburse it for you. Culture Community and Team building activities Host weekly, quarterly and annual events/parties. Wellness Mediclaim policy for you + parents + spouse + kids Experienced therapist for better mental health, improve productivity & work-life balance We work from the office 5 days a week to promote collaboration and teamwork. Join us to make an impact in an engaging, in-person environment!