875 Cisa Jobs - Page 5

Jun 23, 2025 Location: Bengaluru Designation: Consultant Entity: Deloitte Touche Tohmatsu India LLP Your potential, unleashed. India s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realise your potential amongst cutting edge leaders, and organisations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Risk Advisory is about much more than just the numbers. It s about attesting to accomplishments and challenges and helping to assure strong foundations for future aspirations. Deloitte exemplifies the what, how, and why of change so you re always ready to act ahead. Learn more about Risk Advisory Practice Location and way of working Base location: Bangalore Professional is required to work from office Your work profile As a Consultant in our Cyber Team you ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - As a part of our Cyber, you ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. You ll: Role Description ISMS or Third-Party Risk Assessments Lead engagement team in delivering client engagements Support Managers/AD/D in assessment/ audit execution, reporting, quality review and tracking Support Managers/AD/D in responding to RFP, proposals, new opportunities Lead discussions with client teams from various depts. Such as compliance teams, auditing and regulators to identify and document various requirements/obligations Flexible to step-in and perform work on ground such as conducting risk assessments and audits with respect to people, process and technology Act as subject matter expert (SME) for providing guidance and share knowledge with team members. Assist team members during engagements Should be able to work as independently on short term engagements Perform quality reviews of work performed by team members Desired qualifications 1+ Relevant years of experience in Third party risk management Relevant years of experience in IT Audits, Cloud security Experience with ISO22301 implementation and audits Preferred certifications CBCI / CBCP / ISO22301 LI or LA Offensive Security Certified Professional, CISA to work in a cross-functional, cross-cultural matrix environment\ Understanding of Third party/vendor/supplier risk management considerations Knowledge of Data Protection & Privacy related risks associated with Third-Party and relevant control frameworks for Third party risk management Excellent written/verbal communication Excellent documentation and presentation skills Highly motivated and willing to work in local and global environments Security certifications like CISSP, CISA, CISM, CEH, ISO27001 Work experience in Infrastructure / Application Security Work experience in IT Audit Work experience in Information Risk Management Your role as a Consultant We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose, Senior Executive across our organization must strive to be: Inspiring - Leading with integrity to build inclusion and motivation Committed to creating purpose - Creating a sense of vision and purpose Agile - Achieving high-quality results through collaboration and Team unity Skilled at building diverse capability - Developing diverse capabilities for the future Persuasive / Influencing - Persuading and influencing stakeholders Collaborating - Partnering to build new solutions Delivering value - Showing commercial acumen Committed to expanding business - Leveraging new business opportunities Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization Effective communication Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s) Managing change - Responding to changing environment with resilience Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte Empathetic leadership and inclusivity - creating a safe and thriving environment where everyones valued for who they are, use empathy to understand others to adapt our behaviours and attitudes to become more inclusive.

Responsibilities Date posted 07/21/2025 End Date 08/04/2025 City Noida State/Region Uttar Pradesh Country India Location Type Onsite Calling all innovators find your future at Fiserv. Job Title Specialist, Risk Assurance What does a successful Risk and Compliance Specialist do at Fiserv: Fiserv is seeking a skilled risk and compliance professional to join its Enterprise Risk and Controls team. This dynamic role spans multiple responsibilities, including Third Party Risk Assessments for vendors and support for PCI and SOC audits as part of the organizations Third-Party Audit initiatives. The position is ideal for professionals who are adaptable and eager to contribute across various risk programs within the department. The role primarily centers on contributing to the Third Party Risk Management (TPRM) function. It involves gaining a comprehensive understanding of security policies, standards, and related processes within the scope of the TPRM program. Leveraging strong assessment capabilities, you will ensure that vendor-related risks are effectively identified, evaluated, mitigated, and continuously monitored to uphold the highest standards of security and compliance. What you will do: Developing detailed understanding of security policies, standards, and associated processes as it pertains to third party risk management program. 5-8 years of experience in the domains such as risk and compliance, information security Driving collaboration between cross-functional stakeholders and facilitating strong partnership with Fiserv Business Units Capability of contributing to TRPM Risk transformation projects in alignment with organization strategy. Responsible for independently conducting third-party risk assessment in line with security standards, practices encompassing people, process and technology controls Proficient in reviewing documentation including but not limited to security policies, processes, SOPs, third party audit/assurance reports including SOC 2, PCI AOC/ROC/ROV/SAQ, ISAE, ISMS, penetration testing, vulnerability scanning reports to identify gaps/exceptions Responsible for monitoring, tracking risks through closure by collaborating with multiple constituents including internal and external stakeholders; ensuring auditable results are maintained throughout the engagement. Ensure accurate and timely review; responsible for well-written observations, and walking stakeholders through the process lifecycle as needed Lead and participate in regional and global TPRM governance forums and liaise with business stakeholders. Document and maintain the relevant documentation. Establish trust and credibility with key partners; develop and foster constructive professional relationships with multiple stakeholders including but not limited to executive and line management, risk officers, risk contacts and third-party contacts Work on vendor events, liaison with business stakeholders and follow-up with vendors Mentor and train Junior team members on Vendor Risk Assessment program. What you will need to have: Bachelor s Or Master s degree from an accredited university is preferred, equivalent work experience will be considered. 5- 8 years of experience in IT Risk and Compliance Management or Information Security domain Good interpersonal, written/verbal communication, and organizational skills Ability to handle internal and external discussions/interactions issues in a professional, assertive, and proactive manner Ability to work effectively within a matrixed organization Strong organizational and time management skills with Global stakeholder management Strong MS office skills (Microsoft Excel, Word, PowerPoint, and SharePoint) Exposure to GRC ( Governance, Risk and Compliance tools) What would be great to have: Financial services experience, including working in highly regulated environments Knowledge of IT audit, ISO 27001, ITIL, Vendor Risk Management process Ability to interact across all levels of management Attention to detail with a commitment to high-quality standards A successful track record for delivering results in a timely manner Industry Certifications: CISA, CRISC, CTPRA, ISO 27001 LA/LI or equivalent etc.) Thank you for considering employment with Fiserv. Please: Apply using your legal name Complete the step-by-step profile and attach your resume (either is acceptable, both are preferable). Our commitment to Diversity and Inclusion: Fiserv is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, gender identity, sexual orientation, age, disability, protected veteran status, or any other category protected by law. Note to agencies: Fiserv does not accept resume submissions from agencies outside of existing agreements. Please do not send resumes to Fiserv associates. Fiserv is not responsible for any fees associated with unsolicited resume submissions. Warning about fake job posts: Please be aware of fraudulent job postings that are not affiliated with Fiserv. Fraudulent job postings may be used by cyber criminals to target your personally identifiable information and/or to steal money or financial information. Any communications from a Fiserv representative will come from a legitimate Fiserv email address. Share this Job Email LinkedIn X Facebook

Job Overview: We are seeking a highly experienced and certified Compliance & Information Security Manager to lead and oversee our organizations compliance, quality assurance, and cybersecurity initiatives. The ideal candidate will possess a robust background in ISO standards, IT and Security Operations, and internal/external audit coordination across service industries. Key Responsibilities: Lead the implementation, maintenance, and audit of ISO standards, including ISO 27001, ISO 9001, AS9100D, GDPR, DPDP Ensure compliance with SOC 2, HIPAA , and other applicable regulatory frameworks. Collaborate with cross-functional teams to design, review, and implement information security policies and risk mitigation strategies . Manage and prepare for internal and external audits; represent the organization during surveillance and certification audits. Develop and deliver employee training programs related to information security, regulatory compliance, and quality assurance. Identify and address security risks in networks, systems, and applications , and recommend corrective controls. Update and maintain documentation related to compliance and audit standards. Required Qualifications: Bachelors degree in engineering/technology (preferably Computer Science or related discipline). CISA, CISO, CISM, CISSP Certified (any) Desirable Lead Auditor certifications for ISO 9001:2015, ISO 27001:2022 and AS9100D. Strong exposure to GDPR, HIPAA and SOC 2 frameworks. Proficiency in conducting internal, supplier, and customer audits . Experience with tools such as Microsoft Office Suite. Demonstrated ability to lead cross-functional teams, manage compliance projects, and drive process improvement.

F5 is seeking a highly experienced and results-driven Technical Program Manager (TPM) to lead and manage critical programs focused on software security- This is a senior level role that will drive initiatives that enhance F5 s security posture by implementing best practices for vulnerability management, security scanners, CVE tracking, Security Software Development Life Cycle (SDLC), and more- The ideal candidate will have a deep understanding of security programs, a strong technical background in software development, and a proven track record of successfully delivering cross-functional initiatives in complex environments- As a trusted leader, you will collaborate closely with engineering, security, product, and operations teams to ensure F5 s products and processes meet the highest security standards while enabling business objectives- Key Responsibilities: Program Management: Strategically plan and deliver programs and initiatives across key security and vulnerability management areas, including implementation of security tools (scanners, CI/CD integrations), tracking and addressing vulnerabilities (e-g-, CVEs), and enforcing best practices throughout the software development lifecycle- Own program roadmaps, timelines, deliverables, and reporting, ensuring execution aligns with business goals, security requirements, and resource capacity- Drive key metrics and outcomes for security, tracking improvements in vulnerability remediation, compliance, and overall risk reduction- Security SDLC and Vulnerability Management: Partner with engineering and security teams to integrate Security SDLC (Secure Software Development Lifecycle) best practices into the development process, ensuring security is considered and implemented at every stage- Manage programs for vulnerability detection, assessment, and remediation to ensure timely resolution of security risks identified across F5 products and environments- Develop and implement governance processes for tracking and addressing externally reported vulnerabilities, such as Common Vulnerabilities and Exposures (CVEs) , ensuring effective prioritization and swift resolution- Cross-Functional Collaboration: Build strong relationships with software engineering, product management, cybersecurity, IT, and operations teams to foster alignment across security-related goals and projects- Act as the central point of coordination for security initiatives, driving progress and ensuring accountability across stakeholders- Facilitate efficient communication between technical and non-technical teams to ensure clarity around priorities, goals, and timelines- Risk and Compliance Management: Drive alignment on security requirements, risk tolerance, and compliance needs, partnering with internal and external security auditors where required- Ensure teams are meeting corporate and industry security standards, including regulatory and policy compliance, while achieving development velocity- Proactively identify and manage security risks through effective mitigation planning and ongoing tracking- Process Improvement and Tooling: Evaluate current security program practices, tools, and workflows, identifying gaps and opportunities for improvement in efficiency and effectiveness- Lead the implementation of automated tools for static and dynamic code analysis, dependency scanning, and configuration management to identify and address vulnerabilities earlier in the development process- Metrics and Reporting: Define, track, and report on KPIs and success metrics for security efforts, including vulnerability remediation rates, defect density reduction, and SLAs for incident response- Provide clear and actionable updates to executive leadership and key stakeholders on the status of security programs, progress, risks, and outcomes- Qualifications: Education: Bachelor s degree in Computer Science, Software Engineering, Cybersecurity, or a related technical discipline (Master s preferred)- Experience: 8+ years of experience in program management, with at least 3 years focused on security programs, vulnerability management, or security operations (senior level); 10+ years for principal level- Proven experience implementing Security SDLC processes and collaborating with software teams to deliver secure, production-grade solutions- Solid understanding of security domains, particularly vulnerability scanning tools (e-g-, Tenable Nessus, Snyk, Qualys), CVE tracking, dependency management, and secure coding practices- Technical Expertise: In-depth knowledge of software development methodologies, including Agile and DevSecOps principles- Familiarity with CI/CD pipelines, source code repositories, and tools for static/dynamic application security testing (e-g-, SonarQube, Checkmarx, Veracode)- Understanding of vulnerability databases (e-g-, NVD), common exploitation techniques, and secure design principles- Basic understanding of threat modeling and risk assessment techniques (stronger expertise is a plus)- Leadership and Collaboration: Experience working in highly cross-functional, multi-team environments, with the ability to motivate, guide, and align diverse stakeholders- Exceptional interpersonal, written, and verbal communication skills, with the ability to convey complex security requirements and issues to non-technical audiences, executives, and engineering teams alike- Demonstrated ability to influence without authority and lead by example- Problem Solving and Decision Making: Ability to analyze complex problems, evaluate trade-offs, and make sound decisions in a fast-paced environment- Strong risk management skills, with the ability to balance security needs with engineering velocity and business priorities- Preferred Qualifications: Project management certification (e-g-, PMP, PgMP, or PMI-ACP) or security-related certifications (e-g-, CISSP, CISM, or CISA)- Experience with cloud security and platform-oriented vulnerability management tools like Bugzilla or similar- Familiarity with emerging cybersecurity trends and zero-day vulnerability exploitation techniques- Knowledge of networking and application delivery technologies (F5 experience is a plus!)

We re seeking a future team member for the role of Vice President IT Audit to join our SOX Team- This role is located in Chennai, TN, HYBRID- In this role, you ll make an impact in the following ways: Demonstrate sound knowledge of IT general controls and application controls with a thorough understanding of SOX- Ensure IT general controls and application controls over financial reporting are sound and effective to ensure compliance with SOX- Contributes to the execution of the SOX IT plan in the assessment of key IT controls for in-scope information systems for testing, documentation and reporting to Senior Management- Manage multiple deliverables across various time sensitive deadlines while executing the completion of the test of design and test of operating effectiveness over the internal controls with limited oversight- Support the senior colleagues with tracking the status of control deficiencies; reviews remediation by process owners and documents findings for/to SOX management- Supports in the collaboration with business & technology stakeholders to identify ways to improve testing efficiency and issue reporting communications- Actively contributes to the achievement of the IT SOX team goal- To be successful in this role, we re seeking the following: Bachelors Degree or the equivalent combination of education and experience is required- Minimum of 3-6 years of experience in IT risk/controls, Internal IT Audit, Public Accounting IT audit or a combination of- Financial Services industry experience is highly preferred- Certified Information Systems Auditor (CISA) or an equivalent IT certification is highly preferred but not required- Experience with GRC software (AuditBoard) and/or data analytic tools (PowerBI, Alteryx) is preferred-

Jul 3, 2025 Location: Mumbai Designation: Analyst Entity: Deloitte Touche Tohmatsu India LLP Audit & Assurance - Assurance Analyst - Internal audit What impact will you make Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you ll find unrivaled opportunities to succeed and realize your full potential Deloitte is where you ll find unrivaled opportunities to succeed and realize your full potential. The Team Discover the various Internal Audit services, we offer to help organizations look below the surface to achieve superior performance through a full range of outsourcing, co-sourcing, and advisory services including with respect to technology and data analytics . We enhance the overall value delivered by IA functions through strengthening quality, flexibility, efficiency, and value. Additionally, Deloitte helps clients extend their IA oversight to gain greater understanding of key enterprise risks such as evolving IT systems, applications, and other technologies. Work you ll do As Analyst in our Internal Audit team you ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. You ll: Key Job Responsibilities As a part of our team you ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. You ll: Ability to effectively perform the technical components of risk assessments to provide an accurate view of the client s current risk state Ability to perform end-to-end business process analyses and design Ability to gather, synthesize, and analyze data using appropriate tools and technologies Ability to assess and design internal controls by applying an understanding of internal control design frameworks and regulatory requirements Ability to understand the client s business, interpret sector trends, and learn leading practices Ability to effectively interact with colleagues and clients of varying backgrounds to effectively serve clients Ability to enhance quality and efficiency of recommended conduct risk solutions by applying relevant frameworks, conducting research, and performing analyses Ability to conduct internal audits by leveraging approved processes and methodologies Ability to set the stage for a successful assessment of client s internal audit processes and controls by collecting and organizing data Ability to enhance quality of assurance engagements by identifying risks, performing testing, researching governing regulations, and developing reports Ability to form a core Extended Enterprise Risk Management (EERM) skillset through proactively conducting research, and participating in internal and external initiatives Audit & Assurance - Assurance Analyst - Internal audit Ability to enhance quality of EERM solutions by effectively applying relevant frameworks, conducting research, and performing analyses Ability to enhance effectiveness of the client s ORM system analysis Ability to leverage industry leading tools and frameworks to increase effectiveness of ORM solutions Ability to form a core technology and data risk skillset through proactively conducting research, and participating to internal and external initiatives Ability to leverage industry leading frameworks, methods, and tools to increase effectiveness of technology and data risk solutions Qualifications BBM / BBA / B. Com/Btech Must have one of the certifications - CFE, CPA, CIA, CISA Experience in Advanced Analytics and ERP is preferred Your role as a leader At Deloitte India, we believe in the importance of leadership at all levels. We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society and make an impact that matters. In addition to living our purpose, Analyst across our organization: Builds own understanding of our purpose and values; explores opportunities for impact Demonstrates strong commitment to personal learning and development; acts as a brand ambassador to help attract top talent Understands expectations and demonstrates personal accountability for keeping performance on track Actively focuses on developing effective communication and relationship-building skills Understands how their daily work contributes to the priorities of the team and the business How you ll grow At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Centre. Audit & Assurance - Assurance Analyst - Internal audit Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our purpose Deloitte is led by a purpose: To make an impact that matters . Every day, Deloitte people are making a real impact in the places they live and work. We pride ourselves on doing not only what is good for clients, but also what is good for our people and the communities in which we live and work always striving to be an organization that is held up as a role model of quality, integrity, and positive change. Learn more about Deloittes impact on the world Recruiter tips We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you re applying to. Check out recruiting tips from Deloitte professionals.

Director, Technology Risk Management Mission First, People Always As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the frontlines who make this happen every day. By taking care of our people, their wellbeing, and career development, we provide them the necessary tools and environment to ensure the success of our mission. Overview The Corporate Security Regulatory Risk team is looking for a Director, Technology Risk Management, to drive Information Security Management System for Regulated markets mandating ISMS implementation and ensuring compliance on security aspects related to the evolving regulatory and statutory obligations with a focus on India region. The ideal candidate should be passionate about information security, cybersecurity, intellectually curious and analytical with strong exposure to business and regulatory environment. In this highly visible role, you will: Establish and maintain a global ISMS strategy and framework for meeting market specific regulatory obligations for ISMS implementation. Partner with 1st line Tech Risk and Regulatory Execution teams to drive Risk Assessments, oversee implementation of Risk Treatment plans, manage Cyber Risk Assessments of new products. Establish governance and management reporting on compliance to ISMS components for the specific market implementation. Serve as the primary point of contact regarding ISMS matters, reporting to leadership and risk committees on ISMS implementation and related security risks, drive ISMS awareness across the organization. Actively engage with cross functional teams within 1st LOD, Technology, Risk, Regulatory Counsels, Business teams etc. to drive compliance to security requirements from regulatory and statutory obligations. Manage and oversee security aspects of regulatory audits and assessments including readiness and remediation, responding to regulatory notifications and related actions for regulatory compliance. All About You The ideal candidate for this position should have: Knowledge of information and cyber security domains and controls, understanding of secure system design and defense-in-depth strategies, governance and risk management framework and practices. Strong understanding of ISO/IEC 27001, 27002, and related security standards, with experience leading ISMS implementation and certifications. Experience managing compliance programs, audit readiness, handling security audits, conducting assessments. Proven ability to lead cross-functional teams and manage complex projects, senior stakeholder management, regulatory enquiries Strategic thinking, executive communication and strong analytical and problem-solving abilities Preferred security certification e.g. CISSP, CISM, CISA, CRISC or equivalent. ISO/IEC 27001 Lead Implementer or Lead Auditor. Be seen as a trusted advisor with understanding of business processes and able to provide security consultation and advisory on regulatory matters. NICE Framework References National Initiative for Cybersecurity Education (NICE) competency proficiency levels of advanced to expert in the following areas: Client Relationship Management Risk Management Interpersonal Skills Information Systems/Network Security Information Assurance Project Management Corporate Security Responsibility Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must: Abide by Mastercard s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard s guidelines.

Bachelors or Masters degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices. Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review. Conceptual knowledge of OT Security/ISA 62443 standard is preferable. . Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments.

Jul 11, 2025 Location: Coimbatore Designation: Consultant Entity: Deloitte Touche Tohmatsu India LLP Your potential, unleashed. India s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Technology & Transformation is about much more than just the numbers. It s about attesting to accomplishments and challenges and helping to assure strong foundations for future aspirations. Deloitte exemplifies what, how, and why of change so you re always ready to act ahead. Learn more about Technology & Transformation Practice Your work profile As a practitioner in our Cyber Team, you ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - SOX,Cloud,Data Management IT/IS controls Testing and Assurance Design and execute controls testing strategies to evaluate the design adequacy and operating effectiveness of controls. Testing Approach Review and Process Documentation Develop methods to monitor and measure risk, compliance, and assurance efforts. Create test plan, test scripts etc. to support the delivery of controls assurance objectives. Prepare detailed testing documentation, workpapers and reports to highlight findings and recommendations. Collaborate with various departments for control walkthroughs, sampling, evidence collection etc. Maintain up-to-date knowledge of industry standards and best practices related to controls testing. Review existing Risk control testing approach and methodology used by client to identify areas for improvement based on IT risk & control frameworks and industry good practices. Develop templates to facilitate the control testing and the documentation and reporting of the control testing outputs in line with the refined control testing approach and methodology Liaise with designated stakeholders to identify the prioritised set of controls and document repeatable test scripts for testing design effectiveness ( DE ) and operational effectives ( OE ) of prioritised IT and IS controls. Knowledge/ Experience in GRC tools such as Service now, archer etc. Knowledge/ Experience on cyber compliance regulations - RBI, SEBI, Cert-in. Industry knowledge would be a added advantage Desired qualifications Cyber experience in Risk Controls ranging from 1 year to 7yrs is mandatory. Levels being hired for: Analyst, Senior Analyst, Consultant, AM, DM B.E / B.Tech (Tier 1/2) in Computer Science, Information Technology or related fields ISO 27001 LA/LI, ISO 31000 LA/LI, ISO 22301 LA/LI, CISA, ITIL, or equivalent certification Strong communication skills (written & verbal) Location and way of working Base location: Coimbatore/Chennai/Kochi This profile involves frequent travelling to client locations. Your role as a practitioner We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose, practitioners across our organization must strive to be: Inspiring - Leading with integrity to build inclusion and motivation Committed to creating purpose - Creating a sense of vision and purpose Agile - Achieving high-quality results through collaboration and Team unity Skilled at building diverse capability - Developing diverse capabilities for the future Persuasive / Influencing - Persuading and influencing stakeholders Collaborating - Partnering to build new solutions Delivering value - Showing commercial acumen Committed to expanding business - Leveraging new business opportunities Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization Effective communication Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s) Managing change - Responding to changing environment with resilience Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte. Empathetic leadership and inclusivity - creating a safe and thriving environment where everyones valued for who they are, use empathy to understand others to adapt our behaviours and attitudes to become more inclusive.

: Experience range: 5- 12 years Cyber Security Expert Primary Mandate You will consult and support the Life Science Sector Cyber Security team operations across the entire Life Science organization / locations to protect the confidentiality, integrity, and availability of the IT assets, software-based products, applications and web sites. Your main task is ensuring that cyber security policies, standards, controls, and regulatory requirements are properly understood, planned and implemented. Scope Implement and maintain technical and non-technical cyber security controls of the IT assets, software-based products, applications and web sites Technical controls include baseline security configuration for operating systems (e. g. , OS hardening), network segmentation, DMZ systems hardening, identity and access management (IAM), etc. Non-technical controls include working with corporate teams to embed controls in technology Procurement and working with the business application owners to ensure security process are properly applied throughout the entire application management life cycle. Participate in application-, infrastructure-, and business projects to provide security-planning advice. Together with the IT Solution Architects plan, deliver and document security architecture for various security solutions and projects. Participate in a Cyber Security Incidence Response Team (CSIRT) to cover information security incidents on a sector wide level. Development of cybersecurity awareness and training curriculum. Ensure security training and awareness programs are defined and executed. Contribute to internal projects in response to external compliance requirements, such as NIS2. Qualifications Extensive industry experience, technical knowledge and proven information security competency through professional designation / certifications, such as CISSP, IISP, CRISC, CCSP, CISA or CISM. Ability to analyze security issues, manage conflicting priorities, and recommend a course of action with both technical and business perspective. Strong analytical and interpersonal communication skills, including the ability to communicate effectively and build consensus across organizational lines. Ability to collaborate with diverse team consisting of developers, architects, project managers, etc. Experience with security risk management frameworks based on industry standard (e. g. , ISO27005, NIS2, BSI) and regulations (e. g. , GDPR). Proven ability to manage and collaborate on large/complex projects. Strong documentation skills. Fluent in English.

>> Job DesCRIPTION Role & RESPONSIBILTY Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Perform risk assessments on various applications, services, and infrastructure components. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Deliver complex Infrastructure programmes with multiple business and technical risks that will impact the success of key business priorities Create and track a plan to deliver programme goals, including the technical implementation plan, ensuring colleagues and stakeholders are kept up-to-date Manage risks and Issues on the programme demonstrating tactics to resolve or mitigate Understand trade-offs in hardware and infrastructure delivery using experience and influencing skills to drive consensus with the Engineering and Product teams to obtain the best value and deliver brilliant technical solutions Able to foresee potential risks and issues, establish a process, facilitate discussion and manage escalations Able to understand a technical architecture to be able to foresee the impact on dependencies, delivery timelines and implementation plans Have good knowledge of engineering best practices and practical infrastructure implementations to appreciate delivery challenges Collaborate with the Product and Engineering teams to define annual budgetary requirements Evaluate and interpret assessment results to identify potential vulnerabilities and risks and provide actionable recommendations for risk mitigation. Stay up to date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk. Establish and sustain long-term profitable client relationships that drive value creation, delivery excellence and a positive client work environment. Manages client expectations and client satisfaction. Acts as an advisor and partner to the client. Design, develop and implement business strategies for clients to implement new and different approaches to business based on the innovation approach. REQUIREMENTS: A minimum of 5+ years of hands-on experience in Project/Program Management. Understand the key principles of ITSM and How this drive effective change into BAU Have experience of building credible relationships and influencing senior management Strong Project, Stakeholder & Programme management skills Good reporting skills for programs and financial forecasting Adept communication & influencing skills and adoptability to changes - Expert delivery experience with the following tools: - Jira - Confluence - Miro - Microsoft Project - MS Excel Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Strong communication and stakeholder & conflict management skills. Strong analytical and problem-solving skills, with the ability to think critically and strategically. >> SELECTION PROCESS Candidates should expect 2-3 rounds of personal or telephonic interviews to assess fitment and communication skills. >> CRITERIA Education 60% above throughout academics One 3 years (at least) regular course is must either Diploma or Graduation Course: B.E. / B. Tech / MCA / M. Tech / MBA degree or equivalent Minimum 3 years of hands-on experience in conducting cyber risk assessments. Certification: CISM / CISSP / CCSP / CISA / CRISC / ITIL / ISO 27001/22301/20000 LI/LA / PCI DSS (At least one) CCNA / CCNP or equivalent (optional) Relevant certifications in OT security (GICSP, ISA/IEC-62443 or equivalent)

Work closely with business stakeholders to gather, analyze, and document functional and non-functional requirements. Define and document business processes, workflows, and system functionalities. Translate business needs into detailed requirements, user stories, and functional specifications. Collaborate with cross-functional teams, including product managers, developers, testers, and business users, to ensure smooth project execution. Participate in requirement walkthroughs, solution design discussions, and system testing activities. Assist in user acceptance testing (UAT) and support business users in validating system functionalities. Conduct impact analysis, gap analysis, and feasibility studies for business process improvements. Support system implementation, change management, and post-go-live activities. Ensure compliance with industry standards, best practices, and regulatory requirements. Display strong knowledge of Information Security as this is an SME role for reviewing Risk Assessments as per IS policy and ISO 27001 Review IS controls and assess ability and applicability for the applications / infrastructure Manage scope of deliverables and expectations and ensure clear and concise communication to onshore team members and other stakeholders Build strong relationships with various stakeholders, including but not limited to: ITAO / ITAO Delegates, ISO / TISO / Risk Managers in order to complete Assessments and Remediation management Proactively seek ways to improve upon existing practices and processes. Display insight and ability in identifying issues and develop successful solutions Work with multiple, distributed teams (across different locations) Provide process improvement inputs to various stakeholders involved Report and escalate potential risks to the management to help avoid / minimize the impact Develop key operational procedures and policies where necessary and ensure adherence to all such defined policies Focus on utilizing the capacity in an efficient and effective manner. Monthly tracker to be maintained Represent the process and provide inputs for the Monthly and Quarterly dashboards with performance and with any challenges faced or suggestions to improve the quality Your skills and experience Experience: 12+ years of experience as a Business Analyst in a functional role, preferably in GRC. Education: Bachelor's/Masters degree in Business Administration, Computer Science, Information Systems, or a related field. Strong expertise in business process mapping, requirement elicitation, and functional documentation. Hands-on experience in working with Agile (Scrum/Kanban) and Waterfall methodologies. Proficiency in tools such as JIRA, Confluence, MS Visio, BPMN, or similar BA tools. Experience in creating BRD (Business Requirement Document), FSD (Functional Specification Document), and user stories. Ability to perform data analysis and reporting using SQL, Excel, or BI tools if applicable. Strong stakeholder management, communication, and analytical skills. Experience working with cross-functional and geographically distributed teams. Technology Skills: Proven capabilities / competencies in mitigating the Information Security / Application Governance / IT Control etc. Strong understanding of service delivery and relationship management Project management, analytical and problem solving skills Effective communication and strong interpersonal skills Professional certifications is an added advantage CISA, CISM, CRISC etc. Team player, highly motivated, practical problem solver Experience in global teams across different time zones and within a matrix environment Ability to monitor, track and clearly communicate progress, escalate issues when appropriate

Role Description Infrastructure Chief Operating Office (COO) is responsible for the effective operation of the infrastructure functions, driving operational efficiency whilst supporting the effective delivery of infrastructure services in line with business objectives and control requirements. It also includes oversight of Infrastructure Divisional Control Office (DCO) and Trade Settlement and Confirmations Operations (TSCO). Infrastructure Divisional Control Office (IDCO) as part of Infrastructure COO, provides services to multiple functions in infrastructure. The IDCO function is a dedicated risk, control, and regulatory oversight function, with prime responsibility for managing and proactively mitigating risk across the full breadth of the Technology and Infrastructure organization. Function also provides a consolidated view and central coordination of (non-financial) risks, as well as effective, efficient, and consistent standards and policies. (Technology Data & Innovation) TDI Control Testing & Assurance ( TDI CT&A) team part of IDCO identifies, tracks and reports control testing & assurance activities, conducts independent controls testing (design and operating effectiveness) on different risk types in line with the Control Testing Standards. The team also focuses on regulatory and risk-based assurance requirements. This role is within TDI Control Testing & Assurance team. Your key responsibilities Perform Control Testing in line with defined Control Testing methodology/minimum standard. Identify control deficiencies (findings), risks related to elements of controls, participate in findings agreement with stakeholders, escalate potential issues and exception items noted during the testing to senior management for discussion and further investigation, if deemed necessary Prepare Control Testing workpapers for senior management detailing testing results, document findings with highest quality Track Control Testing identified findings, perform required follow-up on open findings Consider regulatory and internal firm policy requirements as well as established best practices for control assurance. Support controls assurance activities Support in monitoring Control testing teams adherence to Control Testing methodology/minimum standards Track testing related effort/budget Plan Vs. Actuals throughout the testing lifecycle Build and maintain solid working relationships with key stakeholders such as within the DCO, IDCO, TSCO, GTI, Embedded Risk Teams (ERT), Risk managers and other Testing Teams including Divisions/sub-divisions, 2 LoD and Group Audit (GA) Your skills and experience University degree preferably in Computer Science, Mathematics, Engineering or a related subject or equivalent qualification in the areas of information security. Professional/industry recognized qualifications e.g., CISA, CISSP, CISM, CRISC are beneficial. Experience in Cloud Security audit/testing, GCP (Google Cloud Platforms) or Professional/industry recognized qualifications e.g., CCSP, CCSK will be an advantage. Knowledge of auditing IT application controls, e.g., from IT audits or IT risk management. Understanding of the relationship between IT risk and underlying business process risk. Knowledge of regulations governing financial institutions is beneficial. Strong written and verbal communication skills and the ability to communicate effectively in conflict situations. Strong organizational skills and attention to detail. Ability to work under pressure, multi-task and prioritize workload. Strong analytical skills and structured thought process with the ability to clearly articulate control deficiencies and related risk Flexible, proactive, and innovative mind set with strong organizational skills to take ownership and responsibility for agreed targets and to meet them within budget to enable a timely and efficient completion of projects. This is an IC (individual contributor) role.

Your key responsibilities Participate, lead and execute the IT Risk and Assurance engagements Develop and maintain productive working relationships with client and onshore stakeholders Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress Help prepare reports and schedules that will be delivered to clients and other parties Develop and maintain productive working relationships with client personnel Build strong internal relationships within Ernst & Young Services and with other services across the organization Stay current with and promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise Skills and attributes for success Work effectively as a team player - collaborate and share responsibility, coach, and support team members to succeed To qualify for the role, you must have B.E/B.Tech (CS/ IT, Electronics, Electronics & Telecommunications,)/MBA/M.Sc., Chartered Accountant and/or MBA with Finance/IT with at least 10+ years of experience 1-3 years of professional experience in the areas of IT audits, ITGC, SOX / ICFR / IFC / SAS 70 / SSAE / SOC1, SOC2, IT Financial Audit and Business Automated Controls, IT Risk consulting or any other regulatory / compliance audits Expertise in pre and post implementation reviews and auditing configuration of major ERPs like SAP, Oracle, JDE, WorkDay, Netsuite, Navision etc. Expertise in performing infrastructure reviews pertaining to OS, DB and Active Directory such as Windows, UNIX, SQL, Mainframe, Oracle etc. Assist with the development of policies, procedures and standards that meet existing and newly developed policy and regulatory requirements Assist with facilitating IT security/risk training curriculum. Work closely with cross-functional teams and develop strong relationships as project lead within IT security and GRC projects. Stay current with and promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise Must have end-client facing experience Ideally, you'll also have CISA, CISM, CRISC, ISO27001, Cloud and Data privacy certifications IT audit knowledge for a financial audit - Control frameworks such as COSO, related regulations including SOX and J-SOX Data analytics/automation tool SQL, Monarch, BluePrism, Alteryx, PowerBI Familiarity with a typical IT systems development life cycle

Job description At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Technology Risk Senior As an IT risk professional, you'll contribute technically to risk assurance client engagements and internal projects. An important part of your role will be to perform IT audits, document good quality assessment reports and issue opinions. You'll anticipate and identify risks within engagements and share any issues with the audit stakeholders. You'll also identify potential business opportunities for EY within existing engagements and facilitate integration as appropriate. In line with EY's commitment to quality, as an influential member of the team - you'll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We're looking for experienced staffs with 1 to 3 years of hands-on experience in IT Risk/Audit, Assurance and Advisory to join our Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your key responsibilities Participate, lead and execute the IT Risk and Assurance engagements Develop and maintain productive working relationships with client and onshore stakeholders Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress Help prepare reports and schedules that will be delivered to clients and other parties Develop and maintain productive working relationships with client personnel Build strong internal relationships within Ernst & Young Services and with other services across the organization Stay current with and promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise Skills and attributes for success Work effectively as a team player - collaborate and share responsibility, coach, and support team members to succeed To qualify for the role, you must have B.E/B.Tech (CS/ IT, Electronics, Electronics & Telecommunications,)/MBA/M.Sc., Chartered Accountant and/or MBA with Finance/IT with at least 1-3 years of experience 1-3 years of professional experience in the areas of IT audits, ITGC, SOX / ICFR / IFC / SAS 70 / SSAE / SOC1, SOC2, IT Financial Audit and Business Automated Controls, IT Risk consulting or any other regulatory / compliance audits Expertise in pre and post implementation reviews and auditing configuration of major ERPs like SAP, Oracle, JDE, WorkDay, Netsuite, Navision etc. Expertise in performing infrastructure reviews pertaining to OS, DB and Active Directory such as Windows, UNIX, SQL, Mainframe, Oracle etc. Assist with the development of policies, procedures and standards that meet existing and newly developed policy and regulatory requirements Assist with facilitating IT security/risk training curriculum. Work closely with cross-functional teams and develop strong relationships as project lead within IT security and GRC projects. Stay current with and promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise Must have end-client facing experience Ideally, you'll also have CISA, CISM, CRISC, ISO27001, Cloud and Data privacy certifications IT audit knowledge for a financial audit - Control frameworks such as COSO, related regulations including SOX and J-SOX Data analytics/automation tool SQL, Monarch, BluePrism, Alteryx, PowerBI Familiarity with a typical IT systems development life cycle

As a Cloud Ops professional at Tally, you will be part of a team dedicated to delivering top-notch connected services in public clouds for Tally's customers. Your mission will be to ensure unmatched reliability, strong security, and optimal cost efficiency. You will have the opportunity to design, implement, and operationalize solutions using cutting-edge cloud native technologies to provide a seamless experience for our customers. Your responsibilities will include overseeing Risk Management & Governance for Tally's suite of cloud-based connected services, implementing secure access at every level, and ensuring compliance with regulatory requirements. You will focus on Cloud Security Oversight, primarily in the AWS environment, while also considering multi-cloud environments. Your role will involve managing regulatory and compliance issues and providing governance and reporting on cloud operations. To excel in this role, you should bring experience in risk management, governance, or compliance roles within fintech, banking, or cloud-centric organizations, particularly in product or fully hosted service-based settings. You should have expertise in AWS security tools, architectures, and best practices, along with a deep understanding of Indian financial sector regulations such as RBI, SEBI, and the IT Act. Possessing relevant certifications like CISSP, CISM, AWS Certified Security Specialty, CRISC, or CISA would be advantageous. You will be expected to demonstrate a thorough understanding of cloud-native security principles, AWS best practices, risk frameworks (NIST, ISO, COBIT), and regulatory mandates. Your role will involve bridging business requirements with technical security implementations, requiring strong communication, stakeholder management, analytical thinking, and a proactive problem-solving approach. Join us at Tally, where we value honesty, integrity, a people-first culture, excellence, and impactful innovation. Be a part of our journey to simplify the lives of millions of small and medium businesses globally through technology and innovation.,

As a Senior Auditor, Technology at LegalZoom, you will be an impactful member of the internal audit team, assisting in achieving the department's mission and objectives. Your role will involve evaluating technology risks in a dynamic environment, assessing the design and effectiveness of internal controls over financial reporting, and ensuring compliance with operational and regulatory requirements. You will document audit procedures and results following departmental standards and execute within agreed timelines. Additionally, you will provide advisory support to stakeholders on internal control considerations, collaborate with external auditors when necessary, and focus on continuous improvement of the audit department. Your commitment to integrity and ethics, coupled with a passion for the internal audit profession and LegalZoom's mission, are essential. Ideally, you hold a Bachelor's degree in computer science, information systems, or accounting, along with 3+ years of experience in IT internal audit and Sarbanes-Oxley compliance, particularly in the technology sector. Previous experience in a Big 4 accounting firm and internal audit at a public company would be advantageous. A professional certification such as CISA, CIA, CRISC, or CISSP is preferred. Strong communication skills, self-management abilities, and the capacity to work on multiple projects across different locations are crucial for this role. Familiarity with technologies like Oracle Cloud, AWS, Salesforce, Azure, and others is beneficial, along with reliable internet service for remote work. Join LegalZoom in making a difference and contributing to the future of accessible legal advice for all. LegalZoom is committed to diversity, equality, and inclusion, offering equal employment opportunities to all employees and applicants without discrimination based on any protected characteristic.,

You will be responsible for conducting third-party/supplier security risk assessments, interpreting security assurance reports including SOC2 and pen test reports, and reviewing security requirements in contracts. Additionally, you will need to understand outsourced solutions and associated information classification, assess supplier security controls based on ISO27001/2 standards, and identify and document security risks. You will be expected to suggest recommendations to address identified security risks, potentially perform information classification such as AIC assessment, and hold security certifications such as ISO27001 auditor/implementation, CISSP, CRISC, CISM, or CISA. If you have at least 4 years of experience in Information Security, possess the necessary certifications, and can work in Mumbai (Andheri East) with a notice period of immediate to 30 days, we encourage you to share your updated resume to manasa.chilla@visionyle.com.,

As the IT Auditor at Navi, you will be responsible for overseeing Navis strategic Risk-based IT Audit Plan and managing the Group IT Audit Function in alignment with Navis Internal Audit Charter and industry standards set by ISACA, ISO, COBIT, IIA, and other relevant professional bodies. Your role will involve directing IT audit operations and strategies at the group level, auditing information systems, platforms, and operating procedures of Navi to ensure the effectiveness of the organizations risk management and internal controls. Your major responsibilities will include developing and implementing risk-based annual IT audit plans, evaluating IT infrastructure, identifying areas of risk or non-compliance, and ensuring proper resourcing for plan implementation. You will also be responsible for updating audit tools, informing senior management of significant risks, providing feedback on IT & data risks, maintaining relationships with key stakeholders, overseeing Internal Audits participation in business initiatives, and serving as a thought leader in IT risk management and internal control best practices. In addition, you will continuously inspect and assess various elements of the companys information systems, identify IT risk exposure, recommend remediation strategies, review security measures, coordinate with external auditors and regulators, track issues and actions management process, and provide early warning signals in IT areas for potential fraud scenarios. You will also be responsible for issuing clear and concise IT Audit reports, delivering MIS and reports to assist the Function Head, and making presentations to the audit committee and management independently. The ideal candidate for this role should possess IT audits related qualifications such as CISSP, CISA, CISM, GIAC, PPM, PMP, DISA, or equivalent, along with 7 or more years of experience in IT audits preferably with 2-3 years in a team management role. Strong knowledge of IT security and infrastructure, experience in agile product management environments, and 3 to 5 years of Fintech or NBFC industry experience are preferred qualifications for this role.,

As an Internal Auditor at Justdial Ltd in Bangalore, you will be responsible for projects in IT Advisory focusing on the assessment and evaluation of IT systems, along with the mitigation of IT-related business risks. Your role will involve IS audit, ITGC reviews, internal audit engagements, IT infrastructure review, and risk advisory, including supporting IT audit activities. Your responsibilities will include coordinating and managing statutory external audits for SOX (ITGC), providing management reports by collecting and analyzing audit information, conducting ISMS security awareness training programs within the organization, and supporting the Information Security Manager in managing and mitigating risk assessments. You will also be involved in implementing ISO 27001 controls across the organization, conducting risk assessments and gap analyses for ISO 27001/IT General Control, and performing internal audits for various business functions. Additionally, you will conduct data center audits as per ISO 27001 standards, develop and review information security policies and procedures, handle end-to-end ITGC statutory audit requirements, assist in the implementation of ISO 27001:2013 and managing the ISMS, and consult the organization on business continuity for critical functions. You will also be involved in implementing and consulting on PCI DSS SAQ A-EP certification. The ideal candidate for this role should have a bachelor's degree in engineering or BSc-IT, experience in performing IT audits of banking/financial sector applications, and knowledge of IT regulations, standards, and benchmarks used by the IT industry (e.g., NIST, PCI-DSS, ISO 27001). Technical knowledge of IT audit tools, experience in carrying out OS/DB/Network reviews, exposure to risk management and governance frameworks/systems, and proficiency in project management, communication, and presentation skills are essential. Being a team player with strong self-directed work habits, initiative, drive, creativity, maturity, self-assurance, and professionalism is crucial for success in this role. Preferred certifications include CISA, CISSP, ISO 27001 Lead Auditor/Implementer, and CISM. Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools is also required.,

Role & responsibilities Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either System audit, IT reviews, Technology Risk Assessments & Gap Assessments inline with circulars issued by SEBI/RBI/IRDAI. Technical Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001 Soft Skills Good presentation and report writing skills is mandatory. Excellent communication skills and confident demeanor Experience of working with client stakeholders Good problem-solving skills. Preferred candidate profile

Role & RESPONSIBILTY Conduct threat modeling and risk assessments to evaluate potential security risks associated with the organization. Provide guidance on risk remediation strategies and the implementation of countermeasures to address identified security risks. Ensure GDPR & PCI-DSS compliance across all areas of the organization. Work with the development team to ensure compliance with SDLC lifecycle and secure coding practices. Lead encryption efforts and disable deprecated protocols to maintain data security while in transit or at rest. Incorporate NIST framework into the organization's security practices and stay up-to-date with the latest controls. Review penetration testing reports, static and dynamic application security testing results, SaaS platforms, Azure Defender reports, and third-party application integration risks to identify vulnerabilities and evaluate overall security posture. Provide expertise in security and network architecture and design. Create comprehensive data flow diagrams to identify potential threats and identify areas for improvement. Evaluate cloud security posture and provide recommendations to enhance overall security. Continuously identify potential flaws in the entire architecture and implement security controls and practices to prevent future breaches. REQUIREMENTS: Bachelor's degree in Computer Science, Information Technology, or related fields 8+ years of experience in information security or related fields Strong understanding of GDPR & PCI-DSS requirements Experience with threat modeling, risk assessment, and remediation Familiarity with secure application development principles and secure coding practices Experience with identity and access management (IAM) solutions and authentication protocols such as SAML, OAuth, and OpenID Connect Understanding of network security protocols such as TCP/IP, DNSSEC, SSL/TLS, IPSec, and firewalls Experience in encryption technologies and protocols for data security Knowledgeable in NIST framework controls Strong analytical and problem-solving skills Expertise in security architecture and network design Proficiency with creating detailed data flow diagrams Familiarity with cloud security trends and best practices Experience with DevOps and CI/CD pipelines and creating a DevSecOps culture Excellent communication and interpersonal skills Professional Certifications: CISSP, CCSP, CCSK, CEH

ROLE & RESPONSIBILTY: Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments. Risk Consulting IT Advisory Cyber Security: Cyber Risk Assessments The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2020 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. REQUIREMENTS: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments.•Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices.•Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review. Conceptual knowledge of OT Security/ISA 62443 standard is preferable. >>CRITERIA oEducation 60% above throughout academicsoOne 3 years (at least) regular course is must either Diploma or GraduationoCourse: B.E. / B. Tech / MCA / M. Tech / MBA degree or equivalentoCertification: CISM / CISSP / CCSP / CISA / CRISC / ITIL / ISO 27001/22301/20000 LI/LA (At least one)oCCNA (Mandatory), CCNP or equivalent(optional).

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. Qualifications for Internal Candidates IT Audit + SAP experience with knowledge of IT governance practicesPrior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 AuditsGood to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.)Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodologyExposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantageStrong project management, communication (written and verbal) and presentation skillsKnowledge of security measures and auditing practices within various applications, operating systems, and databases.Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalismPreferred Certifications CISA/CISSP//CISMExposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantageProficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal employment opportunity information: . Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster RecoveryPerform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk Control Matrix. Perform business process walkthrough and controls testing for IT Audits.Performing planning and executing audits, including - SOX, Internal Audits, External AuditsConducting controls assessment in manual/ automated environmentPrepare/Review of Policies, Procedures, SOPsMaintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables.Demonstrate a thorough understanding of complex information systems and apply it to client situations. Use extensive knowledge of the clients business/industry to identify technological developments and evaluate impacts on the work to be performed.Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project s progress. Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables. Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status.

Join our Team About this opportunity! At Ericsson, we are committed to maintaining robust and compliant internal control systems in accordance with the Sarbanes-Oxley Act (SOX). With our expanding global footprint and increasing reliance on technology for financial operations, we are strengthening our SOX Information Systems (IS) controls to ensure consistent and reliable financial reporting. We are now hiring a Security Implementation Lead to focus primarily on SOX IS control audits, working closely with our IT, internal audit, compliance, and business teams. The role is critical in ensuring our IT general controls and application-level controls support accurate financial reporting, align with regulatory expectations, and are prepared for evolving audit demands. This opportunity is a broader effort to enhance IT risk management maturity across the enterprise. What you will do! Test and evaluate the design and operating effectiveness of SOX IS (Information system) controls Review application controls for key financial systems (e.g., SAP) Maintain and update test control documentation (e.g., narratives, flows, control matrices). Plan scope of audit and audit schedules. Prepare audit test scripts to support findings. Report deficiencies or exceptions to management and assist with remediation tracking. Develop report for management Coordinate with internal and external auditors. Work closely with IT teams, business units, and SOX/Compliance functions. Recommend improvements to control design or processes. Contribute to automation and optimization of controls testing. Analytical and detail-oriented. Strong communication and documentation skills. The skills you bring! Strong knowledge of SAP systems, SOX, ITGC and COBIT. Experience of audit tools like GRC Understanding of DevSecOps, Software engineering and Agile ways of working Knowledge of Ericsson Information Security Management System. Ericsson Information Security Assessments and Audits. Ericsson IT processes General cyber / information security concepts, CIA, Threats and Vulnerabilities. Cloud Security. Ericsson Information Security Risk Management Instruction. Ericsson Information Security Requirements. Ericsson Information Security Measurements. Third Party Security Management. Security Governance and Compliance. Certifications: SAP, COBIT, SOX, CISSP, CEH, IT4IT, CISA, CISM, CLOUD SECURITY understanding Why join Ericsson What happens once you apply Primary country and city: India (IN) || Noida Req ID: 769907