847 Cisa Jobs - Page 8

Job Description: GRC AEM(Assessment & Exception Management) Skill set -> 3.5-6 years of experience working in Global Risk and Compliance domain. Required Qualifications Degree in computer science, engineering, IT or equivalent technical degree. Certification preferred: ISO - 27001, CISA and CISM. Preferred Qualifications In-depth knowledge with at least 3-5 years of experience working Global Risk and Compliance domain. Strong communication skills working with users across globe on Information Security best practices exception, assessments and audit modules. ISO-27001, CISA, CISM certifications a plus. o Working shift -> 4:45pm to 1:15am At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We re committed to fostering an inclusive environment where everyone can thrive. Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here .

Equifax is where you can power your possible. If you want to achieve your true potential, chart new paths, develop new skills, collaborate with bright minds, and make a meaningful impact, we want to hear from you. Synopsis of the role Looking for a Cyber Security staff with audit experience in consulting/cooperate on ISO 27001, Internal Cyber security reviews of customers and Vendor Infosec Risk assessments. What you ll do Risk Management: Identify, assess, and mitigate information security risks to the organizations assets, data, and systems. Compliance: Ensure compliance with relevant laws, regulations, and industry standards, such as GDPR, NIST, PCI-DSS, and ISO 27001. Handle Internal and External ISO 27001:2013 Audits. Perform customers (members) security Risk assessments, due Diligence Onboarding & reviews. Manage and coordinate for all regulatory (RBI etc) submissions Security Awareness: Develop and implement security awareness training programs for employees to promote a culture of security. Incident Response: Develop and manage incident response plans to ensure prompt and effective response to security incidents. Vulnerability Management: Implement vulnerability management processes to identify, classify, and remediate vulnerabilities in systems and applications. Security Architecture (Cloud and On Prime) : Design , review and implement secure architectures for systems, networks, and applications. Third-Party Risk Management: Assess and mitigate information security risks associated with third-party vendors and service providers. What experience you need Masters or Bachelors degree in Computer Science or Electronic & telecommunication, Information Security, or related field. Certifications: CPENT, CEH ISO 27001, or CISA certification preferred. Experience: Minimum 4 -5 years of experience in information security. Strong knowledge of information security principles, risk management, and compliance. Excellent communication skills. Experience with cloud security platforms and technologies Soft skills: Time management - Effective time management and prioritizing Collaboration - Ability to work & collaborate with cross functional teams Adaptability: Ability to adapt to changing security landscapes and professional environments. What could set you apart People management skills & Positive attitude Good Communication skill Passion to continuously learn and work to add value to the organization security environment. We offer a hybrid work setting, comprehensive compensation and healthcare packages, attractive paid time off, and organizational growth potential through our online learning platform with guided career tracks. Are you ready to power your possibleApply today, and get started on a path toward an exciting new career at Equifax, where you can make a difference! Primary Location: IND-Mumbai-Equifax Credit Information Services Function: Function - Security Governance and Compliance Schedule: Full time

Education and Qualifications B.S./M.S. in Computer Science, Engineering, Statisctics and Mathematics, Information Systems and/or equivalent formal training or work experience. Work Experience 12+ years of industry experience including 3+ years in leadership roles. Budgeting, Planning and Forecasting. Technical / Professional Skills Please provide at least 3 Strong analytical, creative, problem-solving and critical thinking skills. Ability to analyze industry trends and developments both within and beyond telco industry. Champion and drive adoption of innovative and industry defining solutions Lead comprehensive analysis to understand underlying drivers and present a compelling business case for proposed IT solutions. Experience in managing complex products/solutions and capability development projects. Expertise in Google AI services including Dialogflow, AutoML, STT, TTS, Vision AI, Cloud Natural Language, Cloud Translation etc. Extensive knowledge of current and trending data/information technologies such as AI/ML, data lakes, cloud (AWS, Google and Azure), data governance, geospatial data etc. Experience in architecting solutions for optimal extraction, transformation and loading of data from a wide variety of traditional and non-traditional sources such as structured, unstructured, and semi-structured using SQL, NoSQL and data pipelines for real-time, streaming, batch and on-demand workloads. Strong understanding of IT risk, information security fundamentals, defence-in-depth practices, IT risk assessment fundamentals and risk management practices Competent in Agile methodologies

About the Role: Grade Level (for internal use): 10 The Team The Customer Experience, a new shared capability within Market Intelligence, partners closely with the Sales organization to deliver a differentiated customer experience. This group enables our sales team and businesses by overseeing customer success, sales operations, and implementation of commercial technology. This includes Salesforce, alignment to targets in strategic growth areas, and empowers accelerated growth and delivery by putting the customer at the core of everything we do driving a full customer experience that differentiates us from our competitors. The Proposal & Customer Assessment Team is part of the broader commercial solutions. An enabling function to assist with due diligence questionnaires, risk assessments, audits, and other customer inquiries. Our goal is to enable new revenue generation via RFX & deliver superior customer satisfaction by providing high-quality proposals & relevant information during pre/post-sales. We serve a vast array of clients across geographies and are committed to the client-first mindset. Responsibilities and Impact This position within the Proposal & Assessment Team is integral to supporting Market Intelligence commercial teams in responding to the growing volume of client audits and inquiries. The person will collaborate closely with product, risk, compliance, legal, and functional teams, to ensure client requirements are met effectively. Responding/Managing client audits and risk assessments from end to end, maintaining awareness of internal controls and audit trends to uphold the efficacy of the audit process. Serving as the primary point of contact for our top customers, assisting them in meeting their vendor management requirements. Cultivating partnerships and closely collaborating with corporate and divisional groups to seek information and influence approaches and outcomes. Developing familiarity with Market Intelligence's audit processes and the company's cyber security policies, standards, processes, and controls. Tracking assessment and audit outcomes, management responses to address findings, and follow-up activities, and producing reports for executives and management. Undertaking additional tasks and responsibilities as directed by the team manager, while continuously enhancing the overall process to align with evolving industry standards. What W ere L ooking F or Bachelor's degree in a related field, or equivalent professional experience in Third-Party Risk Management (TPRM) , Audit, and Risk. 6-7+ years of relevant experience in conducting audits or responding to audits, within a SaaS-related business environment. Demonstrated understanding of client-initiated audits and organizational controls. Familiarity with CISA, ISO Standards, NIST, and SOC standards. Proven track record of building strong relationships resulting in successful outcomes. Ability to collaborate effectively with a global team spanning multiple time zones. Competencies Exceptional communication and interpersonal skills, adept at engaging and influencing stakeholders across all levels. Demonstrated flexibility and negotiation prowess to achieve optimal outcomes. Proficient in efficiently managing multiple concurrent projects, with a keen ability to adapt as priorities evolve. Exhibits creativity and perseverance in devising solutions. Possesses strong analytical and problem-solving capabilities, proficient in assessing complex information and formulating actionable strategies. Fosters robust working relationships with internal colleagues, facilitating collaboration and synergy within teams. About S&P Global Market Intelligence At S&P Global Market Intelligence, a division of S&P Global we understand the importance of accurate, deep and insightful information. Our team of experts delivers unrivaled insights and leading data and technology solutions, partnering with customers to expand their perspective, operate with confidence, andmake decisions with conviction.For more information, visit www.spglobal.com/marketintelligence . Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. Recruitment Fraud Alert If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com. S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, pre-employment training or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here. ---- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ---- 20 - Professional (EEO-2 Job Categories-United States of America), SLSGRP202.1 - Middle Professional Tier I (EEO Job Group)

Executives are typically project team members who will be involved in conducting process consulting/ internal audit/ risk consulting and execution of other solutions of GRCS Executives may lead a small team of analysts/trainees on engagements. Consistently deliver quality client services and take charge of the project area assigned to him/her. Monitor progress, manage risk and verify key stakeholders are kept informed about progress and expected outcomes. Demonstrate in-depth technical capabilities and professional knowledge. Demonstrate ability to assimilate to new knowledge. Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge. The job would require travel to client locations within India and abroad. THE INDIVIDUAL Have experience in process consulting/ internal audit/ risk consulting. Possess strong domain knowledge, understanding of business processes and possible risks in operations of various Sectors. Ability to perform and interpret process gap analysis. Understanding of control rationalization, optimization, effectiveness, and efficiency Strong analytical and problem-solving skills. Possess strong data analytics skills and knowledge of advanced data analytical tools will be an advantage. Strong written and verbal communication skills (presentation skills) Ability to work we'll in teams. Basic understanding of IT systems, Knowledge of MS office (MS Excel, PowerPoint, Word etc) Have the ability to work under pressure - stringent deadlines and tough client conditions which may demand extended working hours. Willingness to travel within India or abroad for continuous long periods of time. Demonstrate integrity, values, principles, and work ethic. Qualification Qualified CAs/ MBAs with 0 - 2 years OR Graduates with 2 - 4 years of relevant experience in risk consulting/ operations or compliance function role (Understanding of internal audit, business processes, sector understanding). Certifications like Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA) would be an added advantage. People BENEFITS Continuous learning program Driving a culture of recognition through ENCORE our quarterly rewards and recognition program Comprehensive medical insurance coverage for staff and family Expansive general and accidental coverage for staff Executive Health checkup (Manager & above, and for staff above the age of 30) Les Concierge desks. Internal & Global mobility Various other people friendly initiatives Strong commitment to our Values such as CSR initiatives

Are you passionate about integrating complex software systems and troubleshooting technical issuesDo you want to contribute to the development and evolution of strategic platformsAre you motivated to work in a complex, global environment where ideas are valued, and effort is appreciated We are looking for an Integration Engineer to join our team and help us to: integrate Attribute Based Access Control software with various Credit Suisse (CS) and UBS systems (Active Directory, Entitlement System, Data Catalogue, etc) (35%) troubleshoot software issues at Level 3, collaborating with internal teams, vendors, and other CS/UBS teams (network, cloud, security, IT on business side) (25%) conduct research and hands-on learning with different technologies (DBs, Cloud services, Application Solutions) across on-prem, Azure, and SaaS (25%) prepare and automate upgrades of vendor software on platforms like Azure Kubernetes Services and OpenShift (5%) prepare and automate building software and necessary elements (rpm, msi, ARM/Terraform) for test environments (Azure cloud, Linux/Windows/Citrix servers) (5%) improve and maintain CI/CD pipelines (GitLab, Azure DevOps pipelines, Jenkins) (5%) You will join a dynamic team responsible for integrating and maintaining complex software systems. Our team collaborates with various departments and technical teams worldwide, ensuring seamless integration and high-quality solutions. We work during standard European hours and focus on delivering secure, available, and high-performance solutions. ideally 8+ years of experience in IT, preferably in an enterprise or corporate environment experience with Continuous Integration (CI) and Continuous Deployment CD understanding of information security concepts (Data Protection, DLP, IRM, Identity and Access Management, Cryptography) both on-prem and in the cloud familiarity with Data Protection, Data Scanning, and Data Catalogue products and technologies experience in designing and engineering new IT services at scale experience in global rollout of new enterprise-wide services and integration of vendor products experience working with regulatory requirements (eg, GDPR, FINMA, MAS) security certifications such as CISSP, CISA, CSSLP, CISM, CCSP

The Global Information Security (GIS) Technology Risk Management Analyst will work with peers in Global Information Security (GIS) and across the Technology Division to ensure that third party technology risks are properly identified, assessed, monitored, and communicated in support of the overall Third Party Risk Management (TPRM) program. The Analyst will assist with the continuous improvement and daily operation of the GIS Third Party Risk Management (GIS TPRM) program. Responsibilities Include: Work with peers to identify and assess Information Security risks Conduct risk assessments using CME Groups established GIS Third Party Risk Management assessment process Collaboratively author and edit various assessment related documents including Deficiencies Observed, Summary of Work, Risk Advisory Memos, exceptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities Participate in and contribute to various working groups across the Technology Division, including, but not limited to, Third Party Risk Management working group, Governance, Risk Management, and Compliance (GRC) working group, etc. Assist the GIS TPRM function with: Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage third party technology risks Providing advisory and consulting services to the Information Technology Management Team related to InfoSec risks, treatment strategies, and decision-making Assist in the preparation of management reports, presentations, metrics, and other documentation required to support governance functions Assist in compiling and delivering business and operational metrics at regular intervals Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support Problem Solving: Objectively assess the impact, likelihood, and velocity of identified risks Objectively advise on any number of controls that will mitigate risk while not imposing undue burden on those who must implement the controls Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers Rapidly analyze complex technical details Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the company Decision Making: Recommend risk treatment decisions Recommend remediation actions when risk mitigation is desired Recommend improvements to methods, instrumentation, training, documentation, and processes Recommend solutions for automating and streamlining GIS TPRM risk management practices Working Relationships: Interacts with peers across all elements of the Technology Division Communicate regularly with cross-functional peers outside of the Technology Division, including Legal, Information Governance, Global Operations, Global Assurance (Internal Audit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership Interact occasionally with industry peers from other Systemically Important Financial MarketUtilities(SIFMUs),research organizations, solution providers, etc. Required Experience: Bachelors Degree or equivalent experience Minimum of 1 to 3 years of relevant experience in publicly traded companies or finance/technology industry operations with third party risk management experience a plus Experience in at least two of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit Experience working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, COBIT, etc.) Demonstrable knowledge of a broad range of InfoSec technologies and practices Demonstrable, impeccable writing skills for technical, management, and executive audiences Additional preferred experience: Demonstrable knowledge of InfoSec risk management methods and practices Experience with operating GRC solutions Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.)

Job Title:IT SOX-Risk Management-Audits & Business Continuity PlanningExperience5-10 YearsLocation:Bangalore : IT SOX, Risk Management, Audits, Business Continuity Planning

Job Title: Senior Manager Information/Cyber Security Job Location: Pune / Bangalore / Mumbai Job Summary: We are looking for a seasoned professional in Information/Cyber Security to be part of the Digital Trust and Security team at Capgemini Invent This role requires a resource who is experienced in managing client-facing cybersecurity programs, providing strategic advisory, and enhancing security capabilities within the organization. Key Responsibilities: Client Advisory & Leadership: Lead cybersecurity engagements for clients, and providing strategic direction and ensuring alignment with their business and security goals. Program Oversight: Manage the delivery of multiple cybersecurity projects, ensuring high-quality service, timely execution, and compliance with client expectations. Risk Management & Compliance: Oversee risk assessments for clients and ensure the implementation of security controls that meet industry standards (ISO 27001, NIST, GDPR, etc.). Team Development: Mentor and develop the internal cybersecurity team, fostering a culture of continuous improvement and ensuring the team is equipped to handle evolving client needs. Stakeholder Engagement: Collaborate with senior client stakeholders, including C-level executives, to communicate security risks, program progress, and recommend improvements. Innovation & Thought Leadership: Drive the adoption of new security technologies and best practices, positioning the organization as a thought leader in cybersecurity services. Business Development & Solutioning: Lead the development of cybersecurity solutions tailored to client needs, aligning with emerging threats and industry trends. Collaborate with sales and account teams to identify new business opportunities and expand client relationships through cybersecurity offerings. Develop and present compelling proposals, including RFP/RFI responses, for cybersecurity services. Engage in pre-sales activities, providing expertise and thought leadership to support business development efforts. Drive solution architecture and proposal strategies for large-scale cybersecurity projects to win new business. Required Skills and Qualifications: Master’s degree in Information security, Cybersecurity, Information Technology , or a related field. 10-15 years of experience in Information/Cybersecurity , with at least 7 years in a client-facing leadership role within a consulting environment. Deep understanding of cybersecurity frameworks (e.g., ISO 27001, NIST etc.) and regulatory standards (GDPR, HIPAA, PCI-DSS etc.). Proven track record in managing complex security programs for large clients, including risk management, cloud security, incident response , and compliance management . Certifications such as CISSP, CISM, CRISC, CISA, or PMP are highly preferred. Personal Attributes: Strong leadership and team-building skills, with a focus on mentoring and developing the next generation of cybersecurity leaders. Excellent communication and presentation skills, with the ability to influence senior stakeholders at client organizations.

Education Qualifications (As on 30.06.2025) Basic Education Qualifications Essential: B.E/B. Tech in (Computer Science/ Computer Science & Engineering/ Information Technology / Information Security/ Electronics/ Electronics & Communications Engineering/ Software Engineering or equivalent degree in above specified discipline) OR MCA or M. Tech/ M.Sc. in (Computer Science/ Computer Science & Engineering/ Information Technology/Information Security/ Electronics/ Electronic & Communications Engineering or equivalent degree in above specified discipline) from a University/ Institution/ Board recognized by Govt of India/ approved by Govt Regulatory Bodies Other Qualifications: (As on 30.06.2025) Essential: CISA, CEH, ISO 27001:LA (All 3 certificates are Mandatory & should be Valid as on the date of Interview) CISA issued by ISACA, USA, CEH issued by EC Council, USA & ISO 27001 Lead Auditor issued by only accredited Certification Bodies (NABCB National Accreditation Board for Certification Bodies). Desirable: CISSP by ISC2, MBA from recognized institute/university. Both are optional in nature Experience (Post Basic Education qualifications) (As on 30.06.2025) Essential Experience: Minimum 15 years experience in BFSI / IT / Information Security Consultancy on IS Audit / Cyber Security Audit, out of which minimum 10 years experience in leadership role. Preferred Experience: Experience in handling Red Team exercise / VA-PT preferred. Training & Teaching experience will not be counted for eligibility. The experience mentioned / claimed should be supported by a suitable certificate / letter issued by the concerned employer. Specific Skills (Preferred) Experience in VAPT tools like Nessus, Retina, SAINT and Kali Linux and other system tools. Experience in implementing Regulatory / CERT-In advisories and guidelines in IS Audit/ Cyber Security Audit. Knowledge of Data Privacy Standards. Experience in assessing the Supply Chain Cyber Risk during vendor audit.

Implement security strategy, policies & controls.Oversee risk, vendor security, BCDR, vulnerability remediation & AppSec.Drive compliance, training,audits,and continuous improvement.GRC tool expertise,ISO27001 Implementer/Auditor,CGRC/BCMS preferred.

Consultant/Senior Consultant || SOX || Gurgaon || (Immediate joiners preferred) What are we looking out for: Skilled and detail-oriented SOX Compliance and Internal Audit Consultant who will play a critical role in ensuring compliance with SOX requirements through the design, execution, and assessment of internal controls over financial reporting (ICFR). Job Profile (Non IT SOX): Responsible for executing client-related engagements in the areas of SOX 404 & Clause 49 assistance, Governance, Risk & Compliance (GRC), Internal Audits, Process Reviews, Standard Operating Procedures,. Responsible to discuss with risk owners for identification and assessment of key risks and development of mitigation plans Perform gap assessments by conducting detailed walkthroughs with process owners and identifying opportunities for automation, process transformation Review and assess the design of internal controls to ensure they address key risks and comply with SOX requirements. Develop detailed process narratives, risk control matrices (RCMs), and flowcharts. Information Produced by the Entity (IPE) Testing - Evaluate the reliability of information used in the execution of controls; perform detailed testing to validate the accuracy, completeness, and integrity of IPEs; ensure that data sources and logic align with control objectives. Management Review Controls (MRC) testing Test the design and operating effectiveness of Managements review of financial and operational data; evaluate the documentation, criteria, and frequency of management reviews; assess the quality of evidence and identify any gaps in the review process. Working on SOX readiness Assess the existence, efficiency, and effectiveness of the SOX control environment by directing control/process optimization. Collaborate with cross-functional teams, including accounting, IT, and operations, to ensure control objectives are met. Assist clients in preparation for external audits by addressing auditor inquiries and providing necessary documentation. Inspect companys policies and procedures; perform evaluation of control design; and carry out assessment of the effectiveness of company internal controls concerning business processes and systems. Review of working papers & client folders. Suggest ideas on improving engagement productivity and identify opportunities for improving client service. Create/manage status trackers and report the statuses and/or challenges to the Project Manager/Director, clients and all other stakeholders over status calls. Ensure compliance with engagement plans and internal quality & risk management procedures. Keep abreast of emerging technologies with the IT environment and help in developing audit plans to counter whatever risks that might be associated with the application of such technologies. Assist seniors & managers in developing new methodologies and internal initiatives. Create a positive learning culture, coach, counsel and develop junior team members. Attention to detail and mentor young interns and analysts within the practice. Perform other duties that may be assigned by management. Qualification: Graduate/ Post-Graduates

As a candidate for this position, you will be responsible for performing and documenting testing on consulting, compliance, and internal audit engagements with a focus on IT risk, strategy, and governance within financial institutions. You will also provide training and supervision for engagement staff, identify findings, and document opportunities for process improvement. Additionally, you will research technical issues that arise during engagements and assist Managers and/or Senior Managers in developing strategic solutions to meet client needs. Furthermore, you will work closely with Managers and/or Senior Managers on engagement planning, execution, and issuing a final report that meets client deadlines. You will also play a key role in setting the foundation for developing relationships with clients through networking and business development activities. Your motivation to meet client deadlines and provide excellent client service will be crucial to your success in this role. In terms of qualifications, a Bachelor's degree is required for this position. Preferred certifications include CISA, CISM, or CISSP. If not already certified, you must meet the educational requirements to obtain a license upon hire in the state of employment. Additional certifications such as CPA, CIA, CRCM, CAMS, CFIRS, CFE, and/or CFF are considered a plus. The ideal candidate will have a minimum of 3 years of experience in information systems, internal audit, regulatory compliance, or consulting services. Experience in network engineering/administration with a security emphasis is preferred. Knowledge of IT control and/or services management standards such as CObIT, ITIL, and ISO is also preferred. Previous experience in banking or credit unions would be advantageous. You should possess the ability to work effectively as part of a team as well as independently. Creative problem-solving and research skills are essential, along with excellent verbal and written communication abilities. Strong analytical and report writing skills are required, and proficiency with Microsoft Office applications such as Word, Excel, PowerPoint, and Outlook is expected. The ability to handle multiple priorities, tasks, and simultaneous projects is a key attribute for success in this role.,

As the Identity & Security Visionary at Diageo, you will be a crucial part of the Security & Network Enterprise Architecture team, focusing on shaping the future of Identity Management across the organization. Your role will involve contributing to the broader cybersecurity strategy, with a split focus of approximately 60% on Identity and 40% on Security domains, adapting as per the evolving business needs. Your responsibilities will include: - Translating business objectives into a robust architecture for Identity and Access Management (IAM) and cybersecurity. - Collaborating with stakeholders to define Diageo's vision and capabilities in these areas, developing a 3-5 year roadmap for leveraging technology to ensure secure access to critical assets while enhancing user experience. - Designing target and interim architectures, evaluating current capabilities, and guiding technology selection for future requirements. - Ensuring alignment with the overall architecture strategy by fostering collaboration among stakeholders. - Overseeing IAM and cybersecurity changes to ensure strategic alignment, value for money, and suitability for purpose. - Driving the adoption of the architecture roadmap by closely working with internal teams. - Influencing portfolio investments for key technology solutions aligned with the roadmap. - Establishing and maintaining strong relationships with technology vendors and suppliers. - Providing technical expertise and guidance to senior leadership on strategic approaches and solutions. - Staying informed about business priorities, emerging technologies, and cyber threats to identify transformation opportunities in IAM and cybersecurity. - Contributing to the success of Enterprise Architecture within Diageo. Requirements: - A total of 12 years of experience, with a minimum of 5 years in an Enterprise Architect or similar role. - Expertise in developing capability models, reference architecture, and technology roadmap artifacts. - Profound knowledge of IAM principles and frameworks, Privileged Access Management, Identity Governance, and B2B/B2C Identity & Access Management. - Familiarity with cybersecurity best practices and frameworks such as NIST CSF. - Understanding of risk management and security concepts. - Experience with enterprise architecture frameworks like TOGAF and Zachman is advantageous. - Exposure to relevant IAM and security solutions and technologies. - Previous experience in a large and complex enterprise environment is beneficial. - Security certifications like CISSP or CISA are a plus. In addition to technical expertise, the ideal candidate should possess strong business acumen and leadership qualities, including the ability to think strategically, communicate effectively with senior stakeholders, and deliver integrated Business-IT strategies. Building international and cross-functional relationships, working with executive sponsors, and documenting technical solutions clearly and concisely are also essential aspects of the role.,

Provide strong domain leadership managing a team of audit professionals in F&A/ HRO/ S&F services Lead teams performing Risk Assessments, Process Walkthroughs, Process Documentation Narratives, Process Flow Diagrams, Finalize Risk and Control Matrix, Lead assignments on Test of Control Effectiveness, Control Design , support remediation efforts for control failures - SOX and ISAE SSAE compliance. Lead Interventions Special Assignments at Client Engagements identifying reasons for operations failures, critical errors, process weaknesses Performing Root Cause Analysis remediating and resolving causes. Requirement to interact with overseas clients and senior stakeholders within and external to the company. Skill Description Working Knowledge of processes like AP,AR and RTR is mandatory Reasonable knowledge of Information Technology ITGC Controls; Information Systems Audit Knowledge of Key F&A Compliances required ISAE 3402, SSAE 16, SOX Strong Analytical Skills; Strong Spreadsheet skills; Excellent command over English Language Experience of working in a GBS delivery environment Mandatory Experience using ERPs SAP, Oracle and other Business Enterprise Applications. Educational Qualifications & Experience Chartered Accountant with minimum 7-9 years post qualification audit experience. Graduate/ MBA with 11 + years of experience CISA with experience of Information Systems Audit with client engagements. Experience in leading Teams of Auditors representing the entities for which they have been Audit Managers. Supervisory review experience of 4+ years.

Provide strong domain leadership managing a team of audit professionals in F&A/ HRO/ S&F services Lead teams performing Risk Assessments, Process Walkthroughs, Process Documentation Narratives, Process Flow Diagrams, Finalize Risk and Control Matrix, Lead assignments on Test of Control Effectiveness, Control Design , support remediation efforts for control failures - SOX and ISAE SSAE compliance. Lead Interventions Special Assignments at Client Engagements identifying reasons for operations failures, critical errors, process weaknesses Performing Root Cause Analysis remediating and resolving causes. Requirement to interact with overseas clients and senior stakeholders within and external to the company. Skill Description Working Knowledge of processes like AP,AR and RTR is mandatory Reasonable knowledge of Information Technology ITGC Controls; Information Systems Audit Knowledge of Key F&A Compliances required ISAE 3402, SSAE 16, SOX Strong Analytical Skills; Strong Spreadsheet skills; Excellent command over English Language Experience of working in a GBS delivery environment Mandatory Experience using ERPs SAP, Oracle and other Business Enterprise Applications. Educational Qualifications & Experience Chartered Accountant with minimum 7-9 years post qualification audit experience. Graduate/ MBA with 11 + years of experience CISA with experience of Information Systems Audit with client engagements. Experience in leading Teams of Auditors representing the entities for which they have been Audit Managers. Supervisory review experience of 4+ years.

Lowe s Companies, Inc. (NYSE: LOW) is a FORTUNE 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2024 sales of more than $83 billion, Lowe s operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe s supports the communities it serves through programs focused on creating safe, affordable housing, improving community spaces, helping to develop the next generation of skilled trade experts and providing disaster relief to communities in need. For more information, visit Lowes.com . Job Summary The primary purpose of this role is to manage a team focused on defining, implementing and/or maintaining processes and tools that support enterprise technology security. This includes accountability for optimizing performance of services that span security and technology domains, including Operations, Policy, Governance and Delivery. In addition, this role provides insight and recommendations to inform the ongoing strategy for health and care of assigned security processes and tools. This individual manages people which includes responsibility for setting individual and team expectations, delegating assignments and managing performance, identifying talent needs, and coaching and developing team members. With a focus specifically on Network Security Engineering , this role manages the technical aspects of developing, implementing and maintaining security infrastructure systems within various computing environments. This role manages team(s) through all system development lifecycle phases and provides insight and recommendations to inform the ongoing strategy for health and care of assigned domain(s) and/or platform(s). With a focus specifically on Security Threat & Vulnerability , this role manages a team and associated processes focused on vulnerability identification or remediation. This includes providing day-to-day management of information security and risk activities, including oversight of vulnerability assessments and remediation programs serving both internal and external stakeholders. Qualifications Minimum Qualifications Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field) 10+ years IT experience with a broad range of exposure to all aspects of business/system planning, analysis, and application development 10+ years of experience leading project or technical teams with or without formal direct report responsibility; this includes experience providing technical direction, thought leadership, coaching and mentoring to team members 10+ years of experience with information security tools, concepts and practices Familiarity with multi-platform technology environments and their operational/security considerations Experience managing projects and project resources to meet goals on simultaneous/multiple projects Preferred Qualifications Master s Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field IT experience in the retail industry Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen) Experience in a PCI/Retail technology environment Leadership experience with direct report responsibility Experience managing in an Agile environment Experience leading global teams Experience with process management methodologies such as Six Sigma or ITIL Delivery methodologies (Agile, Scrum, SAFe) Broad knowledge of infrastructure (network and servers), network architecture, services and security policies Security Governance, Risk & Compliance 4 years of experience in one or more of the following fields: technical, security or privacy education/training, information security, external/internal audit, risk management (specific to Security Governance, Risk and Compliance role) 3 years of experience conducting or leading PCI-DSS assessments (specific to Security Governance, Risk and Compliance role) Network Security Engineering 10+years of experience in Security Engineering (specific to Security Engineering role) Advanced knowledge of core Information Security concepts related to security infrastructure components (specific to Security Engineering role) Knowledge of retail regulatory scope (PCI, SOX, etc.) (specific to Security Engineering role) 5 years of experience in Security Engineering (VPN, layer 4 to layer 7 firewalls, etc.) (specific to Security Engineering role) Security Threat & Vulnerability 6 years of experience in Information, Network, or Application Security (specific to Security Threat & Vulnerability role) Advanced knowledge of core Information Security concepts related to Threat and Vulnerability Management or Offensive security testing (specific to Security Threat & Vulnerability role) Knowledge of retail regulatory scope (PCI, SOX, etc.) (specific to Security Threat & Vulnerability role) Lowe's is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.

ASSOCIATE CONSULTANT Experienced in Information Security Risk Management with experience in implementing and maintaining Risk Management frameworks (ISO 31000 & ISO 27001) Should have executed and managed consulting and audit assignments for clients in the areas such as internal audit, operational risk management and compliance management. Should be adept at conducting gap analysis, risk assessments to identify vulnerabilities. Have worked with organizations to develop Business Continuity Plans and Disaster Recovery related processes. Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Should have Knowledge on information security incident management. Specific Duties and Responsibilities Include: Proactively protect the organizations information by ensuring appropriate information security controls are in existence and enforced Conduct audits to verify the compliance to organizations security standards Assist in Business Continuity Planning and Implementation. Metrics collection & reporting Must Have Skills Excellent communication and presentation skills. Able to effectively interact with various functions. Good to have Skills / Certification Minimum: ISO27001:2013 Lead Auditor course Good to have: CISSP, CISA, CISM, ISO22301QualificationBE/ BTech, MCA, MBA with specialization in Information Security #eviden

ASSOCIATE CONSULTANT Experienced in Information Security Risk Management with experience in implementing and maintaining Risk Management frameworks (ISO 31000 & ISO 27001) Should have executed and managed consulting and audit assignments for clients in the areas such as internal audit, operational risk management and compliance management. Should be adept at conducting gap analysis, risk assessments to identify vulnerabilities. Have worked with organizations to develop Business Continuity Plans and Disaster Recovery related processes. Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Should have Knowledge on information security incident management. Specific Duties and Responsibilities Include: Proactively protect the organizations information by ensuring appropriate information security controls are in existence and enforced Conduct audits to verify the compliance to organizations security standards Assist in Business Continuity Planning and Implementation. Metrics collection & reporting Must Have Skills Excellent communication and presentation skills. Able to effectively interact with various functions. Good to have Skills / Certification Minimum: ISO27001:2013 Lead Auditor course Good to have: CISSP, CISA, CISM, ISO22301QualificationBE/ BTech, MCA, MBA with specialization in Information Security #eviden

Policy & Framework Management: Define, review, and update cybersecurity policies, procedures, and standards to align with business and regulatory requirements.Regularly review and update Security Configuration Documents (SCDs).Drive the adoption and alignment of the NIST Cybersecurity Framework.Implement and manage the Unified Compliance Framework to streamline regulatory mapping.Security Controls & Automation: Conduct configuration reviews across critical systems and platforms.Lead initiatives to automate policy management and control validation.Evaluate and recommend risk management solutions and security technologies.Risk & Change Management: Perform third-party/vendor risk assessments, including onboarding, periodic review, and offboarding processes.Collaborate with IT and operations teams for firewall rule lifecycle management.Participate in and govern the Change Management process to ensure security reviews and approvals.Compliance & Audit: Ensure continuous compliance with RBI, IRDAI, UIDAI, ISO 27001, IT Act 2000, and other applicable regulatory and industry standards.Prepare, maintain, and manage documentation for internal and external audits.Track, report, and drive mitigation for audit findings and exceptions.Implement and maintain continuous compliance monitoring tools and practices.Reporting & Governance: Develop and report on cybersecurity posture to senior leadership and key stakeholders.Maintain and deliver Service Level Agreements (SLA) reports and performance metrics.Design and manage Key Risk Indicators (KRI) dashboards to support informed decision-making.Conduct periodic exception reviews and manage approval workflows. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field.6+ years of experience in cybersecurity governance, risk, and compliance (GRC).Strong understanding of NIST, ISO 27001, UCF, and regulatory standards (RBI, IRDAI, UIDAI, IT Act).Proven experience in policy lifecycle management, audit coordination, and risk assessment.Familiarity with firewall rule governance, change management, and automated compliance tools.Excellent communication, analytical, and stakeholder management skills. Preferred technical and professional experience CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, CGEIT

Job Area: Finance & Accounting Group, Finance & Accounting Group > IT Internal Audit Qualcomm Overview: Qualcomm is a company of inventors that unlocked 5G ushering in an age of rapid acceleration in connectivity and new possibilities that will transform industries, create jobs, and enrich lives. But this is just the beginning. It takes inventive minds with diverse skills, backgrounds, and cultures to transform 5Gs potential into world-changing technologies and products. This is the Invention Age - and this is where you come in. General Summary: Unique opportunity to join Qualcomms Corporate Internal Audit & Advisory Services department within the SOX Program Management Office (PMO) organization to support the IT SOX 404 and 302 Compliance efforts. The departments activities and services focus on assisting the Audit Committee of the Qualcomm Board of Directors and Management in the evaluation and improvement of processes that identify and manage risks related to achieving Qualcomms business objectives. Key responsibilities include: Lead the IT SOX 404 risk assessment and scoping exercise, execute the process and control walkthroughs, assess the design of controls, develop and enhance comprehensive test plans, and perform independent testing Perform deficiency root cause analyses and assist management with the development of remediation plans Offer effective supervision to, and review the work of other auditors, including the companys co-sourcing audit partners Collaborate with Qualcomm management to identify financial risks, assess business impacts, and present potential solutions (leading practices) As a key member of the SOX PMO, the successful candidate will be a primary interface between IT management and the external auditors to provide guidance, support, training, and project management Collaborate with the external auditors in the planning and execution of SOX 404 requirements and ensure all deadlines are met with high quality deliverables Participate and assists in ad-hoc projects such as system implementations when needed Three to seven years of recent relevant professional experience in IT SOX compliance for a fast-paced global company or a public accounting firm (Big 4 or mid-tier). Prior SOX PMO experience preferred. Independent and adaptable team player with strong project management skills to comfortably lead and conduct multiple significant projects and tasks with quality, accuracy, and attention to detail. Strong critical thinking with sound judgment and decision-making skills. Self-motivated, positive, and professional attitude. Exceptional prioritization, organization, and time-management skills to consistently meet deadlines with quality deliverables in a fast-paced environment. Strong interpersonal skills (including oral and written communications) with the ability to lead all related interactions with various levels of the organization including middle and senior management. Excellent understanding of internal controls, frameworks (COSO, COBIT), fundamental audit methodology, SOX 302 and 404 requirements. Strong ability to understand IT and business process risks and related controls Experienced with leading practices for business processes, financial accounting, and reporting risks to ensure compliance with GAAP and external reporting requirements Delivers high-quality work products (form and substance) including the ability to prepare written documents (e.g., work papers, PowerPoint presentations, audit reports, etc.) that clearly lay out key messages Professional Certifications (e.g., CPA, CISA, CIA preferred) ERP experience with Oracle EBS a plus Semiconductor business experience or familiarity Fluent English; multi-lingual capability is a plus Strong communication (oral and written) and presentation skills Fast learner with strong, organization, analytical, critical thinking, and problem-solving skills Ability to work in flexible and non-hierarchical team environment Willingness to get things done and take responsibility Ability to recognize and apply a sense of urgency, when necessary Positive attitude, professional maturity, good work ethic Ability to work independently, handle multiple projects simultaneously, and multi-task to meet deadlines with high-quality deliverables Bachelor's degree in Accounting, Business Administration, Management Information Systems, or related field. Applicants Qualcomm is an equal opportunity employer. If you are an individual with a disability and need an accommodation during the application/hiring process, rest assured that Qualcomm is committed to providing an accessible process. You may e-mail or call Qualcomm's toll-free number found . Qualcomm expects its employees to abide by all applicable policies and procedures, including but not limited to security and other requirements regarding protection of Company confidential information and other confidential and/or proprietary information, to the extent those requirements are permissible under applicable law. To all Staffing and Recruiting Agencies: Please do not forward resumes to our jobs alias, Qualcomm employees or any other company location. Qualcomm is not responsible for any fees related to unsolicited resumes/applications. If you would like more information about this role, please contact .

You will be responsible for conducting application security reviews for Web, Mobile (Android and iOS), and API technologies. Your role will involve assessing and identifying potential vulnerabilities in the technology being developed before implementation. You should have expertise in application security testing methodologies such as SAST, DAST, and MAST, with experience in web application, API security, and mobile application security testing according to industry standards like OWASP top 10, SANS top 25, etc. It would be beneficial to have knowledge of programming and scripting languages such as Java, JavaScript, Angular, Spring Boot, Kotlin, and Swift. Familiarity with tools like Burp Suite, Postman, SoapUI, Checkmarx, Netsparker, Nexus IQ, Kryptowire for security testing and analyzing scanned reports is essential. Moreover, a strong understanding of application security tooling and experience in driving automation within the delivery environment is required. You must hold industry-recognized Information Security and Cyber Security qualifications such as CISSP, CISA, OSCP, GIAC GPEN, GIAC GMOB. A deep understanding of security industry trends, major vulnerabilities, and security threat landscape is crucial. Knowledge of Zero Trust security principles and practical implementations is necessary. While a degree is desirable, it is not mandatory. Experience in supporting major programs, security architecture, creating security designs, and displaying positive leadership behaviors related to risk management and mitigation is expected. Proficiency in collaboration tools like SharePoint, Teams, Confluence, and JIRA is advantageous. Hands-on experience in working with DevOps and Agile teams to incorporate security in the software development lifecycle is a key requirement. Additionally, experience in application risk assessment, threat modeling, and working closely with delivery teams for security risk remediation is important. About the Company: Purview is a leading Digital Cloud & Data Engineering company with headquarters in Edinburgh, United Kingdom and a presence in 14 countries including India, Poland, Germany, USA, UAE, Singapore, Australia, among others. The company provides services to Captive Clients and top-tier IT organizations, delivering solutions and resources to clients worldwide. Company Information: Purview Services 3rd Floor, Sonthalia Mind Space Near Westin Hotel, Gafoor Nagar, Hitechcity, Hyderabad Phone: +91 40 48549120 / +91 8790177967 Gyleview House, 3 Redheughs Rigg South Gyle, Edinburgh, EH12 9DQ Phone: +44 7590230910 Email: careers@purviewservices.com Login to Apply!,

You will be responsible for conducting third-party risk assessments in alignment with ISO 27001:2022 and ISO 22301:2019 frameworks. Your duties will include identifying, assessing, and mitigating risks related to information security, business continuity, and third-party vendors. Collaboration with cross-functional teams and external stakeholders to drive risk mitigation strategies will be a key aspect of your role. Additionally, drafting and reviewing policies, procedures, and audit reports will be part of your responsibilities. As a TPRM Consultant / Senior Consultant, you will need to effectively communicate complex risks and findings to both technical and non-technical audiences. Strong verbal and written communication skills will be essential for this. Furthermore, you will be expected to solve complex problems using structured critical thinking and issue-resolution approaches. Ensuring adherence to internal standards and client requirements at every phase of the engagement will be crucial. Excellent stakeholder management, critical thinking, and problem-solving abilities are key skills required for this role. Language proficiency in English is mandatory for this position. Additionally, fluency in Tamil and Hindi would be considered a plus. Certifications in ISO 27001:2022 or ISO 22301:2019 are mandatory for this role. Possessing certifications such as CEH, CISA, CISM, CompTIA Security+, or GISF would be advantageous.,

As an organization focused on re-imagining agricultural insurance through the innovative integration of Public Cloud, GIS, Remote-sensing, and cutting-edge AI-based algorithms, we at Kshema are dedicated to empowering the future of agricultural insurance. Leveraging the latest advancements in Mobile and Geospatial technologies, we are committed to revolutionizing the industry. We are currently seeking a Chief Information Security Officer (CISO) who will play a pivotal role in driving our cyber security strategy and ensuring strict compliance with regulatory and statutory guidelines pertaining to information and cyber security. As the CISO, you will be entrusted with the responsibility of enforcing policies aimed at safeguarding the organization's information assets and coordinating all information/cyber security-related matters internally and externally. **Key Responsibilities:** - Develop a comprehensive Information Security Roadmap for the organization with a forward-looking perspective. - Establish and oversee an enterprise-wide information security and IT risk management program. - Lead the implementation and review of Hardware, Network, and Software Security Standards and Controls to fortify systems, data, and assets against internal and external threats. - Implement Security Assessment and Testing Processes, including Penetration Testing, Secure Software Development, and Vulnerability Management. - Identify and deploy cutting-edge Security Products/Tools for various purposes. - Proactively monitor and address security issues, potential threats, and vulnerabilities to enhance security standards continually. - Conduct Information Security awareness training for all employees. - Execute Security Assessment practices such as Audits and Reviews. - Provide strategic guidance and consultation for IT Projects, including security risk assessments. - Conduct real-time analysis, investigations, and forensics when necessary to enhance security measures. - Develop strategies to manage security incidents and conduct investigations. - Maintain regular communication with stakeholders on Information and Data Security Practices and Activities. - Implement a strategy for deploying information security technologies to mitigate cyber-attack risks. - Continuously evaluate current IT security practices and systems for enhancement. - Ensure compliance with the latest regulations and requirements. - Develop and implement business continuity plans. **Desired Skills and Experience:** - Engineering Graduate/Post-Graduate in fields such as Computer Science, IT, Electronics, Communications, or Cyber Security. - Minimum of 15 years" experience in risk management, information security, or cyber security. - Profound knowledge of information security management frameworks like ISO/IEC 27001 and NIST. - Familiarity with DevSecOps, Secure SDLC, Security Automation, Security Testing, DR & BCP Concepts. - Experience in financial forecasting and budget management. - Understanding of Industry Security Standards, Protocols, and Data Privacy Regulations. - Ability to navigate ambiguity and devise solutions for complex problems. - Experience in contract and vendor negotiations and management. - Proficiency in Agile software development practices. - Collaboration skills to work effectively with cross-functional teams. - Relevant certifications such as CISSP, CEH, CISA, and CISM are advantageous. - Hands-on experience in designing, implementing, and operating security in public clouds like AWS, Azure, Oracle, or GCP. - Strong written and verbal communication skills with a high level of integrity. - Excellent presentation skills. Join us at Kshema and be a part of our mission to redefine agricultural insurance through innovation and technology.,

Risk Management Service Engineer 1 Job Summary Assist in implementing and maintaining SOX controls supporting the Application Managers for Intern applications and 3rd party Applications, support internal and external audits, and identify potential SOX compliance risks. Key Responsibilities: Assist in maintaining SOX controls for 1P and 3P products Support internal and external audits related to SOX compliance Support engineering teams and Application Managers during SOX walkthrough Managing evidence requirements initiated by Internal audit Performing quality and compliance check of evidence submitted by engineering and Application management Support engineering and Application Management for remediation of SOX deficiencies Test and evaluate the effectiveness of SOX controls Document control testing procedures and findings Identify and report control deficiencies Prepare reports and documentation for SOX compliance activities Communicate SOX compliance status and findings to management and stakeholders Support onboarding, testing and maintenance of controls for new systems in SOX scope Collaborate with cross-functional teams to ensure thoroughness and accuracy of controls testing Educational Qualifications: Bachelors degree in accounting, finance, or a related field Experience: 5-7 years of experience in SOX compliance, internal controls, or auditing Knowledge: Strong understanding of SOX regulations, internal controls, and accounting principles Skills: Strong analytical and problem-solving skills Excellent communication and interpersonal skills Ability to work independently and as part of a team Certification: CISA preferred.