Jobs
Interviews

728 Cisa Jobs - Page 9

Setup a job Alert
JobPe aggregates results for easy application access, but you actually apply on the job portal directly.

5.0 - 10.0 years

7 - 12 Lacs

Hyderabad

Work from Office

TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance and employee benefits, including health insurance, retirement plans and workers compensation insurance. TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If you re passionate about innovation and making an impact on the large SMB market, come join us as we power our clients business success with extraordinary HR. JOB SUMMARY The Staff Vulnerability Management Analyst is a key member of the Global Security Cyber Defense team responsible for identifying, analyzing, and driving the remediation of vulnerabilities across enterprise systems, applications, and cloud environments. Based in Hyderabad, India, this role plays a critical part in protecting the organizations digital assets by ensuring vulnerabilities are promptly addressed and risk is effectively communicated to stakeholders. Essential Duties/Responsibilites Lead the execution of the enterprise Vulnerability Management Program, including the design, scheduling, and tuning of automated vulnerability scans across endpoints, servers, cloud assets, and container environments. Ensure the health and performance of scanning tools and infrastructure, including asset discovery, credentialed scanning, and optimization of scan coverage. Analyze scan data to identify true positive vulnerabilities, eliminate false positives, and work with asset owners to ensure timely and effective remediation. Conduct regular assessments of container images, infrastructure-as-code (IaC), and cloud-native platforms to identify misconfigurations and known vulnerabilities. Collaborate with cross-functional teams, including Cyber Defense, Security Architecture, Security Engineering, Application Security, Risk, Engineering, and Technology to coordinate remediation activities and provide technical guidance on mitigating identified risks. Support continuous improvement by tracking and reporting remediation SLAs, scan coverage metrics, and program KPIs, while partnering with system owners to ensure timely compliance with remediation timelines. Design and deliver actionable dashboards and executive-level reports to drive data-informed remediation decisions and communicate risk posture effectively. Stay current on emerging threats, vulnerability disclosures (CVEs), and industry benchmarks such as CIS, NIST, and OWASP. Act as a backup resource to the Cyber Defense team, assisting in threat hunting, incident response, and vulnerability-related investigations. Performs other duties as assigned Complies with all policies and standards QUALIFICATIONS Education Bachelors Degree Work Experience Typically 5+ years experience in vulnerability management or a related cybersecurity domain. Licenses and Certifications CISSP - Certified Information Systems Security Professional CISM - Certified Information Security Manager GIAC Certified Incident Handler (GCIH) CEH: Certified Ethical Hacker CISA - Certified Information Systems Auditor Knowledge, Skills and Abilities: Hands-on experience with vulnerability scanning platforms such as Microsoft Defender Vulnerability Management, Tenable, Qualys, Rapid7, or similar. Experience working in ServiceNow Vulnerability Management suite is preferred. Experience with security orchestration and automation tools (e.g., Microsoft Sentinel, Logic Apps, ServiceNow SecOps, Splunk SOAR) is a plus, particularly within Microsoft Defender environments. Solid understanding of common operating systems (Linux, Windows), networking, cloud platforms (AWS, Azure, GCP, Oracle), and container technologies (Docker, Kubernetes). Expertise in security tools and technologies (e.g., SIEM, intrusion detection systems, firewalls) and the ability to analyze and interpret security data to identify vulnerabilities and threats. Strong understanding of cybersecurity principles, frameworks, and best practices, including risk management, incident response, and regulatory compliance (e.g., NIST, ISO 27001, NIST 800-53, PCI-DSS). Familiarity with vulnerability prioritization methodologies (e.g., CVSS, EPSS, threat intelligence enrichment) is a plus. Strong analytical and troubleshooting skills with the ability to interpret complex data sets, convey technical findings to both technical and non-technical audiences, and contextualize vulnerabilities in terms of business impact and operational risk. Experience building and presenting vulnerability management reports at a leadership level is preferred. Experience in creating technical documentation, runbooks, playbooks, and training materials for vulnerability management. Excellent communication and interpersonal skills. Proficient in Microsoft Office Suite. Detail-oriented and well organized. Self-motivated and capable of working independently within a small, high-performing team that values critical thinking and sound decision-making. Contributes to a team culture of inclusion, transparency, and innovation, by actively sharing ideas and taking ownership of impactful work. Highly ethical and professional. Work Environment: Work in a clean, pleasant, and comfortable office work setting. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable persons with disabilities to perform the essential functions. This position is 100% in office.

Posted 3 weeks ago

Apply

8.0 - 14.0 years

15 - 19 Lacs

Noida

Work from Office

Head of Security TReDS Full-time | Senior Leadership Role Experience - 8-14 years Location: Noida (Hybrid) About C2Treds C2Treds is an RBI-approved TReDS platform, of C2FO the world s leading on-demand working capital platform. Our mission is clear: to empower every MSME in India with the working capital they need to thrive, driving long-term sustainability and economic growth. At C2Treds, a strategic initiative by C2FO, we are transforming the landscape for MSMEs in India by unlocking easier access to working capital. As India s only fintech platform offering both Early Pay and TReDS functionalities, we enable businesses to bypass receivables delays, enhance financial agility, and unleash their full growth potential. We understand that MSMEs are the backbone of India s economy, contributing to 30% of the country s jobs. Yet, these businesses often face significant barriers like restrictive debt cycles, high interest rates, and delayed payments that stifle their growth potential. That s where C2Treds comes in with over 50,000 MSMEs in C2FO s India network, we are dedicated to breaking down these financial barriers and providing a direct path to success. By joining C2Treds, you ll be part of an innovative, growth-driven company at the forefront of transforming MSME financial empowerment and shaping India s economic future. As the Head of Security, you will be the strategic architect and operational guardian of TReDS information security landscape. You ll lead the design, execution, and management of robust security initiatives to safeguard the platform s data, systems, and networks ensuring resilience in a regulated and rapidly evolving fintech ecosystem. Key Responsibilities Design and execute a holistic information security strategy that aligns with TReDS business goals and complies with relevant regulatory mandates. Lead comprehensive risk assessments and vulnerability scans to proactively identify and address security threats. Develop and enforce information security policies, standards, and protocols to minimize risk and protect sensitive data. Oversee daily security operations and ensure rigorous adherence to security policies and procedures across the TReDS platform. Spearhead incident response efforts, coordinating with stakeholders to swiftly contain, investigate, and mitigate security breaches. Direct real-time monitoring and threat detection through security systems and tools, enabling rapid response to potential intrusions. Ensure organizational compliance with all applicable industry standards, legal requirements, and regulatory frameworks. Conduct regular audits and security assessments to uncover and resolve compliance gaps. Collaborate with cross-functional teams to embed security best practices into business processes. Lead identification, evaluation, and mitigation of security risks tied to operations, technology infrastructure, and third-party relationships. Develop and operationalize a dynamic risk management framework that prioritizes and addresses key threats. Assess and manage security risks associated with external vendors and partners, ensuring adherence to TReDS security benchmarks. Champion a security-first mindset across the organization, mentoring team members and promoting a culture of accountability, awareness, and excellence. Required Qualifications Bachelor s degree in Computer Science, Information Security, or a related discipline. Recognized certifications such as CISSP, CISM, or CISA. Minimum 6 years of experience in leading information security teams. In-depth knowledge of security frameworks and standards, especially those relevant to the Indian financial sector. Demonstrated success in building and executing enterprise-grade security programs. Strong leadership, interpersonal, and communication skills. Ability to thrive in fast-paced, high-stakes environments. Familiarity with cloud security principles and data privacy regulations. Preferred Qualifications Prior experience in the fintech domain. Knowledge of Indian data privacy regulations, including the Personal Data Protection Bill. Commitment To Diversity And Inclusion As an Equal Opportunity Employer, we not only value diversity and equality, but we also empower our team members to bring their authentic selves to work every day. Our goal is to create a workplace that reflects the communities we serve and our global, multicultural clients. We recognize the power of inclusion, emphasizing that each team member was chosen for their unique ability to contribute to the overall success of our mission. #LI-NS

Posted 3 weeks ago

Apply

5.0 - 10.0 years

7 Lacs

Mumbai

Work from Office

The Manager, Continent Security Partnerships, Property Security Compliance is a key role in continent security aspects relating to planning, executing and managing the Marriott Security Compliance Assessment program, providing the necessary support to above property and on property teams. The objective for this role is to attain maximum security compliance status and ensure that all IT Operations in the continent follow the company security standards. Enforce Marriott Security Standards and requirements for properties. The role will perform tracking and reporting on the established security policies and processes as implemented at the hotels and will have a direct reporting line to the Senior Director/Director, Continent Information Security Partnerships. This position maintains strong relationships with and provides support to Area Operation/IT Leaders with continent operations and provides assistance in liaising with additional teams within Information Security and will require to travel for up to 75% of the work capacity. CANDIDATE PROFILE Education and Experience 5+ years Information Technology or information security work experience including: 3+ years in executing technology plans and/or information security projects, programs, and/or portfolios 2+ years in implementing enterprise security risk management frameworks and processes. Bachelor s degree in Computer Sciences, Information Technology, Information Security, Cybersecurity or related field or equivalent field experience. Fluent in English, both spoken and written. Preferred: Professional certifications related to security assessment, such as CISA, CRISC, PCI ISA, ISO/IEC 27001 Lead Auditor, etc. Hotel IT Management. Cybersecurity experience. Good understanding of PCI DSS and NIST CSF. Expert level understanding of key network and technical security controls. Experience participating in and coordinating activities for security incident responses. Knowledge of global regulatory standards to include GDPR and CCPA. Ability to demonstrate security experience via certifications (CISSP, CISM, etc.) or significant career accomplishments. Demonstrated ability to apply organizational information security policies at a discipline unit level. Knowledge of IT security within an infrastructure environment. Proven ability to effectively prioritize and execute tasks in a high-pressure environment. Experience in business systems and process planning. Graduate/postgraduate degree. CORE WORK ACTIVITIES Lead and execute audits, security assessments, and control reviews across infrastructure, applications, data, cloud, and third-party services. Evaluate the effectiveness of information security controls (technical and administrative) aligned with corporate standards. Perform risk-based assessments and identify vulnerabilities, non-compliances, and improvement opportunities. Review historical audit and assessment findings and real-time observations, both internal and external, to determine areas for improvement, including developing and disseminating best practices, standardized configurations, and implementation guides across the hotel portfolio. Review artifacts, interview key stakeholders and identify areas for improvement. Develop and manage the end-to-end audit or assessment program, including planning, scoping, scheduling, stakeholder engagement, fieldwork, and follow-up. Organize and facilitate kick-off meetings, status updates, walkthroughs, and closing sessions. Track and report audit timelines, milestones, and risk issues to ensure timely completion. Build relationships and collaborate with key stakeholders to develop pragmatic remediation plans and track closure progress through defined follow-up cycles. Prepare clear, concise, and well-structured audit reports with actionable findings and risk ratings. Provide input on risk treatment strategies, control enhancements, and policy updates. Develop effective communication plans to collaborate with the stakeholders by customizing individual needs. Contribute to the maturity of the information security internal audit methodology, templates, and knowledge base. Additional Functions Represents Security in signing off on new property openings reviewing the implemented policies and controls. Provides tactical communications and issues remediation planning and implementation with the continent IT Operations team. Signs off the new property openings including tracking that all necessary information on the property systems and security readiness is registered, such as application inventory. Facilitates educational calls, materials and meetings to the Continent IT Operations and field associates Tracks the compliance performance of the continent and work with on property IT associates along with the Area IT Managers towards issues remediations, providing necessary escalations and follow ups to the respective teams. Reporting on security & compliance related metrics to different stakeholders including GIS, Continent leadership Provides answers to general questions and queries around IT security and other related queries. Identifies learning and knowledge gaps and facilitates educational calls, materials and meetings to the Continent IT Operations and field associates Additional Responsibilities Informs, updates, and provides information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person in a timely manner. Attends and participates in all relevant meetings. Presents ideas, expectations and information in a concise, organized manner. Uses problem solving methodology for decision making and follow up. Maintains positive working relations with internal customers and department managers. Manages time effectively and conducts activities in an organized manner. Performs other reasonable duties as assigned by manager.

Posted 3 weeks ago

Apply

0.0 years

30 - 35 Lacs

Pune

Work from Office

: In Scope of Position based Promotions (INTERNAL only) Job TitleIT Auditor, AVP Corporate TitleAVP LocationPune, India Role Description You will be responsible for auditing Deutsche Banks technology and security controls. You will be involved in the planning, preparation, coordination and execution of audits to evaluate the adequacy and effectiveness of internal controls related to IT Infrastructure services primarily within TDI Global Technology Infrastructure including End User Computing. You will undertake audit assignments, draft and consolidate audit reports as well as tracking and closing audit findings. You will work as part of a global team, spread across the US, Germany, the United Kingdom and Singapore What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities What Youll Do Plan, prepare, coordinate and execute audits to evaluate the adequacy and effectiveness of cyber security controls in accordance with Group Audits Methodology. Contribute to Continuous Monitoring and overall implementation of Group Audit Methodology. Undertake audit assignments, draft and consolidate audit reports for review by audit management and facilitate finding tracking and validate closure of findings. Participate in ad hoc projects and special inquiries. Work closely with colleagues in New York, Jacksonville, London, Birmingham, Berlin, Frankfurt and Singapore. Your skills and experience Skills Youll Need University degree in computer science, mathematics, engineering or a related scientific degree. Certifications as CISA, CISM, CISSP or equivalent qualification in the areas of information security, project management or process-/quality management would be an advantage. Demonstrable experience in one or more of the following disciplinesIT infrastructure, IT production, IT operation such as system administrator, database administrator, operator in a data centre or software development for IT infrastructure applications. Experience in IT Audit, IT risk management or information security. A fundamental understanding of the following Audit disciplinesaudit concepts (e.g. pre-/post implementation audits), controls in outsourced environments (e.g. for managed services), auditing project management and auditing IT service- and quality management. Skills That Will Help You Excel Very good written/verbal communication skills and the ability to communicate effectively in conflicts and at all management levels. Language skills beyond English are not a requirement, but are generally useful. Experiences in analyzing and articulating IT Infrastructure risks combined with a good understanding of IT services and IT processes in an enterprise environment. Flexibility, pro-active, self-sufficient and innovative with strong organizational skills to take ownership and responsibility of agreed targets and meet them within budget to enable a timely and efficient completion of audit projects. Ability to multi-task assignments and prioritize the workload with limited supervision and be resilient under pressure and the ability to deliver to deadlines. How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Posted 3 weeks ago

Apply

1.0 - 4.0 years

4 - 7 Lacs

Gurugram

Work from Office

About this role Role Description: The Information Security team member will augment the Supply Chain Security team and play an integral part in the development, implementation, and compliance of technical security across the enterprise. The candidate will be key contributor to ongoing security assessments of third-party tools and products and will regularly act as a voice of Information Security to business teams and management, building cyber security confidence in support of business development and governance processes. Responsibilities: Perform focused assessments of existing or new service providers, and technologies being introduced into the firm s environment. Experience in performing cyber security due diligence assessments of third-party service providers and vendors. Provide governance and oversight over existing and new SaaS and IaaS products Influence the overall direction for securing infrastructure, applications and third parties service providers for the firm Communicate risk assessment findings to information security stakeholders or business partners and influences the risk mitigation Provide consultative advice to information security customers that enables them to make informed risk management decisions Performing assessments of new and existing Internet of Things (IoT) Deployments Identify appropriate controls to effectively manage information risks as needed Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk Maintain strong working relationships with individuals and groups involved in managing information risks across the organization Support the documentation of Information Security Policies and Standards Security assessments of third-party software packages deployed on machines Perform vulnerability impact analysis of newly identified vulnerabilities of the firm s critical service providers Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the skills and competencies necessary to be highly effective in the role. These skills and competencies include: Strong documentation and process-oriented background with experience working on complex technology projects An ability to effectively influence others to account for the plans and collaborative behaviors for results An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners in a way that influences optimum risk mitigation Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one Ability to react to high pressure dynamic changing environments Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one s network within an organization An ability to apply original and innovative thinking to produce new ideas and create innovative products, solutions, or approaches A discipline and interpersonal skills to work well in a global environment, complementing teams in multiple remote locations Experience Degree in Business, Computer Engineering, Computer Science, Information Security, or a related field Working knowledge of data analysis techniques, including Excel, Python and basic SQL skills Experience with agile project management Knowledge of Azure security, AWS security, web security, including API and token security 5+ years Information Security experience 3+ years with risk advisory and senior management communication, metrics, collaboration to drive risk-based results 3+ years of experience with documenting, project management, written analysis for Information Security risk assessments 3+ years of experience in an Enterprise Risk Management and/or assessing controls within a Technology and/or Financial Services firm Experience with information security management frameworks (e. g. , IS027001, COBIT, NIST 800, SOC 2 Type 2) Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA) AWS, GCP, or Azure security certifications are a plus Our benefits . Our hybrid work model . At BlackRock, we are all connected by one mission: to help more and more people experience financial well-being. Our clients, and the people they serve, are saving for retirement, paying for their children s educations, buying homes and starting businesses. Their investments also help to strengthen the global economy: support businesses small and large; finance infrastructure projects that connect and power cities; and facilitate innovations that drive progress. This mission would not be possible without our smartest investment - the one we make in our employees. It s why we re dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive. For additional information on BlackRock, please visit @blackrock | Twitter: @blackrock | LinkedIn: www. linkedin. com/company/blackrock BlackRock is proud to be an Equal Opportunity Employer. We evaluate qualified applicants without regard to age, disability, family status, gender identity, race, religion, sex, sexual orientation and other protected attributes at law.

Posted 3 weeks ago

Apply

9.0 - 14.0 years

27 - 30 Lacs

Bengaluru

Work from Office

Business Title Lead - Zero Trust and IAM Region APAC Country India What we look for 8+ years experience implementing enterprise Identity and Access Management (IAM), Privileged Access Management (PAM) solutions (e. g. Saviynt, Okta, SailPoint, Ping Identity, Omada, Microsoft Identity Manager, Beyond Trust, CyberArk or equivalent IAM solution) in client environments. Familiarity with Zero Trust Network Architecture is desirable Familiarity with service now Ticketing and CMDB is desirable Design, build, operate and automate security solutions and processes to protect the integrity of the organizations networks, systems, applications and data. Experience developing technical strategies, architectures, and roadmaps. Outstanding communication and presentation skills. Able to articulate complex, technical concepts to non-technical audiences. Respond to security incidents, including data breaches, and coordinate with other IT teams to mitigate the impact of any security breaches. Preferred Experience hardening security for Active Directory, Windows, *nix OS. Experience with IDaaS providers such as Microsoft, Okta, Ping Identity, Google Cloud Identity Experience with cloud architectures particularly Azure, AWS, GCP native IAM controls. Experience with Identity Governance processes and solutions such as Saviynt, SailPoint, Ping Identity or equivalent. Experience with Microsoft 365, Active Directory, SAML, OIDC Knowledge of Applied Cryptography and PKI Manage and network security infrastructure Firewall configuration and rule management Cloud proxies services & Network Access control Employee and Partner remote access VPN services Cloud based Web application firewall Development knowledge e. g. Python, Java, C#, . NET, Web Services (SOAP/REST/RESTful, APIs), Shell programming/scripting Preferred Network Infrastructure Security background in both on prem physical security components (firewalls, IDS/IPS , remote access and internet proxies) as well as cloud security services (Zscaler , Azure, GCP). Strong experience of working on SIEM tools like Splunk to analyse logs and correlate events. Experience with User Behaviour Analytics & Workday, SAP, Salesforce Experience with MDM capabilities such as Intune or AirWatch Understanding of trends and regulations to ensure effectiveness and compliance with all regulations and frameworks (NIST, HIPPA-HITECH, HITRUST, PCI, GDPR) Certifications CISSP or SANS, GIAC, CIMP, CEH, CISM or CISA certifications is a plus OKTA - Professional or Consultant is a plus Google/AWS/Microsoft Professional Cloud Architect is a plus Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law . If you are an individual with a disability and you require an accommodation during the application process, please visit www. johnsoncontrols. com/careers .

Posted 3 weeks ago

Apply

8.0 - 10.0 years

17 - 19 Lacs

Mumbai

Work from Office

Some careers open more doors than others. If you re looking for a career that will unlock new opportunities, join HSBC and experience the possibilities. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. Responsibilities: Deliver assigned work within the given timeframes, standards, methodology, budget, and where applicable, lead and deliver audits. Confirm that audit findings and recommendations are understood and with proposed mitigations. Demonstrate knowledge of the applicable Business, Functional, and Regulatory environment, including developing trends, risks, controls, and expectations. Support a strong risk and conduct culture across the Group and promote awareness and sound operational and strategic decision-making. Critically analyse and determine key drivers of change for area of coverage and assess how these will impact audits. Use insights, industry knowledge and current developments to assess areas of concern. Coherently articulate audit exceptions and findings to GIA team members and management, and as necessary to business and/or functional stakeholders. Effectively discuss potentially challenging matters and ability to communicate with impact and articulated in a meaningful way to wide and varied audiences. Be an analytical and critical thinker, who can effectively manage competing priorities and complex challenges to deliver positive outcomes. Apply qualitative and quantitative methods to analyze and investigate challenging scenarios and situations. Be a proactive team player, who leads by example and works constructively across GIA. Effective communication and ability to maintain constructive relationships with stakeholders, team members, and GIA Management. Actively promote collaboration and sharing of ideas across GIA Produce smart, simple, and pragmatic solutions. Requirements The ideal candidate for this role will have the below experience and qualifications: Minimum of 8 to 10 years internal or external audit, business, and/or accounting experience or equivalent, and external audit will be considered, but is not always essential. We also welcome exceptional talent with data analytics or data science background who are keen to work in a leading audit function. Minimum of a bachelor s degree in business, accounting, finance, related field or equivalent experience. Strong understanding of financial services business, risks (e. g. regulatory compliance) and related controls, with a specific focus on retail banking and wealth management. Good analytical skills in identifying risks and control implications. Good communication skills (written and verbal) for managing multiple stakeholders to drive consensus and influence the outcomes. Broad knowledge of the Company, Group and financial services industry, business supported and the regulatory framework they operate in. Knowledge of Data Analytics and ability to apply technology or expertise to business issues or operational problems is desirable, but not essential. Prior International work experience is a plus. Fluency in English. Mature team player who is highly professional. Willingness to travel (max 20%). Ideally hold role relevant qualifications, or pursuing professional qualification (e. g. , CISA, CPA, CFA, CIA, ACAMs etc. ). The base location for this role is Mumbai India, with some travel regionally and occasionally globally. Useful Link Link to Careers Site: Click HERE HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Posted 3 weeks ago

Apply

10.0 - 15.0 years

25 - 30 Lacs

Noida

Work from Office

As a Cyber Security Architect, you will contribute to telecom network security. You will be responsible for providing expert security guidance, designing secure network solutions, and implementing best practices for our complex and dynamic telecom network infrastructure. You Have: Bachelor's degree in Computer Science, Information Security, or Electrical Engineering, with a minimum of 10-15 years of experience in security risk assessment, vulnerability management, or a related field within the telecom industry. Experience in security principles, methodologies, and best practices specifically relevant to telecom networks. Experience with security frameworks such as ISO 27001, NIST Cybersecurity Framework, or similar, with a focus on their application to telecom networks. Experience on conducting threat modeling, vulnerability analysis, and impact assessments for telecom network infrastructure. Experience with network security technologies such as firewalls, intrusion detection systems, VPNs, and network segmentation. Familiarity with telecom protocols and standards (e.g., SS7, Diameter, SIP) and their security implications. It would be nice if you also had: Certifications - ISO 270001 LA/LI, CISA , ITIL V3/4. Exposure to complex problem-solving and managing multiple projects simultaneously. You will be in part of developing and implementing secure network architectures, including firewall configurations, intrusion detection systems, VPNs, and network segmentation, tailored to the specific needs of telecom clients. You need to identify vulnerabilities and security weaknesses in existing telecom networks and recommend remediation strategies. You need to advise clients on best practices for securing their telecom networks, including threat modeling, vulnerability analysis, and risk mitigation strategies. You need to work with clients to establish comprehensive security policies and procedures that align with industry best practices and regulatory requirements. You will focus on threats and vulnerabilities specific to the telecom industry and recommend appropriate countermeasures for the network. You need to provide technical expertise and guidance related to security incidents affecting the telecom network. You will be designing training programs for the specific needs of personnel involved in managing and operating the telecom network. You will be focusing on the security strategy for the telecom network and its integration with the broader organizational security strategy.

Posted 3 weeks ago

Apply

10.0 - 15.0 years

20 - 30 Lacs

Hyderabad, Bengaluru

Work from Office

Risk Management Service Engineer 1 Job Summary Assist in implementing and maintaining SOX controls supporting the Application Managers for Intern applications and 3rd party Applications, support internal and external audits, and identify potential SOX compliance risks. Key Responsibilities: Assist in maintaining SOX controls for 1P and 3P products Support internal and external audits related to SOX compliance Support engineering teams and Application Managers during SOX walkthrough Managing evidence requirements initiated by Internal audit Performing quality and compliance check of evidence submitted by engineering and Application management Support engineering and Application Management for remediation of SOX deciencies Test and evaluate the effectiveness of SOX controls Document control testing procedures and ndings Identify and report control deciencies Prepare reports and documentation for SOX compliance activities Communicate SOX compliance status and ndings to management and stakeholders Support onboarding, testing and maintenance of controls for new systems in SOX scope Collaborate with cross-functional teams to ensure thoroughness and accuracy of controls testing Educational Qualifications: Bachelor's degree in accounting, nance, or a related eld Experience: 5-7 years of experience in SOX compliance, internal controls, or auditing Knowledge: Strong understanding of SOX regulations, internal controls, and accounting principles Skills: Strong analytical and problem-solving skills Excellent communication and interpersonal skills Ability to work independently and as part of a team Certication: CISA preferred

Posted 3 weeks ago

Apply

4.0 - 9.0 years

10 - 17 Lacs

Bengaluru

Hybrid

Role SOX ITGC Team Manager Location Bangalore (1 week WFO & 3 weeks WFH) & Shift - 3pm to 12pm Qualification CA with 4+ yrs of experience Certification CISA mandatory *************************************************** IMMEDIATE JOINERS REQUIRED Send your updated CV directly to: 9152808909 **************************************************** Job Description: Plan implement, coordinate, and execute all phases of SOX testing compliance process (including leading walkthroughs, identifying/validating key controls, developing testing procedures, execute and document testing, reporting results to management). Manage updates to process documentation and control matrices for existing SOX processes and assist in the preparation and review of documentation for new processes. Perform reviews over SOX deliverables (including testing support and process documentation) of junior resources to ensure work paper documentation standards are consistent with quality expectation. Collaborate and build relationships with key stakeholders and leverage those relationships to influence process/internal control enhancements. Coordinate with external auditors on a consistent cadence to align on testing approach to drive SOX testing reliance strategy. Partner with stakeholders to consult on remediation conditions for SOX control deficiencies and perform independent validation of managements action plans for issue closure. Responsible for quality and timeliness of deliverables, including conclusions on control effectiveness and impact of control deficiencies. Act as a key contact person for all internal and external groups on matters related to SOX and Internal controls. Work with technology leads and identify automation opportunities of SOX planning and testing activities. Identify opportunities to implement data analytics in SOX testing using knowledge of the risk environment and interdependencies within multiple business processes. Consults through ad-hoc advisory engagements while working closely with business units to share risk considerations as they undergo strategic projects. Promotes staff development through real-time coaching and feedback. Actively participates or leads department strategies and initiatives. Desirable Skills SOX experience Has worked in BIG4 consulting firm for at least 2 years. Strong critical thinking and problem-solving skills around complex business issues Project, and time management skills. Effective verbal and written communications, including active listening skills and skills presenting findings and recommendations. Ability to effectively influence individuals to action at different levels of internal and external organizations. Flexibility, adaptability, and comfort in dealing with new business areas and situations. Educational and Qualification: CPA & CIA is a strong plus. Work Experience: CA with 4+ years of relevant experience (Highly Preferred) MBA Finance only (with minimum 7+ years of relevant SOX experience)

Posted 3 weeks ago

Apply

10.0 - 15.0 years

20 - 25 Lacs

Mumbai

Work from Office

We are looking for a highly skilled and experienced Deputy Head to lead our Small and Medium Business-Internal Audit team in Mumbai. The ideal candidate will have 10+ years of experience in internal audit, preferably in the banking or financial services industry. Roles and Responsibility Develop and implement effective internal audit plans to ensure compliance with regulatory requirements. Conduct risk assessments and audits to identify areas of improvement in business operations. Collaborate with cross-functional teams to design and implement process improvements. Provide expert guidance on internal controls, auditing standards, and regulatory requirements. Identify and mitigate risks associated with business operations. Develop and maintain relationships with key stakeholders, including senior management and external auditors. Ensure consistent application and documentation of internal audit methodology. Interface regularly with senior corporate and line of business management to identify control weaknesses and develop recommendations within all divisions and operations of the company. Pursue professional development opportunities, including internal and external training and professional association memberships, and share information gained and best practices with co-workers including team members. Job Chartered Accountant (CA) certification is required, along with Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA). Possess strong knowledge of internal auditing standards, regulations, and industry best practices. Demonstrate excellent analytical, communication, and problem-solving skills. Ability to work effectively in a fast-paced environment and meet deadlines. Exhibit strong leadership and coaching skills, with the ability to motivate and guide junior team members. Maintain a high level of professionalism and integrity, with a commitment to excellence and quality. Strong interpersonal, communication, and team skills are essential, with the ability to work and communicate effectively with all levels of management and staff. Demonstrates leadership and credibility, capable of generating a high degree of respect and trust, building relationships rapidly with various operating units and corporate staff. Self-motivated with a strong commitment to quality. Age & DOB30+ years. Additional Info The selected candidate will be responsible for providing regular reports to the Business/Pre-Audit Committee/Audit Committee on the company''s system of internal controls and significant audit recommendations.

Posted 3 weeks ago

Apply

3.0 - 10.0 years

5 - 12 Lacs

Bengaluru

Work from Office

Manager- Internal Audit Location: Bangalore Experience: 5+ Years What is Muthoot FinCorp ONE? Muthoot FinCorp ONE, is a fintech startup, building a financial ecosystem where customers can access relevant and reliable digital services across an expansive range of digital financial products in segments like Lending, Saving & Investment, Protection, and Remittance. Our products are designed to ensure a simple, reliable, and responsive financial environment for our customers. Envisioned to be the most trusted financial service provider, our app has an easy-to-use interface aimed to enhance user experience and comfortable navigation. Our promoter, Muthoot FinCorp Ltd., is one of the most reputed names in the Fintech industry and has the customers trust in diverse segments like Financial Services, Automotive, Hospitality, Alternate Energy, Real Estate, and Precious Metals. In our quest to build teams across diversified domains, we recently acquired Paymatrix, an award-winning start-up founded in 2016. It has helped us venture into rent and rent-related payments and other vendor payments using credit cards. Currently, we are working on transforming Paymatrix into a Virtual POS platform. Muthoot FinCorp ONE believes in an ownership driven startup culture, where cumulative success is paramount, and each team member is valued and nurtured. Job Summary: We are seeking a highly skilled experienced Manager/Senior manager of Internal Audit background to join our team focused on auditing our digital lending applications. The successful candidate will be responsible for evaluating and assessing the internal controls, process and risk associated with out digital lending platform. This role required expertise in digital lending operations, a strong understanding of audit methodology and the ability to provide strategic recommendations for enhancing controls environments. Key responsibilities: Conduct comprehensive audits of the digital lending application to ensure compliance with regulatory requirements internal polices and industry best practices. Develop and execute risk-based audit plans for assessing the effectiveness of internal controls and processes related to digital lending activity. Identify and analysis key risk and control gaps within the digital lending platform and provide recommendation for mitigating identified risk. Collaborate with cross functional teams including IT, Risk management, compliance and business operations to coordinate audit activities and facilitate remediation efforts. Perform detailed testing of controls, data integrity and security measures implemented within the digital lending applications. Prepare clear and concise audit reports, documenting findings, observation and recommendation for management review and action. Monitor the implementation of audit recommendations and track remediation activity to ensure timely resolution of identified issues. Stay abreast of emerging trends and regulations and developments in the digital lending industry to enhance audit methodology and approach.\ Qualifications: Qualified CA professional, additional certification (CIA, CISA) Experience: Minimum 2 -3 years of experience in internal audit, risk management or compliance role with a focus on digital lending or financial technology (Fintech) platforms. Strong understanding of digital lending process, technology and regulatory requirements. Excellent analytical and problem-solving skills, effective communication skills both verbal and written with the ability to articulate complex issues clearly and concisely to diverse audiences. The role may require occasional travel to conduct meeting with stakeholders. MFL One is an equal opportunity employers and welcome candidate from a diverse background to apply.

Posted 3 weeks ago

Apply

4.0 - 9.0 years

6 - 11 Lacs

Pune

Work from Office

Role Description The 1st line Tech Risk and controls function at Deutsche sits within the Group Technology Infrastructure (GTI) for Deutsche Bank Group. GTI has the largest footprint within the Technology, Data and Innovation division and is joined by other business-aligned CIO IT divisions. The Tech Risk and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner. As part of the team, you will join the Banks journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction. Specifically, you will bring expertise to Control definition and assessments capability across IT Infrastructure, SDLC and Architecture domains supporting a proactive risk management function. It will therefore also include providing change risk advisory services for transformational change programs undertaken by or impacting GTI. You will liaise with other risk and control functions, on a management level to assure the integration of risk initiatives and projects. You will also support Regulatory Adherence and Policy Management function within TDI Risk Management. Its purpose is to provide oversight and supervision of new & changed material regulation impacting TDI, including full traceability to derived DB-specific Policies, Procedures, Key Operating Documents and Supporting Documents. Your key responsibilities Risk & Control Management Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present findings and proposals for risk mitigation measures. Support the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments. Work closely with teams in and out of the division to understand risks impacting the group. Align internal Deutsche Bank policies/procedures against industry recognized framework to strengthen the control framework and its implementation for both within the Bank and our 3rd party vendor relationships Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums Regulatory Adherence and Policy Management Coordination of regulatory adherence assessments across sub-divisions within TDI and management and review of Policies, Procedures, Key Operating Documents, Supporting Documents within TDI. Engage with stakeholders across TDI and other (e.g. 2nd line of defence) divisions in reviewing, assessing, and documenting the impact of regulations and planning remedial actions. Steer and support the publication of a consistent set of global and local Policies, Procedures, Key Operating Documents and Supporting Documents relating to Information Technology from laws, rules, and regulations. Risk remediation and Change Risk Advisory Support the Head of TDI GTI Risk Management in assessing risks related to strategic changes within the GTI Organization Proactively monitor risk landscape shift within the industry to identify transformation project opportunities to insulate Deutsche Bank from any potential risk exposure e.g., Production design life cycle, application and infrastructure architecture and its resilience Stakeholder Management Identify, Partner and Collaborate Work with relevant stakeholders to identify and assess controls gaps related to technology risk - measure and mitigate them in a timely manner Align with COO Division Control Office (DCO) team and NFRM (2nd LoD) ensuring successful and consistent implementation of the established control framework. Promote and support proactive IT risk culture at the Bank. Your skills and experience Desired experience Minimum 5 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework or IT Audit in a global organization. Experience in a regulatory oversight, assurance, or policy management function within technology. Or have suitable compliance or audit background within infrastructure (and preferably IT & Information Security). Extensive experience regarding development, training and implementation of IT Policies, Procedures, Key Operating Documents and Supporting Documents. Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 Other professional qualifications and certifications in Technology risk management Desired behaviors A strong team player comfortable in a cross-cultural and diverse operating environment Result oriented and ability to deliver under tight timelines Ability to successfully resolve conflicts in a globally matrix driven organization Excellent communication and collaboration skills Desire to learn about new and emerging technologies and continuous upskilling Must be comfortable with navigating ambiguity to extract meaningful risk insights.

Posted 3 weeks ago

Apply

1.0 - 6.0 years

7 - 10 Lacs

Bengaluru

Work from Office

At Moss Adams, we champion authenticity. For us, that means fostering a culture of talented people who care about you, about our clients, and about our communities. Here, you ll work towards our mission of empowering others to embrace opportunity, growing as a leader along the way. Our firm s size, middle-market clients, customized career paths, and supportive culture make this a reality. Join a values-driven firm where you ll have fun while solving complex and interesting business challenges. Welcome to our SOC & IT Compliance practice within Moss Adams Risk Advisory & Compliance (RAC). Our team provides SOC 1, SOC 2, and SOC related consulting services. In addition, our team supports our business assurance practice and integrated compliance audits for Sarbanes-Oxley other IT consultative services. We also provide consulting services focused on the IT side of the business and work closely with our Cybersecurity teams. We have direct interactions with clients who range in size from start-up to enterprise. We are currently seeking an SOC IT Compliance Associate. At Moss Adams you will gain knowledge of the firms assurance and consulting services as well as assist project managers, clients, and peers on various consulting and auditing engagements. We move quickly, challenge daily, and are looking for people who are self-motivated and thrive in fast paced deadline driven environments. The opportunity for advancement is accelerated at Moss Adams. Here you have the ability to directly impact training, developing methodology and being involved in the sales & marketing process. This associate will provide IT audit services through testing of client s internal controls related to Information Technology General Controls (ITGCs), advanced IT security controls, as well as business process controls. Does this sound like something you are interested in Individuals who thrive at Moss Adams exhibit the following success skills Collaboration, Critical Thinking, Emotional Intelligence, Executive Presence, Growth Mindset, Intellectual Curiosity, and Results Focus. Responsibilities: Understand the security environment of a client and the defined controls across, setwork, IT and application infrastructure as an associate member of team Create control test cases, execute the tests and provide clear test reports Ensure quality of assessments and tests performed Provide clear estimation to complete the tasks and meet the set timelines Identify opportunities for continuous improvement and contribute to implementing them Qualifications: Bachelor s degree in Computer Science, Information Systems or related degree required, Master s in Tech preferred, or MBA in Finance & Accounting or Systems \Minimum of 1 year of experience performing IT audit for external customers CISA, CISM, CISSP certification or comparable IT security accreditation preferred MCSE, MCTIP, CCNA, GSEC/GIAC, ITIL or comparable accreditation preferred Working knowledge of SOC audits required Proven record of being a fast learner Excellent verbal and written communication skills Analytical and creative problem-solving skill Moss Adams is an Equal Opportunity Employer as to all protected groups, including protected veterans and individuals with disabilities. Moss Adams complies with federal and state disability laws and makes reasonable accommodations for applicants and employees with disabilities. . Certain jurisdictions in the United States require employers to disclose the pay range in job postings. This is the typical range of pay for the position. Actual compensation may depend on factors such as qualifications, work experience, skills, and geographic location. This position may be eligible for an annual discretionary bonus. For more information about our benefit offerings and other total rewards, visit our careers page.

Posted 3 weeks ago

Apply

5.0 - 6.0 years

10 - 14 Lacs

Mumbai

Work from Office

About Godrej Agrovet: Godrej Agrovet Limited (GAVL) is a diversified, Research & Development focused agri-business Company dedicated to improving the productivity of Indian farmers by innovating products and services that sustainably increase crop and livestock yields. GAVL holds leading market positions in the different businesses it operates - Animal Feed, Crop Protection, Oil Palm, Dairy, Poultry and Processed Foods. GAVL has a pan India presence with sales of over a million tons annually of high-quality animal feed and cutting- edge nutrition products for cattle, poultry, aqua feed and specialty feed. Our teams have worked closely with Indian farmers to develop large Oil Palm Plantations which is helping in bridging the demand and supply gap of edible oil in India. In the crop protection segment, the company meets the niche requirement of farmers through innovative agrochemical offerings. GAVL through its subsidiary Astec Life Sciences Limited, is also a business-to-business (B2B) focused bulk manufacturer of fungicides & herbicides. In Dairy and Poultry and Processed Foods, the company operates through its subsidiaries Creamline Dairy Products Limited and Godrej Tyson Foods Limited. Apart from this, GAVL also has a joint venture with the ACI group of Bangladesh for animal feed business in Bangladesh. For more information on the Company, please log on to www.godrejagrovet.com . Designation Location Mumbai Job Purpose We are seeking a highly skilled and experienced IT & OT Infrastructure, Data, and Applications Security Manager to lead the security strategy and implementation for IT & OT (Operational Technology) environments. This role is responsible for ensuring that critical infrastructure, network systems, and applications are secure from cyber threats while ensuring operational continuity in both the IT and OT domains. The position requires a deep understanding of both IT and OT security frameworks, as well as an ability to collaborate with cross-functional teams to safeguard digital assets and operations. Roles & Responsibilities: 1. IT & OT Infrastructure Security: Develop, implement, and maintain security policies, procedures, and controls to protect IT & OT infrastructure components, including servers, networks, industrial control systems (ICS), SCADA, and cloud environments. Collaborate with IT teams to ensure secure integration between IT and OT systems, addressing the unique security requirements of each domain. Conduct regular risk assessments, vulnerability scans, and penetration tests to identify and mitigate threats in IT & OT infrastructures. Manage the security of industrial networks, SCADA systems, and IIoT (Industrial Internet of Things) devices to prevent cyber threats and ensure safe operations. Implement and maintain security for cloud services, on-premises data centers, and critical OT assets, ensuring compliance with industry standards. 2. Data Security : Implement data encryption, tokenization, and masking techniques to protect sensitive and proprietary data across systems, databases, and storage devices. Oversee data classification processes and ensure data protection in compliance with legal and regulatory requirements (GDPR, CCPA, HIPAA, etc.). Ensure proper data backup, disaster recovery, and business continuity planning related to data security. Conduct data loss prevention (DLP) assessments and implement preventative controls. Manage access control policies for databases and ensure segregation of duties for sensitive information. 3. Network Security: Develop and maintain robust network security architecture for IT & OT networks, ensuring protection against unauthorized access, data breaches, and cyber-attacks. Monitor and analyze network traffic and logs to detect potential threats, vulnerabilities, and anomalous activities across IT & OT networks. Implement network segmentation to isolate IT and OT environments while ensuring controlled data exchange between systems. Configure and manage firewalls, intrusion detection/prevention systems (IDS/IPS), and secure VPNs to protect networks from external and internal threats. Manage secure communication channels for IT/OT devices and ensure the proper functioning of secure remote access protocols for IT/OT systems. 4. Applications Security: Lead the implementation of secure application development practices for OT applications. Work with development and OT engineering teams to incorporate secure coding practices into OT software systems. Conduct regular security assessments and code reviews for applications, ensuring that vulnerabilities are identified and mitigated. Oversee security testing of OT applications, including SCADA systems, human-machine interfaces (HMIs), and industrial control software, to ensure that security controls are in place. Implement security controls around application access, user authentication, and data integrity for OT applications. 5. Incident Response & Threat Management: Lead and coordinate response efforts to security incidents involving OT systems, ensuring that containment, investigation, and remediation processes are followed efficiently. Develop and maintain incident response plans that address OT-specific risks, ensuring minimal disruption to critical operations. Conduct post-incident analysis to identify root causes, recommend improvements, and apply corrective actions to prevent future occurrences. Collaborate with internal and external teams (e.g., law enforcement, vendors) during security incidents that may impact OT systems. 6. Security Governance and Compliance: Ensure compliance with relevant industry regulations, standards, and frameworks (e.g., NIST, ISO 27001, IEC 62443, NERC CIP) in OT environments. Implement and enforce security governance, risk management, and compliance strategies across OT assets. Perform regular audits and assessments of OT security controls to ensure compliance with security policies and regulatory requirements. Maintain comprehensive security documentation, including risk assessments, incident reports, and security project plans. 7. Security Awareness and Training: Develop and conduct security awareness training programs for OT staff, ensuring that they are educated on security best practices, emerging threats, and organizational policies. Provide ongoing education to the OT team about the importance of cybersecurity in the context of industrial operations and critical infrastructure. Stay current with emerging security trends, threats, and vulnerabilities specific to OT environments and incorporate new knowledge into security practices. Educational Qualification: : Bachelors degree in Computer Science, Information Security, Cybersecurity, Engineering, or a related field (Master s preferred). Experience: Minimum of 5 to 6 years of experience in IT & OT security, Data security, and application security. Extensive experience securing both OT (industrial control systems, SCADA, ICS, IIoT) environments. Proven experience with network segmentation, firewalls, IDS/IPS, VPNs, and application security frameworks. Familiarity with securing operational technology, including understanding of industrial protocols (Modbus, OPC, DNP3, etc.). Hands-on experience with OT vulnerability management, incident response, and threat intelligence processes. Skills: Expertise in securing network and infrastructure devices, systems, and industrial control systems (ICS). Deep knowledge of network protocols and security mechanisms (e.g., IP, TCP/IP, VPNs, firewalls). Proficiency in securing cloud environments (AWS, Azure, Google Cloud) as well as on-premises systems. Experience with tools for vulnerability scanning, penetration testing, and risk assessments (e.g., Nessus, Qualys, Burp Suite). Certifications : CISSP, CISM, CISA, or similar certifications are preferred. OT-specific certifications such as Certified SCADA Security Architect (CSSA) or IEC 62443 certification a plus. Network security certifications such as CCSP, AWS Certified Security Specialty, or CCNA Security are beneficial. Application security certifications (e.g., CEH, OWASP) are a bonus. An inclusive Godrej Before you go, there is something important we want to highlight. There is no place for discrimination at Godrej. Diversity is the philosophy of who we are as a company. And has been for over a century. It s not just in our DNA and nice to do. Being more diverse - especially having our team members reflect the diversity of our businesses and communities - helps us innovate better and grow faster. We hope this resonates with you. We take pride in being an equal opportunities employer. We recognize merit and encourage diversity. We do not tolerate any form of discrimination on the basis of nationality, race, color, religion, caste, gender identity or expression, sexual orientation, disability, age, or marital status and ensure equal opportunities for all our team members. If this sounds like a role for you, apply now! We look forward to meeting you.

Posted 3 weeks ago

Apply

2.0 - 7.0 years

3 - 8 Lacs

Thrissur

Work from Office

We are looking for a skilled IS Auditor with 28 years of relevant experience to join our team at ESAF Small Finance Bank's Corporate Office in Thrissur. The ideal candidate must hold a CISA certification and possess a strong background in Information Systems Audit Location: Corporate Office, Thrissur Organization: ESAF Small Finance Bank Experience Required: 2 to 8 years Mandatory: CISA Certification

Posted 3 weeks ago

Apply

7.0 - 10.0 years

11 - 15 Lacs

Bengaluru

Work from Office

Position Overview: We are seeking a highly experienced and strategic Third-Party Risk Management (TPRM) professional to lead and enhance our enterprise-wide third-party risk program. This role involves overseeing risk assessments, governance, due diligence, monitoring, and issue management for vendors, partners, and service providers across the organization. The ideal candidate will bring 10–12 years of expertise in risk management, information security, compliance, and vendor oversight, with the ability to collaborate across legal, procurement, technology, and business functions to ensure consistent application of third-party risk controls. Roles and Responsibilities Key Responsibilities: Lead the execution and continuous improvement of the Third-Party Risk Management lifecycle, including on boarding assessments, ongoing monitoring, risk reviews, and exit management. Oversee the development and implementation of TPRM policies, frameworks, and procedures, aligned with regulatory standards such as NIST, ISO 27001, SOC 2, GDPR, DORA, and PCI DSS. Conduct and review inherent and residual risk assessments for new and existing vendors across multiple risk domains (information security, compliance, financial, operational, etc.). Collaborate with procurement, legal, IT, business units, and compliance teams to integrate TPRM into sourcing and contract processes. Drive the automation and scalability of the TPRM program through use of GRC platforms (e.g., ServiceNow, Archer, ProcessUnity, OneTrust). Manage third-party due diligence questionnaires (DDQs), control gap analysis, and track remediation efforts for identified issues. Prepare and deliver executive-level reporting and dashboards related to vendor risk posture, risk acceptance, and compliance status. Stay current on emerging regulatory requirements, supply chain risks, and third-party threats to inform program strategy. Support internal/external audits and regulatory reviews involving vendor risk management. Required Qualifications: 10–12 years of professional experience in Third-Party Risk Management, IT Risk, InfoSec, Audit, or related GRC functions. In-depth understanding of third-party risk domains, including cybersecurity, data privacy, business continuity, and compliance. Experience developing or managing TPRM frameworks and governance structures across global enterprises. Hands-on experience with TPRM tools such as ServiceNow GRC, Archer, OneTrust, Prevalent, or ProcessUnity. Strong knowledge of risk and control frameworks including NIST, ISO 27001, SIG, SOC 2, and GDPR. Proven ability to assess and report on third-party risk posture, remediation plans, and contract compliance. Excellent written and verbal communication skills with ability to influence technical and non-technical audiences. Preferred Qualifications: Relevant certifications such as CISA, CRISC, CISSP, CTPRA, CTPRP, or ISO 27001 Lead Auditor. Experience in regulated industries such as financial services, healthcare, or critical infrastructure.

Posted 3 weeks ago

Apply

5.0 - 8.0 years

5 - 8 Lacs

Amritsar, Punjab, India

On-site

The Sr Analyst, Governance, Risk and Compliance demonstrates a high level of professionalism, prioritizing the effective management of cybersecurity governance, risk, and compliance activities This role will perform, and continuously improve the governance of policies and standards and their integration into processes and controls designed to deliver critical BT services and aligned with applicable industry best practices and standards (eg, NIST, ISO, COBIT, PCI DSS) This role will perform, and continuously improve Risk Management assessments, risk registration, prioritized risk remediation, third party and application evaluations, and will maintain the risk register in Bunge s Governance, Risk and Compliance automation to support the overall effectiveness of the BT organization Essential Functions Actively engage in Governance, Risk, and Compliance activities with key stakeholders to enable effective Cybersecurity policies and standards, exceptions management, enablement and training, and the alignment against applicable industry best practices (eg NIST, ISO, COBIT, PCI DSS) as needed. Facilitate effective audits, compliance reviews, and other internal control-based activities for the Business Technology (BT) organization. Ensure proper engagement, effective root cause analysis, and the development of meaningful and sustainable management action plans. Implement and perform periodic internal control testing procedures and maturity assessments to evaluate the operating effectiveness of BT and Cybersecurity internal controls and related capabilities. Define and identify control gaps, provide recommendations for control process improvements, and support control owners corrective action plans for remediation. Implement and perform compliance and controls assurance processes and procedures to mitigate risks and ensure adherence to regulatory requirements. Conduct risk assessments, internal audits, and investigations to identify and address potential compliance issues. Develop content for comprehensive cybersecurity awareness programs and initiatives to educate employees and stakeholders about cybersecurity risks and best practices. Effectively utilize process automation and reporting through Bunge s Governance, Risk and Compliance (GRC) automation. Actively collaborate and support partner functions across Bunge s Governance, Risk and Compliance functions, and with stakeholders throughout BT and Cybersecurity. Executes operational and supports the implementation of strategic initiatives driven by the department, including collaboration with partner Governance, Risk and Compliance functions. Recognized as an expert within Bunge in the performance and continuous improvement of governance, risk and compliance related services and capabilities. Supports BT compliance with legal and regulatory requirements and adherence to internal control objectives, minimizing BT and Cybersecurity risk & avoiding potential penalties to the organization. Works closely with business units to identify and address compliance gaps, helping to protect the company from financial, legal, and reputational risks. Supports the evaluation, prioritization, registration, monitoring, and mitigation of risks and compliance and control deficiencies through collaboration with various functions within BT and across various Bunge business stakeholder groups (eg, Internal Audit, Legal, Compliance, Privacy). Provides valuable insights and recommendations to enhance the compliance framework and promote a culture of compliance throughout the organization. Leverage industry experience and knowledge of applicable best practices, frameworks, and guidance to define effective programs, monitor and strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge s BT and Cybersecurity internal control environment. Solve highly complex problems that require significant investigation and advanced application of expertise to determine root cause, to advise key stakeholders on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including longstanding or unprecedented improvements without a historical precedent. Qualifications Bachelors degree in computer science or information systems, risk management, accounting, finance, or equivalent combination of education and work experience. 5+ years of experience in compliance and controls assurance, internal audit, or a related field. Prior experience in Sarbanes-Oxley compliance required. Knowledge of Payment Card Industry (PCI) compliance, GDPR (General Data Protection Regulation) compliance or other applicable compliance programs preferred. Demonstrated experience in the monitoring and improvement of Information Technology general controls, Cybersecurity controls, and/or compliance programs required. Solid understanding of Governance, Risk and Compliance methodologies and effective automation through GRC tooling. Experience with Archer GRC preferred. Proven experience working with Information Technology and Cybersecurity frameworks required. Possible examples include, but not limited to: COBIT, NIST CSF, ISO 27k. Certifications such as CIA, CISA, CGEIT, CISSP preferred. Ability to manage and execute parallel activities in a fast-paced, dynamic environment. Ability to build and maintain constructive and collaborative working relationships with a diverse community throughout the organization. Ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences at all levels of the company including executives. Excellent analytical and problem-solving skills Recognized as an expert in internal controls, effective demonstration of compliance, and applicable remediation and mitigation techniques within the organization. Leverage a deliberate proactive approach to the assurance and continuous improvement of BT and Cybersecurity internal controls, staying informed of emerging industry trends and techniques and changes in regulations to ensure continuous compliance. Leverage industry experience and knowledge of applicable best practices (eg, COBIT, NIST CSF, ISO 27k) frameworks, and guidance to establish effective governance, strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge s BT and Cybersecurity programs. Apply expertise to determine root cause, to advise key stakeholders on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including the remediation of longstanding risks and deficiencies. Ability to work independently and as part of a cross functional team. Demonstrates a company ownership mindset, thinking beyond boundaries of their own area. Actively contribute to large global projects that include governance, risk and compliance related capabilities and scope to ensure adherence to applicable policies, assurance of control performance, and the achievement of team and program goals. Ability to work with limited direct management to participate in governance, risk, and compliance related efforts, improve practices, coordinate cross functional activities and to successfully deliver strategic outcomes. Demonstrate an ability to balance the appropriate performance of a control and proper mitigation of risk with the realization of critical business capabilities, working within time, technology, capacity, and budget constraints, and leverage this when working with process and control owners. Effectively utilize process automation and reporting through Bunge s Governance, Risk and Compliance (GRC) automation.

Posted 3 weeks ago

Apply

5.0 - 8.0 years

5 - 8 Lacs

Patiala, Punjab, India

On-site

The Sr Analyst, Governance, Risk and Compliance demonstrates a high level of professionalism, prioritizing the effective management of cybersecurity governance, risk, and compliance activities This role will perform, and continuously improve the governance of policies and standards and their integration into processes and controls designed to deliver critical BT services and aligned with applicable industry best practices and standards (eg, NIST, ISO, COBIT, PCI DSS) This role will perform, and continuously improve Risk Management assessments, risk registration, prioritized risk remediation, third party and application evaluations, and will maintain the risk register in Bunge s Governance, Risk and Compliance automation to support the overall effectiveness of the BT organization Essential Functions Actively engage in Governance, Risk, and Compliance activities with key stakeholders to enable effective Cybersecurity policies and standards, exceptions management, enablement and training, and the alignment against applicable industry best practices (eg NIST, ISO, COBIT, PCI DSS) as needed. Facilitate effective audits, compliance reviews, and other internal control-based activities for the Business Technology (BT) organization. Ensure proper engagement, effective root cause analysis, and the development of meaningful and sustainable management action plans. Implement and perform periodic internal control testing procedures and maturity assessments to evaluate the operating effectiveness of BT and Cybersecurity internal controls and related capabilities. Define and identify control gaps, provide recommendations for control process improvements, and support control owners corrective action plans for remediation. Implement and perform compliance and controls assurance processes and procedures to mitigate risks and ensure adherence to regulatory requirements. Conduct risk assessments, internal audits, and investigations to identify and address potential compliance issues. Develop content for comprehensive cybersecurity awareness programs and initiatives to educate employees and stakeholders about cybersecurity risks and best practices. Effectively utilize process automation and reporting through Bunge s Governance, Risk and Compliance (GRC) automation. Actively collaborate and support partner functions across Bunge s Governance, Risk and Compliance functions, and with stakeholders throughout BT and Cybersecurity. Executes operational and supports the implementation of strategic initiatives driven by the department, including collaboration with partner Governance, Risk and Compliance functions. Recognized as an expert within Bunge in the performance and continuous improvement of governance, risk and compliance related services and capabilities. Supports BT compliance with legal and regulatory requirements and adherence to internal control objectives, minimizing BT and Cybersecurity risk & avoiding potential penalties to the organization. Works closely with business units to identify and address compliance gaps, helping to protect the company from financial, legal, and reputational risks. Supports the evaluation, prioritization, registration, monitoring, and mitigation of risks and compliance and control deficiencies through collaboration with various functions within BT and across various Bunge business stakeholder groups (eg, Internal Audit, Legal, Compliance, Privacy). Provides valuable insights and recommendations to enhance the compliance framework and promote a culture of compliance throughout the organization. Leverage industry experience and knowledge of applicable best practices, frameworks, and guidance to define effective programs, monitor and strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge s BT and Cybersecurity internal control environment. Solve highly complex problems that require significant investigation and advanced application of expertise to determine root cause, to advise key stakeholders on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including longstanding or unprecedented improvements without a historical precedent. Qualifications Bachelors degree in computer science or information systems, risk management, accounting, finance, or equivalent combination of education and work experience. 5+ years of experience in compliance and controls assurance, internal audit, or a related field. Prior experience in Sarbanes-Oxley compliance required. Knowledge of Payment Card Industry (PCI) compliance, GDPR (General Data Protection Regulation) compliance or other applicable compliance programs preferred. Demonstrated experience in the monitoring and improvement of Information Technology general controls, Cybersecurity controls, and/or compliance programs required. Solid understanding of Governance, Risk and Compliance methodologies and effective automation through GRC tooling. Experience with Archer GRC preferred. Proven experience working with Information Technology and Cybersecurity frameworks required. Possible examples include, but not limited to: COBIT, NIST CSF, ISO 27k. Certifications such as CIA, CISA, CGEIT, CISSP preferred. Ability to manage and execute parallel activities in a fast-paced, dynamic environment. Ability to build and maintain constructive and collaborative working relationships with a diverse community throughout the organization. Ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences at all levels of the company including executives. Excellent analytical and problem-solving skills Recognized as an expert in internal controls, effective demonstration of compliance, and applicable remediation and mitigation techniques within the organization. Leverage a deliberate proactive approach to the assurance and continuous improvement of BT and Cybersecurity internal controls, staying informed of emerging industry trends and techniques and changes in regulations to ensure continuous compliance. Leverage industry experience and knowledge of applicable best practices (eg, COBIT, NIST CSF, ISO 27k) frameworks, and guidance to establish effective governance, strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge s BT and Cybersecurity programs. Apply expertise to determine root cause, to advise key stakeholders on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including the remediation of longstanding risks and deficiencies. Ability to work independently and as part of a cross functional team. Demonstrates a company ownership mindset, thinking beyond boundaries of their own area. Actively contribute to large global projects that include governance, risk and compliance related capabilities and scope to ensure adherence to applicable policies, assurance of control performance, and the achievement of team and program goals. Ability to work with limited direct management to participate in governance, risk, and compliance related efforts, improve practices, coordinate cross functional activities and to successfully deliver strategic outcomes. Demonstrate an ability to balance the appropriate performance of a control and proper mitigation of risk with the realization of critical business capabilities, working within time, technology, capacity, and budget constraints, and leverage this when working with process and control owners. Effectively utilize process automation and reporting through Bunge s Governance, Risk and Compliance (GRC) automation.

Posted 3 weeks ago

Apply

5.0 - 8.0 years

5 - 8 Lacs

Ludhiana, Punjab, India

On-site

The Sr Analyst, Governance, Risk and Compliance demonstrates a high level of professionalism, prioritizing the effective management of cybersecurity governance, risk, and compliance activities This role will perform, and continuously improve the governance of policies and standards and their integration into processes and controls designed to deliver critical BT services and aligned with applicable industry best practices and standards (eg, NIST, ISO, COBIT, PCI DSS) This role will perform, and continuously improve Risk Management assessments, risk registration, prioritized risk remediation, third party and application evaluations, and will maintain the risk register in Bunge s Governance, Risk and Compliance automation to support the overall effectiveness of the BT organization Essential Functions Actively engage in Governance, Risk, and Compliance activities with key stakeholders to enable effective Cybersecurity policies and standards, exceptions management, enablement and training, and the alignment against applicable industry best practices (eg NIST, ISO, COBIT, PCI DSS) as needed. Facilitate effective audits, compliance reviews, and other internal control-based activities for the Business Technology (BT) organization. Ensure proper engagement, effective root cause analysis, and the development of meaningful and sustainable management action plans. Implement and perform periodic internal control testing procedures and maturity assessments to evaluate the operating effectiveness of BT and Cybersecurity internal controls and related capabilities. Define and identify control gaps, provide recommendations for control process improvements, and support control owners corrective action plans for remediation. Implement and perform compliance and controls assurance processes and procedures to mitigate risks and ensure adherence to regulatory requirements. Conduct risk assessments, internal audits, and investigations to identify and address potential compliance issues. Develop content for comprehensive cybersecurity awareness programs and initiatives to educate employees and stakeholders about cybersecurity risks and best practices. Effectively utilize process automation and reporting through Bunge s Governance, Risk and Compliance (GRC) automation. Actively collaborate and support partner functions across Bunge s Governance, Risk and Compliance functions, and with stakeholders throughout BT and Cybersecurity. Executes operational and supports the implementation of strategic initiatives driven by the department, including collaboration with partner Governance, Risk and Compliance functions. Recognized as an expert within Bunge in the performance and continuous improvement of governance, risk and compliance related services and capabilities. Supports BT compliance with legal and regulatory requirements and adherence to internal control objectives, minimizing BT and Cybersecurity risk & avoiding potential penalties to the organization. Works closely with business units to identify and address compliance gaps, helping to protect the company from financial, legal, and reputational risks. Supports the evaluation, prioritization, registration, monitoring, and mitigation of risks and compliance and control deficiencies through collaboration with various functions within BT and across various Bunge business stakeholder groups (eg, Internal Audit, Legal, Compliance, Privacy). Provides valuable insights and recommendations to enhance the compliance framework and promote a culture of compliance throughout the organization. Leverage industry experience and knowledge of applicable best practices, frameworks, and guidance to define effective programs, monitor and strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge s BT and Cybersecurity internal control environment. Solve highly complex problems that require significant investigation and advanced application of expertise to determine root cause, to advise key stakeholders on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including longstanding or unprecedented improvements without a historical precedent. Qualifications Bachelors degree in computer science or information systems, risk management, accounting, finance, or equivalent combination of education and work experience. 5+ years of experience in compliance and controls assurance, internal audit, or a related field. Prior experience in Sarbanes-Oxley compliance required. Knowledge of Payment Card Industry (PCI) compliance, GDPR (General Data Protection Regulation) compliance or other applicable compliance programs preferred. Demonstrated experience in the monitoring and improvement of Information Technology general controls, Cybersecurity controls, and/or compliance programs required. Solid understanding of Governance, Risk and Compliance methodologies and effective automation through GRC tooling. Experience with Archer GRC preferred. Proven experience working with Information Technology and Cybersecurity frameworks required. Possible examples include, but not limited to: COBIT, NIST CSF, ISO 27k. Certifications such as CIA, CISA, CGEIT, CISSP preferred. Ability to manage and execute parallel activities in a fast-paced, dynamic environment. Ability to build and maintain constructive and collaborative working relationships with a diverse community throughout the organization. Ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences at all levels of the company including executives. Excellent analytical and problem-solving skills Recognized as an expert in internal controls, effective demonstration of compliance, and applicable remediation and mitigation techniques within the organization. Leverage a deliberate proactive approach to the assurance and continuous improvement of BT and Cybersecurity internal controls, staying informed of emerging industry trends and techniques and changes in regulations to ensure continuous compliance. Leverage industry experience and knowledge of applicable best practices (eg, COBIT, NIST CSF, ISO 27k) frameworks, and guidance to establish effective governance, strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge s BT and Cybersecurity programs. Apply expertise to determine root cause, to advise key stakeholders on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including the remediation of longstanding risks and deficiencies. Ability to work independently and as part of a cross functional team. Demonstrates a company ownership mindset, thinking beyond boundaries of their own area. Actively contribute to large global projects that include governance, risk and compliance related capabilities and scope to ensure adherence to applicable policies, assurance of control performance, and the achievement of team and program goals. Ability to work with limited direct management to participate in governance, risk, and compliance related efforts, improve practices, coordinate cross functional activities and to successfully deliver strategic outcomes. Demonstrate an ability to balance the appropriate performance of a control and proper mitigation of risk with the realization of critical business capabilities, working within time, technology, capacity, and budget constraints, and leverage this when working with process and control owners. Effectively utilize process automation and reporting through Bunge s Governance, Risk and Compliance (GRC) automation.

Posted 3 weeks ago

Apply

5.0 - 8.0 years

5 - 8 Lacs

Jalandhar, Punjab, India

On-site

The Sr Analyst, Governance, Risk and Compliance demonstrates a high level of professionalism, prioritizing the effective management of cybersecurity governance, risk, and compliance activities This role will perform, and continuously improve the governance of policies and standards and their integration into processes and controls designed to deliver critical BT services and aligned with applicable industry best practices and standards (eg, NIST, ISO, COBIT, PCI DSS) This role will perform, and continuously improve Risk Management assessments, risk registration, prioritized risk remediation, third party and application evaluations, and will maintain the risk register in Bunge s Governance, Risk and Compliance automation to support the overall effectiveness of the BT organization Essential Functions Actively engage in Governance, Risk, and Compliance activities with key stakeholders to enable effective Cybersecurity policies and standards, exceptions management, enablement and training, and the alignment against applicable industry best practices (eg NIST, ISO, COBIT, PCI DSS) as needed. Facilitate effective audits, compliance reviews, and other internal control-based activities for the Business Technology (BT) organization. Ensure proper engagement, effective root cause analysis, and the development of meaningful and sustainable management action plans. Implement and perform periodic internal control testing procedures and maturity assessments to evaluate the operating effectiveness of BT and Cybersecurity internal controls and related capabilities. Define and identify control gaps, provide recommendations for control process improvements, and support control owners corrective action plans for remediation. Implement and perform compliance and controls assurance processes and procedures to mitigate risks and ensure adherence to regulatory requirements. Conduct risk assessments, internal audits, and investigations to identify and address potential compliance issues. Develop content for comprehensive cybersecurity awareness programs and initiatives to educate employees and stakeholders about cybersecurity risks and best practices. Effectively utilize process automation and reporting through Bunge s Governance, Risk and Compliance (GRC) automation. Actively collaborate and support partner functions across Bunge s Governance, Risk and Compliance functions, and with stakeholders throughout BT and Cybersecurity. Executes operational and supports the implementation of strategic initiatives driven by the department, including collaboration with partner Governance, Risk and Compliance functions. Recognized as an expert within Bunge in the performance and continuous improvement of governance, risk and compliance related services and capabilities. Supports BT compliance with legal and regulatory requirements and adherence to internal control objectives, minimizing BT and Cybersecurity risk & avoiding potential penalties to the organization. Works closely with business units to identify and address compliance gaps, helping to protect the company from financial, legal, and reputational risks. Supports the evaluation, prioritization, registration, monitoring, and mitigation of risks and compliance and control deficiencies through collaboration with various functions within BT and across various Bunge business stakeholder groups (eg, Internal Audit, Legal, Compliance, Privacy). Provides valuable insights and recommendations to enhance the compliance framework and promote a culture of compliance throughout the organization. Leverage industry experience and knowledge of applicable best practices, frameworks, and guidance to define effective programs, monitor and strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge s BT and Cybersecurity internal control environment. Solve highly complex problems that require significant investigation and advanced application of expertise to determine root cause, to advise key stakeholders on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including longstanding or unprecedented improvements without a historical precedent. Qualifications Bachelors degree in computer science or information systems, risk management, accounting, finance, or equivalent combination of education and work experience. 5+ years of experience in compliance and controls assurance, internal audit, or a related field. Prior experience in Sarbanes-Oxley compliance required. Knowledge of Payment Card Industry (PCI) compliance, GDPR (General Data Protection Regulation) compliance or other applicable compliance programs preferred. Demonstrated experience in the monitoring and improvement of Information Technology general controls, Cybersecurity controls, and/or compliance programs required. Solid understanding of Governance, Risk and Compliance methodologies and effective automation through GRC tooling. Experience with Archer GRC preferred. Proven experience working with Information Technology and Cybersecurity frameworks required. Possible examples include, but not limited to: COBIT, NIST CSF, ISO 27k. Certifications such as CIA, CISA, CGEIT, CISSP preferred. Ability to manage and execute parallel activities in a fast-paced, dynamic environment. Ability to build and maintain constructive and collaborative working relationships with a diverse community throughout the organization. Ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences at all levels of the company including executives. Excellent analytical and problem-solving skills Recognized as an expert in internal controls, effective demonstration of compliance, and applicable remediation and mitigation techniques within the organization. Leverage a deliberate proactive approach to the assurance and continuous improvement of BT and Cybersecurity internal controls, staying informed of emerging industry trends and techniques and changes in regulations to ensure continuous compliance. Leverage industry experience and knowledge of applicable best practices (eg, COBIT, NIST CSF, ISO 27k) frameworks, and guidance to establish effective governance, strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge s BT and Cybersecurity programs. Apply expertise to determine root cause, to advise key stakeholders on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including the remediation of longstanding risks and deficiencies. Ability to work independently and as part of a cross functional team. Demonstrates a company ownership mindset, thinking beyond boundaries of their own area. Actively contribute to large global projects that include governance, risk and compliance related capabilities and scope to ensure adherence to applicable policies, assurance of control performance, and the achievement of team and program goals. Ability to work with limited direct management to participate in governance, risk, and compliance related efforts, improve practices, coordinate cross functional activities and to successfully deliver strategic outcomes. Demonstrate an ability to balance the appropriate performance of a control and proper mitigation of risk with the realization of critical business capabilities, working within time, technology, capacity, and budget constraints, and leverage this when working with process and control owners. Effectively utilize process automation and reporting through Bunge s Governance, Risk and Compliance (GRC) automation.

Posted 3 weeks ago

Apply

5.0 - 8.0 years

5 - 8 Lacs

Mohali, Punjab, India

On-site

The Sr Analyst, Governance, Risk and Compliance demonstrates a high level of professionalism, prioritizing the effective management of cybersecurity governance, risk, and compliance activities This role will perform, and continuously improve the governance of policies and standards and their integration into processes and controls designed to deliver critical BT services and aligned with applicable industry best practices and standards (eg, NIST, ISO, COBIT, PCI DSS) This role will perform, and continuously improve Risk Management assessments, risk registration, prioritized risk remediation, third party and application evaluations, and will maintain the risk register in Bunge s Governance, Risk and Compliance automation to support the overall effectiveness of the BT organization Essential Functions Actively engage in Governance, Risk, and Compliance activities with key stakeholders to enable effective Cybersecurity policies and standards, exceptions management, enablement and training, and the alignment against applicable industry best practices (eg NIST, ISO, COBIT, PCI DSS) as needed. Facilitate effective audits, compliance reviews, and other internal control-based activities for the Business Technology (BT) organization. Ensure proper engagement, effective root cause analysis, and the development of meaningful and sustainable management action plans. Implement and perform periodic internal control testing procedures and maturity assessments to evaluate the operating effectiveness of BT and Cybersecurity internal controls and related capabilities. Define and identify control gaps, provide recommendations for control process improvements, and support control owners corrective action plans for remediation. Implement and perform compliance and controls assurance processes and procedures to mitigate risks and ensure adherence to regulatory requirements. Conduct risk assessments, internal audits, and investigations to identify and address potential compliance issues. Develop content for comprehensive cybersecurity awareness programs and initiatives to educate employees and stakeholders about cybersecurity risks and best practices. Effectively utilize process automation and reporting through Bunge s Governance, Risk and Compliance (GRC) automation. Actively collaborate and support partner functions across Bunge s Governance, Risk and Compliance functions, and with stakeholders throughout BT and Cybersecurity. Executes operational and supports the implementation of strategic initiatives driven by the department, including collaboration with partner Governance, Risk and Compliance functions. Recognized as an expert within Bunge in the performance and continuous improvement of governance, risk and compliance related services and capabilities. Supports BT compliance with legal and regulatory requirements and adherence to internal control objectives, minimizing BT and Cybersecurity risk & avoiding potential penalties to the organization. Works closely with business units to identify and address compliance gaps, helping to protect the company from financial, legal, and reputational risks. Supports the evaluation, prioritization, registration, monitoring, and mitigation of risks and compliance and control deficiencies through collaboration with various functions within BT and across various Bunge business stakeholder groups (eg, Internal Audit, Legal, Compliance, Privacy). Provides valuable insights and recommendations to enhance the compliance framework and promote a culture of compliance throughout the organization. Leverage industry experience and knowledge of applicable best practices, frameworks, and guidance to define effective programs, monitor and strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge s BT and Cybersecurity internal control environment. Solve highly complex problems that require significant investigation and advanced application of expertise to determine root cause, to advise key stakeholders on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including longstanding or unprecedented improvements without a historical precedent. Qualifications Bachelors degree in computer science or information systems, risk management, accounting, finance, or equivalent combination of education and work experience. 5+ years of experience in compliance and controls assurance, internal audit, or a related field. Prior experience in Sarbanes-Oxley compliance required. Knowledge of Payment Card Industry (PCI) compliance, GDPR (General Data Protection Regulation) compliance or other applicable compliance programs preferred. Demonstrated experience in the monitoring and improvement of Information Technology general controls, Cybersecurity controls, and/or compliance programs required. Solid understanding of Governance, Risk and Compliance methodologies and effective automation through GRC tooling. Experience with Archer GRC preferred. Proven experience working with Information Technology and Cybersecurity frameworks required. Possible examples include, but not limited to: COBIT, NIST CSF, ISO 27k. Certifications such as CIA, CISA, CGEIT, CISSP preferred. Ability to manage and execute parallel activities in a fast-paced, dynamic environment. Ability to build and maintain constructive and collaborative working relationships with a diverse community throughout the organization. Ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences at all levels of the company including executives. Excellent analytical and problem-solving skills Recognized as an expert in internal controls, effective demonstration of compliance, and applicable remediation and mitigation techniques within the organization. Leverage a deliberate proactive approach to the assurance and continuous improvement of BT and Cybersecurity internal controls, staying informed of emerging industry trends and techniques and changes in regulations to ensure continuous compliance. Leverage industry experience and knowledge of applicable best practices (eg, COBIT, NIST CSF, ISO 27k) frameworks, and guidance to establish effective governance, strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge s BT and Cybersecurity programs. Apply expertise to determine root cause, to advise key stakeholders on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including the remediation of longstanding risks and deficiencies. Ability to work independently and as part of a cross functional team. Demonstrates a company ownership mindset, thinking beyond boundaries of their own area. Actively contribute to large global projects that include governance, risk and compliance related capabilities and scope to ensure adherence to applicable policies, assurance of control performance, and the achievement of team and program goals. Ability to work with limited direct management to participate in governance, risk, and compliance related efforts, improve practices, coordinate cross functional activities and to successfully deliver strategic outcomes. Demonstrate an ability to balance the appropriate performance of a control and proper mitigation of risk with the realization of critical business capabilities, working within time, technology, capacity, and budget constraints, and leverage this when working with process and control owners. Effectively utilize process automation and reporting through Bunge s Governance, Risk and Compliance (GRC) automation.

Posted 3 weeks ago

Apply

5.0 - 10.0 years

12 - 19 Lacs

Thane, Mumbai (All Areas)

Work from Office

• Business & governance change projects, providing controls & risks consultancy • Analyze & recommend changes to policies &procedures • Internal audit risk assessment • Contribute to annual plan development &maintenance • Plan, deliver complex audits Required Candidate profile CA / Inter-CA / MBA CIA, CISA etc 5+ years of exp in Process & Risk Audits Exp in Insurance, Banks, FIs Good exp in all areas of Audits related to Risk & Process Audits Good English Communication Perks and benefits Great Opportunity

Posted 3 weeks ago

Apply

5.0 - 10.0 years

15 - 20 Lacs

Bengaluru

Work from Office

Network Security Manager - Palo Alto firewalls/Zscaler/Terraform - 5+ Years - Bengaluru(Immediate Joiners) Are you an experienced Network Security professional with a passion for leading high-performing teams? Do you have a strong background in Cyber Security and a track record of implementing and managing network security solutions? Our client, a leading organization in Bengaluru, is seeking a dynamic Manager/Lead Engineer to drive their network security initiatives and ensure the company's infrastructure is protected from cyber threats. If you are ready to take on a new challenge and make a significant impact, we would love to hear from you. Location : Bengaluru Your Future Employer:Our client is a reputable organization in the heart of Bengaluru, known for its innovative solutions and commitment to excellence. As a part of their team, you will have the opportunity to work in a collaborative environment and contribute to cutting-edge network security projects. Responsibilities : Develop and implement network security policies and procedures Lead a team of network security engineers and provide technical guidance Conduct regular security assessments and recommend improvements Collaborate with cross-functional teams to address security concerns and ensure compliance with industry standards Stay updated on the latest security trends and technologies Requirements : Bachelor's degree in Computer Science, Engineering, or a related field Minimum of 8 years of experience in network security with a focus on Cyber Security Proven leadership skills and experience in managing a technical team Strong knowledge of security protocols, firewall technologies, and intrusion detection/prevention systems Relevant certifications such as CISSP, CISM, or CISA will be an added advantage Should have hands of experience about Palo alto firewalls and Zscaler (ZIP) What's in it for you: Opportunity to work with a leading organization and drive impactful network security initiatives Competitive compensation package with performance-based bonuses Professional development opportunities and access to cutting-edge technologies Collaborative and inclusive work environment that values diversity and innovation Reach us: If you feel this opportunity is well aligned with your career progression plans, please feel free to reach me with your updated profile at parul.arorar@crescendogroup.in Disclaimer: Crescendo Global specializes in Senior to C-level niche recruitment. We are passionate about empowering job seekers and employers with an engaging memorable job search and leadership hiring experience. Crescendo Global does not discriminate on the basis of race, religion, color, origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Note: We receive a lot of applications on a daily basis so it becomes a bit difficult for us to get back to each candidate. Please assume that your profile has not been shortlisted in case you don't hear back from us in 1 week. Your patience is highly appreciated. Scammers can misuse Crescendo Globals name for fake job offers. We never ask for money, purchases, or system upgrades. Verify all opportunities at www.crescendo-global.com and report fraud immediately. Stay alert! Profile keywords :Cyber Security, Network Security, CISSP, CISM, CISA, Leadership, Bengaluru, Engineering

Posted 3 weeks ago

Apply

3.0 - 6.0 years

5 - 8 Lacs

Pune

Work from Office

Individuals within the IT Compliance Lead Analyst role are responsible for ensuring that the organization in accomplishing its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of IT risk management, IT control and governance processes. Persons in this role will be a primary resource for driving adherence to compliance and regulatory IT controls. Will assist development of continuous monitoring controls to assess the IT control environment and its effectiveness against the IT Corporate Compliance Standards. Partner with the Corporate Compliance team to provide guidance and enhancements of control adjustments based on industry or corporate standards. Members of this role need to understand software development life cycles, Sarbanes-Oxley (SOX) Controls, security principals, process design, and a strong knowledge of compliance management. They must be able to understand business requirements, technical specifications, and change management documentation to audit work products against standards. They must also be highly skilled communicators. The associate in this role will work on multiple projects as a compliance team leader or advisor. They will work on projects that have system-wide impact, integrating across the organization and involving multiple technical environments and disciplines. PRIMARY DUTIES AND RESPONSIBILITIES: Leads in identification and documentation of Cencora/Pharmalex IT General Controls (ITGC). Performs risk assessment procedures and presents findings to leadership verbally or via written reports. Provides controls guidance to IT and the business to facilitate operational effectiveness and ensures compliance requirements are met. Utilizes sound judgment to identify and assess risk, materiality, and adequacy of audit evidence, compensating controls, and significance of findings. Collaborates effectively and on an ongoing basis with all constituents involved in IT General Controls. Reviews progress toward the ITGC plan regularly with IT leaders, control owners and auditors to make modifications, as necessary. Assists internal and external auditors in compliance reviews. Assists external compliance initiatives that may include Sarbanes-Oxley (SOX), EU GDP, GDPR, and other compliance programs, including the coordination of auditors interfacing with IT staff, guidance for appropriate remediation actions for findings, communication, and escalation of remediation. Builds trusted working relationships with the enterprise Finance, Legal, Audit and Corporate Compliance groups to support Internal and External Audits, and to ensure the understanding and acceptance of audit issues in connection with business risks. Stays current with latest changes in external compliance initiatives that may affect the organization s compliance with external requirements. Manages discussions with external auditors as part of required reviews of our IT Compliance Controls. Must be able to accurately communicate our IT Controls strategy and how IT controls operate. Prepares clear, detailed, and accurate compliance documentation, including narratives, control descriptions, risk control matrices, test programs, and performance metrics. Establishes and communicates timelines, requirements, and issues with management in a professional and timely manner. Escalates key control risks and issues, in a professional manner to management. Evaluates and makes compliance recommendations on standards within enterprise-wide processes such as change and release management. Leads evaluation of Control Frameworks, Regulations, and certifications, provides analysis based on findings. Participates in evaluation of acquired solutions and provides findings on control risks. EXPERIENCE AND EDUCATIONAL REQUIREMENTS: bachelors degree in computer science, Information Systems, Business Administration, or other related field or equivalent work experience. Minimum of eight (8) years IT compliance or audit experience , including supervisory experience working for a large company. Professional certification is preferred (CISA, CIA, CPA, CRISC, CISSP, or similar). Must have experience in auditing large ERP systems. MINIMUM SKILLS, KNOWLEDGE, AND ABILITY REQUIREMENTS: Direct experience in auditing Microsoft Dynamics365 or an equivalent ERP system Experience in working remotely and autonomously Ability to work within a team environment Skilled at interacting with internal and external personnel Strong interpersonal and analytical skills Strong organizational and oral/written communication skills High degree of literacy with system processes and internal controls Comfortable working with management, and ability to work independently on projects and supervising of assigned staff Extensive exposure to IT related operations, including system development project management methodologies and practices; IT Operations, IT planning, management and organization, and other typical application specific control principles and risk Working knowledge of Sarbanes-Oxley requirements EXPERIENCE AND EDUCATIONAL REQUIREMENTS: bachelors degree in computer science, Information Systems, Business Administration, or other related field or equivalent work experience. Minimum of Eight (8) years IT compliance or audit experience, including supervisory experience working for a large company. Professional certification is preferred (CISA, CIA, CPA, CRISC, CISSP, or similar). Must have experience in auditing large ERP systems. MINIMUM SKILLS, KNOWLEDGE, AND ABILITY REQUIREMENTS: Direct experience in auditing Microsoft Dynamics365 or an equivalent ERP system Experience in working remotely and autonomously Ability to work within a team environment Skilled at interacting with internal and external personnel Strong interpersonal and analytical skills Strong organizational and oral/written communication skills High degree of literacy with system processes and internal controls Comfortable working with management, and ability to work independently on projects and supervising of assigned staff Extensive exposure to IT related operations, including system development project management methodologies and practices; IT Operations, IT planning, management and organization, and other typical application specific control principles and risk Working knowledge of Sarbanes-Oxley requirements

Posted 3 weeks ago

Apply
cta

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.

Job Application AI Bot

Job Application AI Bot

Apply to 20+ Portals in one click

Download Now

Download the Mobile App

Instantly access job listings, apply easily, and track applications.

Featured Companies