557 Cobit Jobs - Page 3

Join the dynamic and innovative team at Hitachi Cyber as a Sr. Governance, Risk & Compliance Specialist, specialized in PCI-DSS and take your career to new heights. As a global leader in information security solutions, we are at the forefront of protecting organizations from evolving cyber threats. By joining our team, you'll have the opportunity to work alongside industry experts, cutting-edge technologies, and prestigious clients from various sectors. What can be your next challenge? Reporting to the Team Lead Governance, Risk & Compliance, as a key member of the Professional Services team, the Senior Governance, Risk, and Compliance (GRC) Consultant provides strategic guidance and support to both customer organizations and internal projects. Here’s an overview of your main responsibilities: Conduct various information security consulting engagements, including: *Designing and implementing security policies, frameworks, and standards. *Developing information security management system initiatives. *Performing cyber security posture and threat assessments. *Establishing Security Risk Management Frameworks and defining Risk Treatment Plans. *Acting as a Virtual CISO for clients, advising on security improvement strategies. *Assessing internal and external information security risks and incidents. *Documenting control failures and providing remediation guidance to stakeholders. Demonstrate operational knowledge and hands-on experience with industry standards such as ISO 27000, COBIT, NIST, PCI DSS, and GDPR. Engage directly with clients to develop work plans and execute consulting engagements. Conduct workshops, interviews, surveys, and data collection to perform assessments. Deliver security awareness projects and training to clients. Apply abstract concepts to develop customized solutions for customers. Work independently on assignments and develop deliverables according to agreed work plans. Contribute to the organization's knowledge and practices by enhancing services for customers. Participate in professional development activities, including obtaining certifications like CISSP, CEH, and PCI QSA. Assist in pre-sales discussions and project scoping, as well as perform technical reviews of proposals and RFP responses. Conduct peer and quality assurance reviews on client deliverables, ensuring high standards of excellence. Collaborate with a diverse and talented team in a supportive and inclusive environment that fosters continuous learning and growth. With our commitment to ongoing professional development, you'll have access to training programs, certifications, and mentorship opportunities to enhance your skills and advance your career. At Hitachi Cyber, we believe in work-life balance and offer flexible work arrangements. Experience the excitement of being part of a company that values innovation, teamwork, and making a real impact in the world of cybersecurity. We would like to meet you if you have: Strong experience in Information Security, IT Governance, Risk & Compliance consulting, or related services, with a strong technical background and proven track record of leading complex GRC initiatives, projects, and implementations. Strong experience with PCI-DSS. Bachelor’s degree in computer science or information systems, Engineering, or a related discipline. Experience of risk management principles and associated methodologies. Excellent communication in English. Hands on experience and thorough understanding with some of the standards such as: ISO 27000, NIST, SOC2, PCI DSS, ITIL, ITSM, COBIT, COSO, SOX, SOC, GXP, AI Governance, standards preferred. Ability to travel. Come join us and be a vital force in securing the digital future. Apply today and embark on a rewarding journey with Hitachi Cyber. We thank all applicants for their interest. However, only those selected for an interview will be contacted.

hackajob is collaborating with American Express to connect them with exceptional tech professionals for this role. At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. How will you make an impact in this role? Responsible for contacting clients with overdue accounts to secure the settlement of the account. Also they do preventive work to avoid future over dues with accounts that have a high exposure. The Global Risk & Compliance (GRC) group within American Express is responsible for providing oversight and governance of risks to ensure that the company operates in a safe and sound manner within regulatory expectations. In a world increasingly subject to digitalization and the use of technology, technology risk management has become increasingly significant across organizations, becoming one of the key themes at board meetings. Cyberattacks have become increasingly commonplace and the trend continues to move upward. This individual contributor role is part of the second line technology risk management team within the GRC group, headed by the Chief Risk Officer (CRO) of the company. This is a unique opportunity to work with a team of diverse and talented professionals who are responsible for building the technology risk management program and providing independent risk oversight to the Information Technology (IT), Information Security (IS) and Business Continuity management (BCM) risks. Reporting to the Manager for Cybersecurity, Technology, and Resiliency Risk oversight, this position is responsible for supporting independent assessments and reporting of risks. The risks identified by this team are reported to the Senior Management, Risk Management Committees, Board of Directors, and Regulators. This position will be responsible for effectively collaborating with key stakeholders across lines of business and lines of defense to ensure risks are managed effectively and efficiently in accordance with the Essential Job Functions company policies and applicable regulatory requirements. Assist in identifying and assessing IT and IS risks across applications, infrastructure, and third-party vendors. Support IT and IS risk assessments and recommend mitigation strategies. Monitor IT and IS risk trends and emerging threats to provide proactive recommendations. Assist in the testing and validation of IT and IS controls. Prepare IT and IS risk reports and dashboards for management review. Support internal and external audits related to IT and IS risk. Support the implementation of IT and IS risk management frameworks, policies, standards, and procedures. Maintain IT and IS risk registers and track remediation efforts for identified risks. Support independent, proactive risk management and oversight of information technology, information security and business continuity management risks generated within business processes or that occur due to use of Technology. Support data-driven reviews focused on technology, cyber security, and business continuity management risks. Support development and enhancement of data-driven key risk indicators and key performance indicators that provide real time and meaningful insights into the risk and performance trends. Stay knowledgeable of relevant regulations, guidelines & industry standards. Support the design of independent Information Technology risk oversight program which defines the engagement and integration with various risk management programs, including Risk and Control Self Assessments, Business Continuity Management, New Product Approval, Mergers & Acquisitions etc. Required Qualifications Bachelor’s Degree in related field. 3 + years of experience in IT and IS risk management across any of the three lines of defense. Proven ability to identify risks, analyze issues and derive meaningful insights About Risk Trends. by conducting interviews and analyzing large volumes of data. Excellent analytical skills with high attention to detail and accuracy. Excellent critical thinking and problem-solving skills. Excellent verbal, written and interpersonal communication skills. Willingness to challenge traditional thinking by actively engaging in constructive dialogue. Preferred Educational background: Computer Science or Information Systems. Experience in risk management across cyber security, information technology, third party, business continuity management. Working knowledge of one or more of the data mining tools/technologies (e.g., Microsoft Excel: Pivot Tables SQL, SAS, Python, R). Industry certifications (e.g., CISSP, CISM, CISA, CRISC, ITIL, CBCM, CBCP, CBCI). Understanding of risk assessment methodologies, frameworks, and industry standards (e.g., COSO, COBIT, ISO 27001, ISO/IEC 20000-1, ISO 22301, FAIR or NIST RMF). Knowledge of relevant policies & regulations (e.g., OCC Heightened Standards, FFIEC IT booklets). Experience with Governance, Risk and Compliance tools (e.g., Archer) Compliance Language We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally: Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

Role & responsibilities Professional responsibilities for this manager position include but are not limited to: Applying internal control principles and technical knowledge, including Application Controls and IT General Controls; Developing and/or supervising the execution of detailed audit work plans for the IT audit component of the IA team through resource allocation, stakeholder coordination and quality review; Managing the identification of key risks and controls, including evaluation of control design; Evaluation of operational effectiveness of IT System Controls, utilizing appropriate testing techniques and professional skepticism; Providing regular status reports to IA management and internal clients/stakeholders, when necessary, to keep relevant parties informed of progress and potential issues; Assessing audit results, translating findings into level of risk, to produce meaningful insights and recommendations; Communicating risk findings, verbally and written, to clients in a pragmatic and helpful manner; Driving follow up and remediation of reported issues in a timely manner; Building meaningful relationships with clients through client engagements and networking; Managing and delivering against deadlines while working on multiple projects; Participating in development and delivery of training curriculum; and Coaching team members and reviewing their work. Minimum years of experience: 5+ year(s) of external/ internal audit experience (big four experience is preferred) Minimum Degree Required: Bachelors or master’s degree in accounting, Management Information Systems, Computer Science, Engineering or business related field Preferred Certifications: CISA, CISM, CISSP, CA and/or CIA Preferred Knowledge/ skills: Demonstrates extensive knowledge and/or proven record of success in the following areas: Security and controls for various on-premise and cloud-based technologies; Control standards (COSO, COBIT), control testing strategies; Public accounting practices and internal audit processes i.e., technology and tools for planning, testing and reporting; IT general controls concepts in the areas of system development, change management, computer operations and access to programs; Identifying and assessing business process controls and linkage to IT systems; and, IT security fundamentals across multiple domains including security management, security architecture, access control, application development, operations security, physical security, cryptography, telecommunications and networking, business continuity planning, investigations and ethics. Additionally, candidates should have excellent communication (written and verbal) skills and should be able to work with global teams independently with minimal supervision. Flexible work hours are required to align with US and UK hours as agreed upon. SHift-2pm-11pm

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech – Senior (IT audit – General skills) Key responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech – Senior (IT audit – General skills) Key responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech – Senior (IT audit – General skills) Key responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech – Senior (IT audit – General skills) Key responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Ravi Bindra* is the Hiring Lead you`ll talk to when it comes to more details about the role, environment of work and career perspectives. He describes the role as follows: In this role, you will collaborate across cyber security, compliance, and risk management, working with all information technology functions to ensure the design and implementation of cyber security tools align with defined policies, standards, and industry best practices. You will manage and lead a team of Security Architects and Engineers, currently comprising seven members located in Chennai, Gurgaon, and Europe. Line Management : Oversee recruitment, onboarding, career development, and performance management. Set and evaluate performance and development goals, ensuring teams prioritize and meet requirements. Stakeholder Liaison : Maintain a deep understanding of stakeholder demands and priorities. Technical Vision : Define and communicate a shared technical and architectural vision for multiple applications within a specific domain, ensuring systems are fit for their intended purpose. Solution Context and Intent : Describe the Solution Context and Solution Intent. Technical Analysis : Analyze and document technical trade-offs and debts. Component Determination : Identify primary components and subsystems. Interface Identification : Determine interfaces and collaborations between components. Non-functional Requirements : Define Non-functional Requirements (NFRs). Guidance : Guide Enablers and architecture runway. Key Responsibilities (in addition to the accountabilities listed above): Cyber Security Roadmap : Develop and maintain the cyber security capability roadmap and strategy, aligning with cyber security services' technology and service roadmaps. Participate in the Cyber Security Technical Design Authority. Enterprise Architecture : Lead contributions to the Enterprise Architecture Board. Expertise : Provide in-depth expertise on cyber security topics across the organization. Project Support : Support projects requiring major deviations from security standard design. Standards Ownership : Own internal cyber security standards. Deficiency Remediation : Identify major internal cyber security deficiencies and define pragmatic remediation approaches at scale. Collaboration : Work closely with other Security Architects and IT Architects on Application Security matters. Culture Promotion : Promote IT Security culture and support the analysis of risks and threats for the Threat Risk Assessment (TRA) process. Solution Orientation : Define pragmatic alternatives leading to appropriate application security results. Reporting : Report on cyber security status across the company, maintaining clear risk acceptance/remediation levels agreed upon with the CISO and internal governance bodies. Network Security : Ensure industry cyber security controls regarding network security. Design Approval : Design and sign off on all cyber security requirements for official solutions. * for more information about Ravi, his leadership style and what drives him please have a look to his LinkedIn profile: https://www.linkedin.com/in/ravibindra/ Job Requirements We are looking for a candidate who is proficient in communication and has in-depth technical expertise. Equally important is the ability to think "out of the box". The individual must be highly collaborative as they will need to influence functional leadership, project & application managers, other architects, engineers and developers. Hard Skills and Experience: 10+ years of experience in a similar role 4+ years as a security administrator, engineer, or architect 2+ years in management or lead positions in a matrix organization Understanding of regulated industries and global business processes, preferably in IT services Knowledge of IT Project Management Experience with compliance requirements (e.g., GDPR, SOX, GxQ/CSV, E-compliance, Records Management, Privacy) Knowledge of risk management standards/frameworks (e.g., COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice, ITIL) Deep understanding of infrastructure and network design, including datacenter, perimeter, LAN, WAN, firewalls, IDS, firewall rule management, deep packet inspection, packet capture, web application firewalls, and network-based attack detection Experience in reporting to and communicating with senior management on information risk topics Understanding of general IT infrastructure technology, systems, and management processes Experience sourcing complex IT services and working closely with vendors Proven ability to initiate and manage cross-functional projects Soft Skills and Behavioral Aspects: High level of personal integrity and ability to handle confidential matters professionally Ability to manage competing priorities and seek consensus among stakeholders Excellent written and verbal communication and presentation skills Interpersonal and collaborative skills Fluency in English (written and spoken) This is what makes us special as an employer: We value inclusivity and teamwork. Our culture is defined by 7 core values (https://www.softwareone.com/en/our-story/our-values). We believe in flexible work arrangements, allowing you to excel from anywhere and deliver excellence everywhere. Benefit from incentive programs that recognize and reward outstanding contributions. Lifelong learning, training initiatives, mentoring, and coaching are integral to our culture. #HireToGrow Humility is at our core, as we continuously optimize our internal structures and feedback culture to be your Employer of Choice, now and in the future. Each country has its own benefits and incentives, which can be explained further during direct discussions. If you are interested in applying for this exciting opportunity, please click the "apply" button and upload your documents. We can't wait to receive your application! You know someone who could be interested in working with us as well? Share this job (or another) with your network and get the chance of our referral bonus for external referrers. https://www.softwareone.com/en/careers/external-referral-program Any questions? E-meet the Talent Acquisition Partner! Nicole is your partner in crime for this role. She`s happy to build bridges for you to the best career perspectives at SoftwareOne. She`ll help you with insights and tries to answer all your questions. Feel free to connect with her on LinkedIn https://www.linkedin.com/in/nicole-radtke/ Related Keywords: Cyber Security | Engineering | Architecture | India | Team Leadership | onsite Company description SoftwareOne is powered by Swomies! Every day, 9.000+ SoftwareOne colleagues care for demanding business challenges with intelligence and grit. And every day, 400+ Professionals in 20+ countries build and operate the systems that run SoftwareOne. Those 400+ individuals deliver 24/7 support through different time zones and work in a hybrid Multi-Cloud environment (AWS, Azure). This team is called "IT & Solutions" and is leading SoftwareOne's internal transformation by rethinking traditional IT and business operations, while driving innovation and efficiency for its thousand's employees worldwide. #DrivenToDeliver #IgniteTheMagic Head of Cyber Security Architecture & Engineering (gn) team: Internal IT of SoftwareOne | pensum: full time locations: Chennai or Gurgaon | working model: onsite

Job Title: Consultant Assurance Location: Chennai Work Type: WFO About the Role: Join a dynamic Assurance team where you’ll help clients identify and manage business and technology risks. As a Consultant, you’ll contribute to audits, risk assessments, and internal control evaluations while working with a team of experienced professionals to deliver impactful results. Key Responsibilities: Evaluate business processes and IT systems to identify risks and control gaps Assist in IT audits, SOX/ICFR/SOC assessments, and internal control reviews Support implementation and assessment of IT General Controls and application controls Utilize data analytics and technology-based tools to enhance audit quality Collaborate with teams and contribute to engagement planning and execution Prepare clear reports and recommendations to improve client risk frameworks Qualifications: B.E./B.Tech (CS/IT) or MBA (Finance/IT); Chartered Accountant preferred 1–2 years of experience in IT audits, SOX, ITGC, or risk consulting Familiarity with ERP systems (e.g., SAP, Oracle, JDE) Knowledge of standards like SOX, ISO 27001, SSAE, and frameworks such as COSO, COBIT Strong communication, presentation, and project management skills Professional certifications such as CISA, CISSP, CISM, ISO 27001 (preferred)

Get to Know the Team: At Grabber Technology Solutions (GTS), we revolutionise the technology experience for every Grabber. Our mission is to empower our team with seamless and solutions that enhance their daily work. We are a diverse group of forward-thinkers committed to creating personalised IT experiences. If youre passionate about customer-centric innovation and technology at Grab, come join us and help shape the future of technology! Get to Know the Role: We are looking for an experienced Senior Configuration Manager to drive the accuracy, integrity, and strategic value of our Configuration Management Database (CMDB). This important individual contributor role will be the primary owner and performer of CMDB operations, ensuring it serves as the definitive source of truth for our IT landscape. You understand configuration management mechanics, including the seamless integration of hardware and software assets within the CMDB framework. You will report to Manager II, IT Service Transition. This role is based in Bangalore. The Critical Tasks You will Perform: Own and maintain the Configuration Management Database (CMDB), ensuring accuracy and completeness by collaborating with cross-functional teams on Configuration Item (CI) identification, documentation, and lifecycle management. Lead and evolve Software Asset Management (SAM) processes, defining inclusive policies, tools, and procedures for licence tracking, compliance, usage, and optimisation. Identify and implement opportunities to streamline and automate Configuration Management processes within the ITSM platform, ensuring seamless integration with core ITSM functions like Change, Incident, Problem, and Release Management. Generate regular reports and KPIs, conduct configuration audits, and support risk assessments to address discrepancies and ensure compliance. Provide expert support for Change Management processes, contributing to accurate and collaborative impact assessments for changes affecting configurations. Stay current with industry trends and emerging technologies, recommending strategic process and tool improvements to enhance Configuration and Asset Management practices. Read more Skills you need What Essential Skills You will Need: Bachelors degree in Computer Science, Information Technology, or a related field 6 to 9 years hands-on experience in IT Operations, Service Management or Configuration Management roles. Deep, hands-on expertise in configuration management principles and practices, including CMDB data modelling, CI lifecycle, relationships and data quality. Track record in defining and implementing Hardware Asset Management (HAM) and Software Asset Management (SAM) processes, policies and tools. Hands-on experience with automated discovery and reconciliation tools and integrating data from multiple IT systems. Demonstrated experience defining and generating reports on KPIs and building data visualisations. Good to have ITIL Expert (v3/v4) certified COBIT 5 Foundation certified Lean/SixSigma certified Read more What we offer About Grab and Our Workplace Grab is Southeast Asias leading superapp. From getting your favourite meals delivered to helping you manage your finances and getting around town hassle-free, weve got your back with everything. In Grab, purpose gives us joy and habits build excellence, while harnessing the power of Technology and AI to deliver the mission of driving Southeast Asia forward by economically empowering everyone, with heart, hunger, honour, and humility. Read more Life at Grab Life at Grab We care about your well-being at Grab, here are some of the global benefits we offer: We have your back with Term Life Insurance and comprehensive Medical Insurance. With GrabFlex, create a benefits package that suits your needs and aspirations. Celebrate moments that matter in life with loved ones through Parental and Birthday leave , and give back to your communities through Love-all-Serve-all (LASA) volunteering leave We have a confidential Grabber Assistance Programme to guide and uplift you and your loved ones through lifes challenges. What We Stand For at Grab We are committed to building an inclusive and equitable workplace that enables diverse Grabbers to grow and perform at their best. As an equal opportunity employer, we consider all candidates fairly and equally regardless of nationality, ethnicity, religion, age, gender identity, sexual orientation, family commitments, physical and mental impairments or disabilities, and other attributes that make them unique. Read more

Job Requirements JOB DESCRIPTION KPMG Global Services is currently seeking an Senior in Technology Risk Management for our Consulting practice. Responsibilities: Assist in planning activities, development of audit program, and execution of internal audits and IT control assessments in the following areas: IT strategy and governance, IT operations, network and infrastructure security, cloud and third-party risk, programs and projects, automation, GITCs and application controls, and regulatory/compliance requirements Review clients' IT processes, risk, controls and compliance against leading practice, industry, or client frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client project manager Work with client project manager to assist in assessing, designing and implementation new IT risk and control frameworks, sustainable solutions (including applying knowledge of governance, risk and compliance tools), operating processes and people models to address key and evolving risks, as necessary Draft comprehensive executive summaries and final reports for delivery to client project manager and document and review engagement workpapers in accordance with KPMG requirements and common industry practice for internal audit and risk consulting client engagements Assist in kick-off, status, and closing meetings with engagement team and client and contribute to related KPMG knowledge bases and internal practice development initiatives Mandatory Skills Qualifications: BE/B-Tech/MCA/BSc-IT/MBA Preferred Skills Excellent written and communication skills Self-driven Team Player Ability to work independently and motivate team member #KGS RESPONSIBILITIES Mandatory Skills Qualifications: BE/B-Tech/MCA/BSc-IT/MBA Preferred Skills Excellent written and communication skills Self-driven Team Player Ability to work independently and motivate team member #KGS Qualifications: QUALIFICATIONS 4-6 year of experience working within an internal audit, IT risk, or IT compliance function as an internal employee or as part of a professional services firm Bachelor's degree from an accredited college/university or equivalent work experience; CISA, PMP, CISSP or CRISC (or similar) certifications preferred Familiarity with leading and executing IT audit, IT internal control, and IT risk consulting engagements, leveraging IT governance and control frameworks such as COBIT, NIST CSF, NIST 800-53, and ITIL and proficiency in core requirements and methodologies for SOX internal control programs Experience in implementation of IT risk and IT internal control processes and programs Proficiency in executing projects in accordance with leading practice project management principles Strong leadership and communication skills, technical knowledge, and the ability to write at a publication quality level in order to communicate findings and recommendations to the clients and senior management team

Assistant Manager – Incident Response - Deloitte Support Services India Private Limited The Specialist – Incident Response reports to the Global Incident Response Manager. The role serves as the main incident responder performing technical services for cyber security incident investigations and assessing scope of incident damage. As part of the Global Cybersecurity Incident Response Team, this role requires : Strategic Assists in preparation of internal and external communications Maintains chain of custody of incident evidence Provides physical security of collected data and devices Provides recommendations to resolve incident and/or reduce impact of incident, to bypass and/or prevent future similar incidents Operational Provides technical services needed for cyber incident response investigations including, containment, eradication, and remediation activities Assists in assessing scope of incident damage Assists in determination of incident severity Responsible for maintaining documentation throughout a cyber incident Assist in the drafting of post-incident reports to senior leadership to convey impact, origin, root cause, and remediation Perform digital forensic services including, but not limiting to, collection, documentation, preservation, and analysis of incident evidence Relationship Management Maintains rotating on-call availability for a 24x7x365 coverage Establish and maintain strong working relationships with all teams required to support incident response including other enabling areas and member firms Qualifications – External 6 to 9 years of experience Bachelor’s Degree or Master of Science preferred Work location: Hyderabad Work timings: 11am-8pm Education Bachelor’s degree: degree in a technology-related field, or equivalent education-related experience Work experience o Recommended minimum of 6 years of combined experience in the Information Security / Cybersecurity domain with a minimum of 3-4 years in cyber incident response. o Demonstrable understanding of the incident lifecycle and security operations, working knowledge of triage and analysis tools, and a strong understanding of cybersecurity threats o Demonstrable understanding of incident response casework, including maintaining case information, chain of custody reporting, and full documentation of issues from identification through remediation o Proven track record and experience of the following in a highly complex and global organization o Strong problem solving and troubleshooting skills with experience exercising mature judgement o Excellent teamwork and interpersonal skills Certification Professional security management certification preferred, such as GIAC Certified Forensic Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE), Certified Information Systems Security Professional (CISSP), or other similar credentials Skills/abilities Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies, and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels Possess strong organizational skills to facilitate management and tracking of large numbers of incidents, events, and efforts. Ability to adapt and operate in a high-tempo, dynamic and stressful environment. Sound knowledge of business management and an expert knowledge of information / cybersecurity strategy and governance Operational knowledge of preventive and detective security controls (e.g., firewalls), advanced endpoint solutions , Web Application Firewalls (WAF), Data Loss Prevention (DLP), web security solutions, email gateways, Security Information and Event Management (SIEM)) Operational knowledge of general IT technologies and concepts (e.g., routers, switches, messaging systems, server operating systems (Windows, Linux, Unix), desktop and mobile operating systems (Windows, macOS, iOS, Android), cloud services and architecture, and vulnerability management. Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework Experience recording and maintaining incident documentation within a ticketing system Understanding of incident response in a Cloud based environment and experience with cloud solutions Experience leading cyber security incident response during normal daily operations or against advanced persistence threats. Ability to quickly analyze large amounts of information and formulate action plans based on that analysis. Experience interpreting, searching, and manipulating data within enterprise logging solutions. Strong understanding of SIEM technologies Ability to travel as needed (0%) How you’ll grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in exactly the same way. So, we provide a range of resources including live classrooms, team- based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India. Benefits to help you thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 305067

Ready to shape the future of work? At Genpact, we don’t just adapt to change—we drive it. AI and digital innovation are redefining industries, and we’re leading the charge. Genpact’s AI Gigafactory, our industry-first accelerator, is an example of how we’re scaling advanced technology solutions to help global enterprises work smarter, grow faster, and transform at scale. From large-scale models to agentic AI, our breakthrough solutions tackle companies’ most complex challenges. If you thrive in a fast-moving, tech-driven environment, love solving real-world problems, and want to be part of a team that’s shaping the future, this is your moment. Genpact (NYSE: G) is an advanced technology services and solutions company that delivers lasting value for leading enterprises globally. Through our deep business knowledge, operational excellence, and cutting-edge solutions – we help companies across industries get ahead and stay ahead. Powered by curiosity, courage, and innovation, our teams implement data, technology, and AI to create tomorrow, today. Get to know us at genpact.com and on LinkedIn, X, YouTube, and Facebook. We are inviting applications for the role of Consultant - IT Audit In this role, you will be responsible for delivering solution offerings primarily related to IT-SOX. Demonstrate IT operational risk knowledge/experience including design of effective control processes, development of test requirements and/or testing controls for efficiency Responsibilities Ensure client service delivery in accordance with the quality guidelines & methodologies. Build and maintain client relationship by understanding and being responsive to client needs and ensuring high quality of work. Contribute in people and knowledge development initiatives by developing training material and conducting training Demonstrate strong analytical thinking and interpersonal skills including the ability to research and understand sophisticated processes and effectively communicate them to interested parties Demonstrate superior relationship building and relationship leadership skills Qualifications we seek in you! Minimum qualifications B.E., B.TECH, M.TECH, MCA (Preferred) / MBA Required overall experience in testing/reviewing and implementation of ITGC controls, CoBit 5 and developing COSO framework Preferred qualifications Good understanding of CoBIT 5 Domains of Access Management, SLDC& Change and Computer Operations and Control Design and Testing of SOX IT General Controls (ITGC) and IT Application Controls (ITAC) Strong understanding of general IT processes and controls and the aptitude to ensure the appropriate controls are crafted to mitigate the risks and must be able to demonstrate outstanding communication skills to ensure ability to clearly articulate and negotiate with the external auditors. In depth knowledge/experience of technology processes, systems and infrastructure including project management, change management, access management and data processing operations such as job scheduling and monitoring, problem management and backups Experience working with internal and external auditors Superior verbal communication skills including the proven track record to negotiate solutions in challenging situations with both technology and non-technology business partners. Willingness to travel (20-30% time) Proficient in Microsoft Office including but not limited to: Word, Excel, Visio, Access Innovative and always looking for continuous improvement in order to develop succession plan for staff Why join Genpact? Be a transformation leader – Work at the cutting edge of AI, automation, and digital innovation Make an impact – Drive change for global enterprises and solve business challenges that matter Accelerate your career – Get hands-on experience, mentorship, and continuous learning opportunities Work with the best – Join 140,000+ bold thinkers and problem-solvers who push boundaries every day Thrive in a values-driven culture – Our courage, curiosity, and incisiveness - built on a foundation of integrity and inclusion - allow your ideas to fuel progress Come join the tech shapers and growth makers at Genpact and take your career in the only direction that matters: Up. Let’s build tomorrow together. Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation. Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a 'starter kit,' paying to apply, or purchasing equipment or training. Job Consultant Primary Location India-Hyderabad Education Level Bachelor's / Graduation / Equivalent Job Posting Jun 18, 2025, 11:12:55 PM Unposting Date Ongoing Master Skills List Consulting Job Category Full Time

Job Description: Security, Risk and Technology Strong knowledge of financial services and insurance industry regulations around security and privacy including the Gramm-Leach-Bliley Act, State Privacy Laws, Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act, SEC Rules 17a-3 and 17a-4, and state security breach disclosure notification laws. Ability to relate these regulations back to security controls. Understanding and application of information security standards and best practices including NIST Cybersecurity Framework, ISO 27001-4, CoBIT, Cloud Security Alliance, etc. Ability to identify risks, quantify them, and help recommend and design mitigations. Broad knowledge of Unix, Linux, Windows and mainframe server environments. Knowledge of various database platforms. Strong knowledge of best practice processes and technologies across security domains especially related to identity and access management, network security, logging and monitoring. Knowledge of at least one cloud services platform (Amazon Web Services, Microsoft Azure, Google Cloud or Oracle Cloud) Education / Experience: Security, compliance, audit or risk covering a wide area of technologies and security domains including those previously mentioned. Financial industry or highly regulated industry background (Insurance, Banking, etc.) Project work experience with a recognized security, audit, or risk consulting firm a plus CISSP, CISA, CISM or other security/control certifications a plus. Bachelor’s degree or higher – preferably in Computer Science, Engineering, or a related scientific fields Communication Excellent verbal and written communication skills Ability to develop and QA/oversee development of high quality project artifacts Ability to collaborate, influence and communicate successfully in different ways concisely to different audiences (i.e., in business terms to business people, in technical terms to technical people) Able to develop and present dashboards Engagement Proven ability to engage with customers (IT and Business) and consultants in a highly professional and competent manner. Understanding and experience with project life cycles using proven methodologies – from analysis through implementation with hands-on deliverable development. Ability to work in a matrix reporting environment A practiced ability to influence peers, customers and project teams to make security minded decisions and changes Ability to scope projects, developing project charters, requirements, documenting issues and work plans, vendor selection, product/process design and implementation, change management/communication a plus. Location: This position can be based in any of the following locations: Chennai, Gurgaon Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday

JOB DESCRIPTION KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature QUALIFICATIONS Qualifications for Internal Candidates IT Audit + SAP experience with knowledge of IT governance practices Prior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Preferred Certifications – CISA/CISSP//CISM Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal employment opportunity information: KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

POSITION DESCRIPTION JOB TITLE Cyber Governance Manager GRADE CM DEPARTMENT Risk - LOCATION HO SUB-DEPARTMENT Information Security TYPE OF POSITION Full-time II. ROLE PURPOSE & OBJECTIVE The Cyber Governance Officer under the direct supervision of the CISO is responsible for planning and development of information security policies. Plans and manages information security compliance audits and reviews in line with the ISMS Internal audit plan and request / advice from the CISO and as per the security assessment and compliance policy. Cyber Governance Manager - Job Description Business/ Financials Planning and developing security policy and standard documents. Periodically reviewing the policy and standard documents. Plan and manage information security compliance audits and reviews in line with the ISMS Internal audit plan and request / advice from the CISO and as per the security assessment and compliance policy. Supporting Ujjivan’s IS compliance. Planning, delivering and managing information security awareness initiatives within Ujjivan. Acting on threat intelligence Management of Application security Audits/Vulnerability Assessments/Penetration Testing/Red Team Exercises Management of Cyber Drills Privacy Framework Implementation Customer Keeping customer information safe and secure. Internal Process Adhering to information security policy procedure and guidelines. Working on improving internal process for better security and efficiency. Learning & Innovation Should continuously work on gaining and improving information security updates on best practices, new threats and countermeasures to secure the Ujjivan information security. V. MINIMUM REQUIREMENTS OF KNOWLEDGE & SKILLS Educational Qualifications Bachelor’s degree in Computer Science or related field. Experience 7-8 years Certifications CISM/CISSP/CISA/CRISC/ISO/IEC27001 Functional Skills Experience in Information security governance and management. Must have hands on experience in risk assessment and training Knowledge of ISO 27001, 31000, COBIT, NIST Frameworks related to Information Security, Privacy Frameworks such as GDPR, familiarity with RBI Cyber Security Framework. Show more Show less

Key Responsibilities IT Strategy Leadership: Define and drive IT strategy in alignment with Blackstones retail digital transformation goals. Ensure technology supports mall operations, marketing, tenant services, and customer experience. IT Infrastructure Operations: Oversee end-to-end IT infrastructure: networking, servers, surveillance (CCTV), EPABX, Wi-Fi, POS systems, elevators, BMS, and smart parking systems. Ensure 24x7 uptime, disaster recovery planning, cybersecurity, and vendor SLA compliance. Retail Technology Implementation: Implement cutting-edge mall technologies: digital signage, customer analytics, loyalty platforms, mobile apps, and footfall tracking. Support e-commerce integration and omnichannel retail strategies for tenants. Team Vendor Management: Lead the IT support team and coordinate with third-party technology vendors. Evaluate and onboard IT service providers, hardware/software suppliers, and AMC contracts. Compliance Reporting: Ensure compliance with data privacy, financial audit, and cybersecurity standards. Provide regular reporting to Blackstone leadership on KPIs, project status, risks, and budgets. Required Qualifications Experience Bachelors degree in Computer Science, IT, Electronics or related field (Masters preferred). 10+ years of IT leadership experience, preferably in malls, large retail, hospitality, or commercial real estate. Proven experience in managing large-scale IT operations, infrastructure upgrades, and smart technologies. Familiarity with ITIL, ISO 27001, or COBIT frameworks. Strong stakeholder management, budgeting, vendor negotiation, and crisis handling skills. This job is provided by Shine.com Show more Show less

Job Title: Lead – IT Governance Location: Chennai Job Type: Full-time Job Overview: We are seeking a seasoned IT Governance professional to join our team and play a pivotal role in strengthening the bank's IT governance structure. This role is responsible for defining and driving IT governance strategies that ensure regulatory compliance, risk management, operational efficiency, and alignment of IT initiatives with business goals. The ideal candidate will bring deep expertise in IT governance frameworks, regulatory mandates (including RBI, SEBI, PCI DSS etc), and cross-functional leadership—particularly within the banking or financial services sector. Key Responsibilities: Design and maintain IT governance frameworks aligned with strategy and regulations. Establish IT policies, standards, and procedures across all domains (cybersecurity, infrastructure, applications, vendor management). Ensure adherence to RBI guidelines, PCI DSS, ISO 27001, DPDP Act, and related laws. Coordinate audits and regulatory inspections; oversee closure of compliance findings. Conduct IT risk assessments; manage risk registers and KRIs. Monitor control testing and implement risk mitigation plans, including vendor IT compliance. Develop governance dashboards and reports for CXOs and Board Committees. Lead IT assurance activities, audits, self-assessments, and certification efforts. Serve as liaison among business units, risk teams, and regulators. Lead cross-functional governance initiatives and drive awareness programs. Oversee IT compliance programs, regulatory submissions, and third-party risk management. Track emerging regulations and evaluate their impact on IT governance. Qualifications: Bachelor’s or Master’s degree in Information Technology, Computer Science, Information Systems, or related field. 8–12 years of relevant experience, with at least 5 years in a IT governance or compliance role in the banking/financial services industry. In-depth understanding of IT governance and compliance frameworks including: COBIT, ISO 27001, ISO/IEC 38500, NIST CSF, ITIL Regulatory guidelines: RBI, SEBI, DPDP Payment card industry standards (PCI DSS) and associated audit requirements Proven ability to interface with senior stakeholders and regulatory bodies. Experience in implementing IT governance tools and automation for policy enforcement, reporting, and risk assessments. Preferred Certifications: CISA – Certified Information Systems Auditor CISM – Certified Information Security Manager CRISC – Certified in Risk and Information Systems Control CGEIT – Certified in the Governance of Enterprise IT ISO 27001 Lead Auditor / Implementer PCI DSS Implementer / QSA knowledge Additional Competencies: High degree of integrity, accountability, and business acumen. Ability to lead cross-functional teams and influence outcomes without direct authority. Strong written and verbal communication skills to interact with executive leadership and regulators. Demonstrated ability to drive governance or compliance initiatives Show more Show less

Join our Team Job Summary We are seeking a BMC Helix ITSM Administrator to manage, support, and optimize BMC Remedy ITSM applications. The ideal candidate should possess deep technical expertise in BMC ITSM modules, strong troubleshooting skills, and a solid understanding of ITIL processes. Provide support and configuration for core BMC ITSM modules: Incident, Problem, Change, Asset, and Service Request Management. Design and implement workflow customizations, filters, escalations, and business rules. Configure custom approval flows, notification mechanisms, and dynamic data forms within Smart IT and Digital Workplace (DWP) Provide performance tuning, upgrade support, and migrations. Develop custom modules and smart applications using BMC Innovation Studio Build and maintain REST/SOAP API integrations with external systems such as Active Directory etc. Required Skills & Qualifications: 8+ years of experience in BMC Remedy / Helix ITSM administration Deep hands-on experience with Developer Studio, Innovation Studio, and Smart IT Proven track record of designing and customizing ITSM workflows and module-level enhancements Strong understanding of CMDB architecture, Discovery integration, and service modelling Experience in enterprise integration using REST, SOAP, and middleware connectors Proficiency in designing dashboards using BMC Smart Reporting and other BI tools Strong problem-solving and RCA skills in high-availability production environments Excellent understanding of ITIL v4 practices; experience in compliance-driven environments (e.g., SAMA, NCA ECC) Nice-to-Have Skills: Exposure to BMC Helix Innovation Suite Smart Apps development Familiarity with container orchestration (e.g., Docker/Kubernetes for Helix on-prem setups) Scripting experience (Python, JavaScript, Shell) for automation and integration tasks Knowledge of database query tuning and BMC system schema (PostgreSQL, Oracle) Awareness of compliance frameworks like SAMA CSF, NCA ECC, ISO 27001, or COBIT Experience with Agile/DevOps environments and CI/CD integrations (e.g., Jenkins, Git) Familiarity with BMC Discovery, BMC Helix ITOM, or AIOps features is an advantage Preferred Certification: BMC Certified Professional: Helix ITSM BMC Certified Developer: Helix Innovation Suite BMC Certified CMDB Specialist ITIL v4 Foundation or Managing Professional Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Noida Req ID: 767833 Show more Show less

POSITION DESCRIPTION JOB TITLE Lead – IT Risk & Business Continuity GRADE VP-I DEPARTMENT Risk LOCATION HO SUB-DEPARTMENT IT Risk TYPE OF POSITION Full-time REPORTS TO Chief Risk Officer (CRO)/Head Ops RISK REPORTING INTO Manager – IT Risk ROLE PURPOSE & OBJECTIVE (A two to three line statement outlining the objective or the reason for which the job exists. What would not get done in the organization if this role did not exist?) Oversee and drive technology risk management focusing on application, infrastructure, availability, reliability and disaster recovery processes. Drive business continuity program of the organization as per the BIA – Business Impact Analysis Leading third party risk management process in alignment to organization outsourcing policy. Responsible for monitoring and managing overall IT Operational Risk posture of the bank Responsible for conducting Root cause analysis on critical IT incidents and implement preventive measures. Responsible for reviewing the RBAC (Role Based Access Control) and to ensure User access review is conducted for the critical applications on defined frequency as per the User Access Management Policy. Work with IT to minimize the recurring instances of gaps in system implementation that results in customer services issues Perform annual/semi-annual review of technology, BCP and outsourcing risks in a structured manner for internal and external (RBI- ICAAP) reporting. SIZE OF THE ROLE (Mention the financial number as applicable for the role. Few examples given below) (Mention the non-financial number as applicable for the role. Few examples given below) FINANCIAL SIZE NON-FINANCIAL SIZE Budget related to business continuity, Information Technology General Control (ITGC) Team of 3-4 managers and 2-3 specialist Regular interaction internal stakeholders – Business heads, IT Solution Delivery heads, IT Application service Management heads, IT Governance head, Head Digital Banking, Principal Nodal Officer, National Manager – Compliance, National Manager – Legal, National Manager – CPMT, Head Alliance and Electronic Payments. KEY DUTIES & RESPONSIBILITIES OF THE ROLE (These responsibilities are representative and the role holder is also responsible for any other job assigned by the superior authorities from time to time. This section in not intended to be an exhaustive listing of all activities done by the role holder. It should capture only the key deliverables and responsibilities of the role) Business/ Financials Design, develop and maintain technology risk and general control framework by incorporating relevant standards and good practices such as ITIL, COBIT, ISO and NIST. Drive design effectiveness assessments and operational effectiveness testing for controls and key risk mapped to technology threat vectors. Oversee development, review and maintenance of Business continuity framework and plans for organization resilience during disruptive events. Ensure annual Business Impact Analysis (BIA) are carried out to develop and maintain business continuity recovery strategies. Drive evaluation of potential risks associated with emerging technology, new projects and system changes Continually improve the quality of the risk management through evaluation of IT operations process like change management, patch management, incident management, backup and disaster recovery. Manage third party Technology and Operational risk management for all third parties by identifying, evaluating, reporting risks in their environment. Ensure comprehensive risk assessments, controls testing are conducted in alignment with the enterprise risk framework. Articulate, monitor and measure Technology and Operational Risk through appropriate assessments, Key Risk Indicators (KRIs), Enterprise Risk Indicators (ERI) and by developing appropriate responses to address changing business needs and control requirements. Set and manage strategic development and tactical implementation of compliance plans of Technology and operational Risk. Drive continuous improvement in organization resilience by monitoring business continuity drills recovery objectives and strategies. Perform annual/semi-annual review of technology, BCP and outsourcing risks in a structured manner for internal and external (RBI- ICAAP) reporting. Customer (Both Internal & External) Drive business continuity or resiliency preparedness for the organization. Support business continuity of customer services during disruptive events Collaborate with stakeholders involved in the Business, control and support functions Support the stakeholders in gathering information and preparing for all tech risk related reporting and meeting, i.e. internal and external audit, regulatory interaction, etc. Document and report IT risks and business continuity issues to Chief Risk Officer (CRO), management committees and other stakeholders Internal Process Evaluate policies, standards, processes and procedures for completeness and recommend enhancements. Ensure user access review of all business applications, servers, security and networking devices are conducted on a periodic basis. Drive post incident analysis along with impact assessment for downtime of IT application and services. Ensure Business Continuity Plans (BCPs) are periodically reviewed, tested and updated to reflect changing needs and lessons learned. Innovation & Learning Disseminate and educate the organization on IT Risk policies, procedures and guideline to all concerned. Builds and monitors manpower with sufficient knowledge, experience, professional qualifications and appropriately skilled resources to deliver as per the plan to meet the organization objectives. Monitor the knowledge levels and identify skills gaps of the team and put in place a continuous training program to update their knowledge and skills. Prescribe various learning interventions for the organization based on patterns of risk, regulatory requirements and need of the organization. Stay knowledgeable of laws, rules, regulations and current trends in all areas of Technology Risk and Business Continuity. MINIMUM REQUIREMENTS OF KNOWLEDGE & SKILLS Educational Qualifications Bachelor’s Degree in Computer Science or Information Technology OR Post-Graduation or master’s degree in Computer Science/ Computer Application Experience Range (Years and Core Experience Type) Mandatory experience of 14 to 20 years in Technology Risk Management, IT Governance & Business continuity Desired experience of 7 to 10 years in Banking Industry Good understanding of industry best practices in technology risk frameworks such as National Institute of Standards and Technology (NIST), Control Objectives for information and Related Technology (COBIT), ISO 22301, Information Technology Infrastructure Library (ITIL) , IT Act, RBI guidelines on IT risk and governance, Audit frameworks and best practices. Sound knowledge in the domains of IT Operations, IT Service Management, Business Continuity, Cloud, IT applications & infrastructure at the organization level. Good exposure to risk assessment including third party risk assessment. Strong Project Management skills Certifications The certification such as CISM, CISA, CEGIT, ISO 22301 will be added advantage Functional Skills Sound Computer knowledge (MS Office, Outlook, MS PowerPoint) / Ease of technology usage Basic knowledge of Banking Industry, Banking IT applications Enterprise Risk Management, Operational Risk Management and Business Continuity Show more Show less

Job Description KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature Responsibilities Responsibilities for Internal Candidates Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster Recovery Perform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk & Control Matrix. Perform business process walkthrough and controls testing for IT Audits. Performing planning and executing audits, including - SOX, Internal Audits, External Audits Conducting controls assessment in manual/ automated environment Prepare/Review of Policies, Procedures, SOPs Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations. Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the work to be performed. Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project’s progress. Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables. Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status. Qualifications Qualifications for Internal Candidates IT Audit + SAP experience with knowledge of IT governance practices Prior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Preferred Certifications – CISA/CISSP//CISM Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal Employment Opportunity Information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Show more Show less

JoVE (www.jove.com) is a USA based company producing video solutions with the mission to advance scientific research and education. Our institutional clients comprise over 1,000 universities, colleges, and biopharma companies, including such leaders like Harvard, MIT, Yale, and Stanford. As a rapidly growing company, with offices in the USA, UK, Australia, and India servicing clients in over 60 countries, we are seeking talented individuals to join our company. We are seeking an experienced Technical Support Engineer to join our team, working closely with the global Support and Engineering teams. Your primary focus will be resolving critical issues and providing the Support team with tools and solutions to ensure JoVE customers receive the highest level of service possible. If you're passionate about pioneering solutions and want to shape our company's future through creative exploration of new possibilities, we want you on board. Responsibilities Work directly with the Support and Engineering team to Triage and handle critical support issues or bugs. Tackle software debugging and identify code defects for remediation. Provide support to answer inquiries on products. Accept and handle technical requests. Collaborate with L2 teams to solve customer inquiries. Create, curate and maintain knowledge articles. Follow communication procedures, guidelines and policies. Provide accurate, valid and complete information by using the right methods/tools. Build sustainable relationships and trust with customers and other internal teams through open communication. Handle customer complaints, provide appropriate solutions and alternatives within the time limits; follow up to ensure resolution. Keep records of customer interactions, process customer accounts and file documents. Performs other specific duties or assignments as directed by Team Manager. Requirements: 3+ years of demonstrable experience in technical customer support. 2+ years of experience with web application frameworks such as PHP, Typescript, JavaScript, React, NodeJs, Symfony, Laravel, Wordpress, React, or similar. GraphQL experience is a plus. Excellent communication and interpersonal skills, verbal and written, are required to effectively and accurately communicate in English. Must have technical/diagnostic ability along with analytical ability to diagnose problems above basics, and basic mechanical skills. Ability to communicate with both technical and non-technical personnel in a clear and easy fashion. Ability to work with minimal supervision and research using traditional and online resources. Good understanding of KPIs and Metrics. Embraces the concepts of Agile Scrum software development and its related collaboration and issue-tracking tools (e.g., JIRA, Rally) Embraces the concepts of ITIL and COBIT framework and its related collaboration and issue-tracking tools (e.g., Zendesk, Service Desk) Availability to work Eastern time zone - NY Time (8 AM to 5 PM) Why Join JoVE? A competitive compensation package including unlimited commissions on your sales You will make a direct impact in accelerating science research and education. Opportunity to work with global teams and in an environment that promotes innovation and collaboration. Our strong promotion from within culture draws a clear path to advance your career with us Show more Show less

Job Description: Security, Risk and Technology Strong knowledge of financial services and insurance industry regulations around security and privacy including the Gramm-Leach-Bliley Act, State Privacy Laws, Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act, SEC Rules 17a-3 and 17a-4, and state security breach disclosure notification laws. Ability to relate these regulations back to security controls. Understanding and application of information security standards and best practices including NIST Cybersecurity Framework, ISO 27001-4, CoBIT, Cloud Security Alliance, etc. Ability to identify risks, quantify them, and help recommend and design mitigations. Broad knowledge of Unix, Linux, Windows and mainframe server environments. Knowledge of various database platforms. Strong knowledge of best practice processes and technologies across security domains especially related to identity and access management, network security, logging and monitoring. Knowledge of at least one cloud services platform (Amazon Web Services, Microsoft Azure, Google Cloud or Oracle Cloud) Education / Experience: Security, compliance, audit or risk covering a wide area of technologies and security domains including those previously mentioned. Financial industry or highly regulated industry background (Insurance, Banking, etc.) Project work experience with a recognized security, audit, or risk consulting firm a plus CISSP, CISA, CISM or other security/control certifications a plus. Bachelor’s degree or higher – preferably in Computer Science, Engineering, or a related scientific fields Communication Excellent verbal and written communication skills Ability to develop and QA/oversee development of high quality project artifacts Ability to collaborate, influence and communicate successfully in different ways concisely to different audiences (i.e., in business terms to business people, in technical terms to technical people) Able to develop and present dashboards Engagement Proven ability to engage with customers (IT and Business) and consultants in a highly professional and competent manner. Understanding and experience with project life cycles using proven methodologies – from analysis through implementation with hands-on deliverable development. Ability to work in a matrix reporting environment A practiced ability to influence peers, customers and project teams to make security minded decisions and changes Ability to scope projects, developing project charters, requirements, documenting issues and work plans, vendor selection, product/process design and implementation, change management/communication a plus. Location: This position can be based in any of the following locations: Chennai, Gurgaon Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday Show more Show less

Genpact (NYSE: G) is a global professional services and solutions firm delivering outcomes that shape the future. Our 125,000+ people across 30+ countries are driven by our innate curiosity, entrepreneurial agility, and desire to create lasting value for clients. Powered by our purpose - the relentless pursuit of a world that works better for people - we serve and transform leading enterprises, including the Fortune Global 500, with our deep business and industry knowledge, digital operations services, and expertise in data, technology, and AI. Inviting applications for the role of Principal Consultant, IT Risk and Controls The IT Risk and Controls Analyst/Manager is responsible for identifying, assessing, monitoring, and reporting on IT-related risks and ensuring that appropriate internal controls are in place and operating effectively. This role supports the development and implementation of IT risk management frameworks and works closely with internal audit, cybersecurity, compliance, and IT operations teams. Responsibilities . Perform risk assessments on IT systems, processes, and vendors. . Develop and maintain IT risk registers and control matrices. . Evaluate and enhance the effectiveness of IT general controls (ITGCs) and application controls. . Support audit readiness and coordinate responses to internal/external audit findings. . Implement and monitor controls aligned with regulatory and compliance frameworks (e.g., SOX, ISO 27001, NIST, COBIT). . Partner with business and IT stakeholders to design and implement risk mitigation strategies. . Manage and report on key risk indicators (KRIs) and control metrics. . Conduct IT control testing and support risk-based control reviews. . Assist with third-party/vendor risk assessments and due diligence processes. Support business continuity and disaster recovery planning from a risk perspective. Qualifications we seek in you! Minimum Qualifications / Skills B.Tech/B.E/ MCA Excellent written and verbal communication skills Preferred Qualifications/ Skills Solid understanding of IT risk frameworks (e.g., NIST, COBIT, ISO 27001). Experience with SOX compliance and ITGCs. Strong analytical, communication, and stakeholder management skills. Proficiency in tools such as GRC platforms (e.g., Archer, ServiceNow GRC) and Excel. Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation. Get to know us at and on , , , and . Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a %27starter kit,%27 paying to apply, or purchasing equipment or training.

About ACA: ACA Group is the leading governance, risk, and compliance (GRC) advisor in financial services. We empower our clients to reimagine GRC and protect and grow their business. Our innovative approach integrates consulting, managed services, and our ComplianceAlpha® technology platform with the specialized expertise of former regulators and practitioners and our deep understanding of the global regulatory landscape. Position Summary: The Information Risk Analyst is responsible for the monitoring of compliance with the information security policies and programs of ACA. This position handles third party risk management, internal control and data governance tasks based on established processes, and assists with incident response. This position needs to understand the security vision and work towards realizing it. This position is responsible for finding ways to apply new departmental ideas into their daily work. This position needs a self-starter who works to improve their own effectiveness as well as provides ad-hoc suggestions for broader improvements for our security architecture, specifically as it relates to the effectiveness of risk and governance. Execution of assigned tasks on time and on quality with oversight and assistance from others. Job Duties: Assists in the development and maintenance of Information Security governance requirements (e.g. policies and standards). Assists in the design of and facilitates the execution for ongoing compliance monitoring controls. Performs vendor due diligence by evaluating and assessing potential risks posed by third party vendors. Ensures the proper handling of sensitive data and its compliance with established polices and applicable regulatory frameworks. Helps improve and maintain a comprehensive data governance framework Stays up to date on developments with relevant laws and regulations to ensure the organization remains compliant. Assists in internal audits and communicates across the organization on items which may require remediation. Recommends risk treatment options for technical projects or other initiatives. Participates in incident response exercises. Assists with the incident management of any discovered security incidents. Assists with identifying gaps in IT controls and generating mitigation recommendations. Helps system owners make informed risk-related decisions. Assists with responding to customer and partner cybersecurity inquiries. Assists with the research, review, development, and/or enhancement of IT security systems. Performs ad-hoc work/special projects as necessary to support ACA on various client and internal initiatives. Required Education and Experience: Bachelor’s Degree in related field or two years’ of practical experience in related information security or audit role. Knowledge of industry security concepts / frameworks and regulatory standards such as ISO-27001, NIST, COBIT PCI-DSS, GDPR, SOC2 and DORA. Preferred Education and Experience: Bachelor’s Degree in related field Four years’ of practical experience in related information security or audit role Relevant cybersecurity professional certification (e.g., CISA, CGRC, CRISC) Required Skills and Attributes : Demonstrated professional integrity Dependable, flexible, and adaptable to new ACA initiatives and changing client needs Ability to work well in a fast-paced, small-team environment Ability to work independently, multi-task and prioritize effectively Ability to establish and maintain effective working relationships with colleagues and clients Highly motivated and goal oriented; proactive in one’s own education and career progression; volunteers for and shows initiative on both internal and external projects and tasks Dedicated to upholding ACA’s high-quality standards and customer service focus Strong organizational and problem-solving skills with attention to detail Strong oral and written communication skills What working at ACA offers: We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. Our Total Rewards package includes medical coverage fully funded by ACA for employees and their family as well as access to Maternity & Fertility and Wellness programs. ACA also provides Personal Accident Insurance, Group Term Life Insurance, Employee Discount programs and Employee Resource Groups. You’ll be granted time off for designated ACA Paid Holidays, Privilege Leave, Casual/Sick Leave, and other leaves of absence to support your physical, financial, and emotional well-being. What we commit to: ACA is firmly committed to a policy of nondiscrimination, which applies to recruiting, hiring, placement, promotions, training, discipline, terminations, layoffs, transfers, leaves of absence, compensation and all other terms and conditions of employment. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected status. Show more Show less