6 Compliance Assessment Jobs

Technical Excellence Effectively manage assigned project tasks , ensuring that all deliverables are completed on time, within budget, and in compliance with quality standards. Collaborate closely with stakeholders, project sponsors, and clients to define and align on project objectives, scope, and requirements . Proactively identify and manage project risks, issues, and dependencies , implementing timely mitigation strategies. Provide regular communication of project status , risks, and key issues to all stakeholders, ensuring transparency and accountability . Develop and maintain comprehensive project documentation , including project plans, status updates, and risk/issue logs. Ensure all project outcomes adhere to quality benchmarks and are compliant with relevant organizational policies and regulatory guidelines . Skills and Attributes Strong project management capabilities, with a proven ability to lead cross-functional teams in high-stakes environments. Excellent communication and stakeholder management skills , with a solution-oriented mindset. Detail-oriented with the ability to manage multiple priorities and timelines simultaneously . Analytical thinker with a proactive approach to problem-solving and risk mitigation .

Technical Excellence Manage assigned project tasks, ensuring all deliverables are completed on time , within budget, and meet required quality standards. Collaborate with stakeholders, sponsors, and clients to define and agree on project objectives, scope, and requirements . Identify and mitigate project risks , issues, and dependencies through proactive planning and intervention. Provide regular and clear status updates , highlighting project risks and issues to keep all parties informed of progress. Maintain comprehensive project documentation , including project plans, status reports, and risk/issue logs. Ensure all deliverables are quality-assured and compliant with organizational policies and regulations . Skills and Attributes Strong project management and communication skills . Excellent at risk analysis and mitigation planning . Proficient in documentation, reporting, and stakeholder coordination . Analytical mindset with attention to quality, process, and compliance .

At PwC, as an integral part of the audit and assurance team, you will be focusing on providing independent and objective assessments of financial statements, internal controls, and other assurable information. Your role will involve enhancing the credibility and reliability of this information for various stakeholders. You will evaluate compliance with regulations, assess governance and risk management processes, and related controls. Specifically in financial statement audit, your primary objective will be to obtain reasonable assurance about the absence of material misstatement, whether due to fraud or error, and issue an auditor's report containing the auditors" opinion. Your responsibilities will include building meaningful client connections, managing and inspiring others, and navigating complex situations. You will be expected to deepen your technical expertise, grow your personal brand, and be proactive in delivering quality work. Embracing ambiguity and unclear paths, you are encouraged to ask questions, seek opportunities for growth, and anticipate the needs of your teams and clients. To excel in this role, you need to respond effectively to diverse perspectives, use a wide range of tools to generate new ideas, employ critical thinking to solve complex problems, and understand the broader objectives of your projects. Developing a deeper understanding of the business context, interpreting data, and upholding professional and technical standards are essential aspects of this position. As a Senior Associate in Assurance - Specialized Services based in Kolkata, you will be a key player in PwC's core assurance services for clients. Your role will involve understanding and managing the workflow related to work requests, participating in various projects, collaborating across teams, and demonstrating creative thinking and individual initiative. Teamwork is crucial, and you are expected to build strong relationships, seek guidance, and contribute to a positive working environment. Specializing in tasks such as initiating third-party confirmations, preparing audit policy-based documents, and conducting financial statement review procedures will be part of your responsibilities. Adherence to compliance requirements, maintaining knowledge of DC User Guides, managing deadlines, and ensuring the quality of deliverables are also key aspects of this role. Qualification requirements for this position include a B.Com/M.Com/CA Inter/B.Com/M.Com+MBA Finance/CMA/CMA Inter qualification. A minimum of 4 years of accounting/auditing experience is preferred. Strong communication skills, a flexible mindset, and proficiency in Microsoft Office Suite and Adobe Acrobat are essential soft and technical skills needed for this role. Join PwC in Kolkata and be a part of a global network dedicated to building trust in society, solving important problems, and delivering quality in Assurance, Tax, and Advisory services. Visit www.pwc.com to explore more about our purpose and values.,

As a Cybersecurity Risk Analyst at EQ, you will play a vital role in identifying, assessing, and analyzing potential cybersecurity threats and vulnerabilities across the organization's infrastructure, data, applications, mobile devices, and networks. You will work closely with various teams to conduct comprehensive risk assessments, review cloud architectures, and utilize security tools to evaluate the likelihood and impact of security risks. Your collaboration with DevOps and Cloud Engineering teams will be essential in advising on security controls and risk mitigation strategies in AWS and Azure. In addition to risk identification and analysis, you will be responsible for researching and interpreting cybersecurity requirements and standards such as GDPR, NIST, ISO27001, and other regulatory frameworks. Staying up-to-date with evolving cybersecurity regulations at local, national, and international levels will be a key part of your role. You will assist in compliance assessments, gap analysis, and ensure that relevant cybersecurity regulations are incorporated into the risk process for new and changed IT systems and applications. Furthermore, you will be involved in conducting risk analysis of third parties within the Company's supply chain and monitoring significant risk issues to completion. Your role will also include assisting in collecting and organizing data to identify risks, preparing metrics and reports, and creating regular and ad-hoc reports for executives and senior management teams. Engagement with various stakeholders and developers across the organization will be crucial in selecting tailored security training and knowledge sharing sessions on emerging threats and security risk trends. You will support the Information Security Risk Manager in developing and maintaining the EQ Security Risk Process, implementing risk management strategies, and collaborating with IT and security teams to implement technical measures. Your responsibilities will also include analyzing and improving existing information security policies, guidelines, and procedures, as well as defining best practices in the design and coding of proprietary systems. You will provide advice, education, and support to development teams in adhering to security practices using dynamic and static application security testing tools. In summary, as a Cybersecurity Risk Analyst at EQ, you will be at the forefront of identifying and mitigating cybersecurity risks, ensuring compliance with regulatory requirements, and fostering a culture of security awareness and best practices across the organization.,

Key Responsibilities 1. Compliance Assessment: Assess the organisation compliance with the certification standards ISO, VISA, Rupay, Intergraf, CQM, ISMS etc. evaluate process, procedures, practices, and documentation to determine if they meet the standards requirements. Identify any nonconformities or areas of improvement/gaps and guide the business to align to the standards. 2. Risk Analysis: Conduct Risk analysis, identify business/process risks; Introduce control measures and risk mitigation plan. Review the effectiveness and efficiency of internal control system and implement corrective action. 3. Internal Audit: Developing, monitoring, and maintaining internal auditing process in line with business. Prepare internal audit plan, conduct the audit in a defined frequency. Raise observations and guide the business to put control system. Conduct surprise audits, prepare audit analysis report for various departments and to ensure the standards are strictly followed. 4. Advisory role: Review the organisational policies with the certification standards, identify the gaps. Provide valuable advice in framing policies, procedures, norms, and control systems. 5. External Audit: Coordinate with certification agencies, keep up to date with the latest changes in the certification standards, advise the business about the changes and train the respective stakeholders to incorporate the changes. Arrange for external audits, supervise the audit, help the business in closing the nonconformities and observations if any. Also responsible for new certifications. 6. Training: Provide continuous training for the internal auditors and develop them. Train the respective process owners whenever there is change in the certification standards, deviation in the implementation of standards, new certification standards and its documentation requirements. Skills Required 1. Excellent attention to details 2. Analytical thinking 3. Communication skill 4. Ability to train and develop. 5. Team management Technical/Functional Proficiency Required 1. Expertise in ISO and other standards 2. Computer proficiency 3. Drafting reports.

Overview The Information Security Assessment Lead is responsible for safeguarding PepsiCo's digital assets by assessing the cyber risk and compliance of new and changing systems against information security requirements and managing risks associated with IT and Information Security systems throughout the project lifecycle. The ISA Lead will collaborate with various security teams and businesses to facilitate compliance with Information Security standards, provide technical guidance for key strategic initiatives, and drive the secure delivery of technology solutions within PepsiCo. The role heavily focuses on security risk-based assessments, and data-driven decision-making and automation. Responsibilities Security Design Expertise: Proven track record in assessing security designs, including data flow diagrams, architectural blueprints, low-level designs, networking diagrams, authentication mechanisms, and authorization schemes. Must demonstrate experience in aligning these designs with industry standards such as NIST 800-53, ISO 27002, CIS, and OWASP to ensure robust security postures. Skilled at identifying potential security gaps and implementing best practices to fortify system architectures against emerging threats. Familiarity with the latest security tools and technologies, as well as experience in integrating security measures into complex IT environments, is essential. Compliance Assessment: Assess new and changing application designs and requirements to ensure compliance with PepsiCo information security standards. Risk Communication: Identify, quantify, and communicate technology risks impacting the business, recommending resolutions and identifying root causes. Explain scan results (infrastructure, applications, databases) and pen testing results to stakeholders. Threat Modeling: Utilize expert knowledge in threat modeling techniques and methodologies to proactively identify, assess, and prioritize security risks, enabling the organization to implement targeted mitigation strategies and maintain a robust information security posture. Project Lifecycle Reviews: Review IT and Information Security systems throughout the project lifecycle, identifying risks and security requirements, and recommending paths to eliminate identified risks and implement compensating controls. Automated Risk Assessments: Conduct risk-based assessments using automated tools and techniques to prioritize and address security risks. Collaboration and Education: Collaborate with various IT and Business teams to ensure they are knowledgeable about Information Security processes and requirements, influencing them to eliminate or reduce risks. ServiceNow Utilization: Experience using ServiceNow to gather necessary information and data, automating security assessment processes to enhance efficiency and effectiveness. Metrics Management and Reporting: Manage operational metrics related to the ISA and GRC processes, utilizing Power BI for advanced reporting, tracking project progress, and developing corrective action plans. Process Improvement and Proactive Security: Govern Information Security services from the ISA, tracking process metrics, identifying issues, and driving process improvement initiatives. Stay updated with threat intelligence, leverage Azure and cloud security knowledge, and implement Agile and DevSecOps methodologies to integrate security into the development process. Qualifications A minimum of 8 years of experience in Information Security, IT Risk Management, or a similar role. Mandatory Technical Skills: In-depth technical experience and knowledge of infrastructure technologies, networks, web, computing, cloud services, manufacturing equipment, mobile devices, and information (cyber) security. Strong understanding of information security frameworks, regulations, and standards such as NIST 800-53, CIS, and ISO 27002. Proficient in ServiceNow, with the ability to leverage its modules for information gathering, data analysis, and automation of the ISA service. Experience in threat modeling and applying threat modeling methodologies in previous roles. Proficient in Power BI for developing reports and dashboards to support data-driven decision-making. Strong skills in developing ad hoc reports and managing metrics. Knowledge of Azure and general cloud security principles. Ability to read and explain scan (infrastructure, applications, databases) and pen testing results to technical and non-technical stakeholders, guiding them on risk and vulnerability remediation. Mandatory Non-Technical Skills: Proficient in influencing and educating stakeholders on security best practices and policies, ensuring understanding and adherence to security standards. Established a reputation as a trusted adviser, providing expert guidance on information security matters. Strong presence to represent PepsiCo Information Security in complex situations with business and IT partners. Ability to collaborate with various stakeholders, including business units and product managers.