523 It Audit Jobs - Page 16

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. As an IT Security Risk Manager, you would support information security policies, standards, and procedures to secure and protect data. Work directly with user departments to implement procedures and systems for the protection, conservation, and accountability of proprietary, personal, or privileged electronic data. Primary Responsibilities Perform audits to identify control gaps and implement corrective action plans Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Monitor compliance with corrective action plans, and address non-compliance issues appropriately Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools) Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards Facilitate/lead security incident investigation Analyse business requirements and ensure that solutions meet established security policies and controls Maintain metrics and report them. Maintain current knowledge on information security topics and their applicability program requirements Communicate professionally with stakeholders/end users through multiple communication Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Bachelor's degree or higher level of education 4+ years of Information security experience Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Proven auditing skills and the ability to manage risk assessments / projects independently Proven excellent communication skills both verbal and written Proven good presentation skills particularly ability to present technology elements in manner personnel can follow and act Preferred Qualification CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.

Job Description : Approve, within the given mandate, all tier 2-4 Vendor assessments. Advice Global TPCRM and Global DPO on tier 1 Vendor assessments. Collect and evaluate latest Vendor Assurance documents (ISO 27001 certificates and SOC2 statements, tier 1-2) and store them. Escalate high risks to Global TPCRM and Global DPO Launch relevant Vendor assessments (internal and external) Support business departments (Global and OPCOs) and Vendors filling in Vendor assessments Reports: Monthly reporting on Key Performance Indicators (KPI) Reports on Vendor risks, threats or findings Exp : 3+ years Expertise with Vendor Risk Management, GRC, and ISO 27001. Shift timing : 1.00 PM-10 PM IST Hybrid mode of work Location : Hyderabad Notice Period : Immediate- 30 days only.

We are looking for a highly skilled and experienced Risk Consulting Senior Associate 1 to join our team in Bengaluru. The ideal candidate will have 3-5 years of experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Roles and Responsibility Develop an understanding of RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review control's design and operating effectiveness. Conduct IT internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to advise clients. Ensure documentation complies with quality standards and collaborate effectively with RSM consulting professionals, supervisors, and senior management. Manage multiple concurrent engagements and provide timely, high-quality client service that meets or exceeds expectations. Utilize problem-solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to best advise our clients. Exercise professional skepticism, judgment, and adhere to the code of ethics while on engagements. Ensure service excellence through prompt responses to internal and external clients. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing an integrated service delivery. Ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 3-5 years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Intermediate knowledge of financials, operations, and technology and its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Strong multi-tasking and project management skills. Excellent verbal and written communication (English) as this is a client-facing role and requires frequent communications with RSM International clients.

Visa is looking for a candidate to join its Cybersecurity 3rd Party Technology Risk Management (3PTRM) team as an Associate Cybersecurity Analyst, which works with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet Visa security requirements and mitigate any risks that are associated with engagement of third parties. The Analyst will work closely with Supplier Relationship Owners (SROs) and other Cybersecurity teams such as penetration testers, security architects, etc to assess and monitor third parties that do business with Visa. The role requires the candidate to have strong analytical, communication, and organizational skills, as we'll as a solid understanding of cybersecurity concepts and best practices. Essential Functions: Perform risk/security assessments of Suppliers and Third-Party relationships to identify, validate and remediate risks Cybersecurity Risks. This may include performing interviews, document design assessments and walkthroughs of cybersecurity controls. Support ongoing monitoring of Suppliers and Third Party to review compliance against compliance and regulatory requirements. Participate and conduct onsite assessments of Third Parties against Visa s security framework and industry security standards. Support risk/security assessments for special projects involving Third Parties. Support PCI-related activities relevant to third parties to ensure compliance with PCI requirements. Exhibit pragmatism in formulating process remediation and implementation strategies, defining work tracks, and submitting assessment findings and recommendations. Proactively follow-up with Suppliers to ensure prompt remedial actions for assessment findings. Basic Qualifications: Bachelors degree, OR 3+ years of relevant work experience Preferred Qualifications: 2 or more years of work experience. Bachelor s degree in Computer Science, Information Systems, Engineering, or related field, or equivalent work experience. Minimum of 1 years of experience in cybersecurity, IT audit, or IT risk management. Experience in cybersecurity, IT audit, risk management, compliance, or related fields. Knowledge of cybersecurity frameworks and standards such as NIST, ISO, PCI, etc. Strong written and verbal communication skills, and ability to communicate effectively with technical and non-technical audiences. Ability to work independently and collaboratively in a fast-paced environment. Certifications such as CISSP, CISA, CISM, CRISC, or equivalent are preferred.

We are looking for a highly motivated and detail-oriented individual with 0 to 3 years of experience to join our team as a Risk Consulting Associate in the IT SOX domain. The ideal candidate will have excellent analytical skills, strong knowledge of financial services, and a passion for delivering high-quality results. Roles and Responsibility Develop an understanding of RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review control design and operating effectiveness. Conduct internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions. Ensure documentation complies with quality standards. Collaborate with RSM consulting professionals, supervisors, and senior management in the U.S. daily. Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients. Provide timely, high-quality client service, coordinating the development and execution of the consulting work plan and client deliverables. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing integrated service delivery. Ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 0-3 years of relevant experience in Information Technology/Security Controls, SSAE18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Intermediate knowledge of financials, operations, and technology and its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Strong multi-tasking and project management skills. Excellent verbal and written communication (English) as this is a client-facing role requiring frequent communications with RSM International clients.

Role & responsibilities Strong understanding of ITGC, ITAC, SOC reports, and working knowledge of Audit tools & ServiceNow (SNOW) • Exposure to SOX, NIST 800-53, ISO 27000 series standards. Ability to support and document audit findings including action plans, remediation timelines, and closure tracking. Comfortable working from office/client location and in shift-based schedules Strong communication, stakeholder management, and project management skills Candidates holding CISA, CISM, ISO 27001 certifications will have an added advantage Preferred candidate profile Educational Background: Graduation / B.E. / B. Tech in any specialization Required Experience: 1-8 years in IT Audits, including ITGC, SOX / ICFR / IFC / SAS 70 / SSAE / SOC. Experience with IT Financial Audit, Business Automated Controls, and IT Risk Consulting or other compliance/regulatory audits. Perks and benefits How you'll grow At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there is always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their careers Explore Deloitte University, The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you

Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster RecoveryPerform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk Control Matrix Perform business process walkthrough and controls testing for IT Audits Performing planning and executing audits, including - SOX, Internal Audits, External AuditsConducting controls assessment in manual/ automated environmentPrepare/Review of Policies, Procedures, SOPsMaintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables Demonstrate a thorough understanding of complex information systems and apply it to client situations Use extensive knowledge of the clients business/industry to identify technological developments and evaluate impacts on the work to be performed Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project s progress Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status

Role Overview: We are seeking an experienced Audit and IT Control Compliance Professional to join our team in Chennai. In this role, you will be responsible for ensuring that the organization's financial operations and IT systems comply with internal and external audit standards and regulatory requirements. You will also manage compliance with IT controls, including security processes, vulnerability management, patching, and ensuring adherence to industry best practices.Key Responsibilities:- Perform audits and assessments of financial systems and IT operations, identifying compliance gaps and proposing effective solutions.- Coordinate internal and external audits related to IT controls, ensuring timely completion and addressing audit queries effectively.- Review financial data and IT systems to ensure compliance with established audit standards and best practices.- Ensure compliance with regulatory requirements such as SOX, GDPR, ISO 27001, and other relevant standards.- Conduct assessments and reviews of IT controls, including access controls, change management, patch management, and vulnerability management.- Identify areas of improvement in security processes such as patching, security vulnerabilities, and risk mitigation.- Monitor and report on the status of compliance with internal IT policies and external regulatory requirements.- Implement and maintain IT control frameworks and ensure that IT policies, procedures, and practices align with corporate governance.- Collaborate with IT and security teams to assess, test, and validate security controls related to patch management, vulnerability remediation, and risk management.- Participate in security audits, ensuring compliance with security standards and protocols.- Develop and maintain documentation and records for audits, ensuring a traceable and transparent process.- Recommend improvements and assist in the implementation of security measures to minimize risk and protect business-critical data.- Communicate audit findings, issues, and concerns effectively with senior management and relevant stakeholders.- Create clear and concise audit reports detailing findings, recommendations, and required actions to maintain compliance.- Provide expert advice to business units on the implementation of best practices for IT controls and security measures.- Assist in the development of compliance and audit strategies to improve overall business operations.- Stay current with industry trends, regulatory changes, and audit methodologies to ensure continuous improvement in compliance efforts.- Recommend and support the implementation of best practices to improve overall audit and IT control processes.- Support the ongoing training of staff and stakeholders on compliance procedures and security measures.- 5+ years of experience in audit and IT control compliance in a corporate or consultancy environment.- Experience conducting audits in areas such as financial systems, IT controls, and security operations.- Familiarity with regulatory frameworks, including SOX, GDPR, ISO 27001, and NIST.- Experience in identifying, managing, and mitigating security vulnerabilities and ensuring compliance with security processes like patching and risk management.- Strong communication skills, both written and verbal, with the ability to interact with senior management and stakeholders effectively.- Excellent problem-solving abilities and analytical thinking skills.- Detail-oriented and able to maintain accuracy while working with large datasets and complex systems.- Ability to work independently and as part of a team in a fast-paced environment.- Strong organizational skills with the ability to manage multiple priorities and deadlines effectively

Security Risk and Compliance Expert will be instrumental in shaping the global Information Security Management System (ISMS) within our Group Security team. This role involves engaging with various Business Groups and Corporate Functions to identify and manage information security risks, ensuring compliance and enhancing our security posture. Facilitate risk assessments, develop training, and contribute to the continuous improvement of security policies and tools. Enhance the overall security and compliance of services provided to our customers. You have: Master's or bachelor's degree in computer science, security engineering, or equivalent 5+ years of experience in information security in a multinational organization. Solid understanding of information security processes and technologies Practical knowledge of ISO/IEC 27001:2022 standard implementation Excellent documentation and communication skills It would be nice if you also had: Knowledge of security standards like CSA CCM, NIST CSF, NIS2, and SOC2 Experience delivering information security training Familiarity with RSA Archer and Microsoft Power BI or other GRC tools Certifications in information security (e.g., CRISC, CISSP and ISO 27001 LI/LA) Implement and operate the global Information Security Management System (ISMS) to enhance overall security and compliance Conduct risk assessments with global stakeholders to evaluate and report information security risks Develop and maintain the information security risk register, tracking mitigation progress and presenting reports to stakeholders Provide recommendations for security risk mitigation strategies tailored to different business groups Create, update, and maintain ISMS documentation and a repository of reports and audit records Facilitate training sessions to educate employees on ISMS practices and promote a strong security culture Collaborate with cross-functional teams to identify evolving security trends and compliance requirements Contribute to the continuous improvement of Nokia ISMS and related tools, utilizing KPIs to measure effectiveness

Audit Management: Coordinate and support internal and external audits, including evidence collection, control testing, and remediation tracking. Serve as the secondary point of contact for auditors and third-party assessors. Maintain audit logs, findings, and corrective action plans. Compliance Oversight: Monitor and ensure compliance with industry regulations and internal security policies. Map controls and processes to multiple compliance frameworks (e.g., NIST, ISO, SOC 2, HIPAA). Track evolving compliance obligations and help update policies accordingly. Access Management: Support access management processes Coordinate and drive periodic user access reviews. Business Continuity & Disaster Recovery (BCDR) Collaborate with IT, operations, and business units to develop and maintain BCDR plans. Coordinate and conduct periodic BCDR tests, document results, and track corrective actions. Evaluate critical business processes to identify single points of failure and propose continuity strategies. Ensure BCDR plans align with compliance requirements and organizational risk appetite. Maintain an inventory of critical assets and dependencies required for continuity and recovery. Policy Development & Enforcement: Assist in developing, updating, and enforcing information security policies, procedures, and standards. Ensure policies align with compliance frameworks and are effectively communicated across the organization. Documentation & Reporting: Maintain detailed and organized documentation of security controls, evidence, and compliance artifacts. Create reports and dashboards for leadership on compliance status and audit readiness. Other assignments as required to support the security, compliance, and resilience goals of the organization. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Bachelor’s degree in Cybersecurity, Information Systems, Risk Management, or related field. 3+ years of experience in information security, with a focus on compliance and audits. Hands-on experience supporting one or more compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, NIST). Strong understanding of security controls and risk management practices. Strong understanding of network, system, and application security principles. Strong knowledge of risk management principles and audit processes. Excellent analytical, problem-solving, and communication skills. Preferred technical and professional experience Strong attention to detail and organizational skills. Excellent written and verbal communication. Ability to manage multiple audits and compliance initiatives simultaneously. Comfortable working with technical and non-technical teams.

Job Title : IT Audit Compliance Lead Department : Information Technology , No of Vacancy : 1 Location : Thrissur , Kerala Experience required : 8- 13 years Responsibilities : • To drive and supervise IT related audits with internal and external stake holders ensuring successful end to end audit cycle. • Supervise and guide audit team at IT Dept and ensure they meet assigned tasks in prompt and efficient manner. • Managing and coordinating major audits such as RBI CSITE IT Audit, IS Audit (external & Internal), Statutory audit, vendor audits etc. • Coordinating with external auditors on the audits conducted in IT Department and providing responses to audit queries / remarks and providing added evidence requested by auditors. • Conducting discussion on draft audit reports for finalization of the same with the auditors . • Escalating delays in closure/response with SI and other internal or external stake holders. • Participation of various discussions on audit interviews and also on determining closing timelines and methods. • Participating in various committees like IT Steering Committee, ISGC, ACE, on need basis. • Timely provision of ATRs for Committees. • Sending Audit dash boards to top management. • Preparation of vertical related notes to ED and various Committees. • Participating in Regulatory change management meeting with SI for following up of audit related regulatory changes. • Work with IT Leads and Process Owners to step up compliance on audit observations and closing the same. • Responsible for establishing, maintaining, coordinating, and overseeing Audit, compliance with policies and procedures regarding the confidentiality, integrity, and security of information assets. Key Competencies : • Intermediate level knowledge on IT & InfoSec aspects. • Strong knowledge on MS Office package • Data Analysis and Data interpretation skills • Good communication and presentation skills Qualification Required : MCA / B Tech in IT with all round IT exposure of 7+ years Note: InfoSec/ IT-Audit related certifications like DISA, CISA preferred

Perform testing of IT Application Controls(ITAC), IPE, and Interface Controls through code reviews, IT General Controls(ITGC) review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster Recovery Perform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk & Control Matrix. Perform business process walkthrough and controls testing for IT Audits. Performing planning and executing audits, including: Information Security reviews Information Technology Infrastructure reviews Application reviews Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the work to be performed Risk Based IT Internal Audit for Financial Services Entities IT SOX 404 Controls Testing, Quality Assurance Internal Financial Controls related to IT General Controls as part of Financial Statements Audits Business Systems Controls / IT Application Controls Auditing Emerging Technologies such as Cloud Security, Intelligent Automation, RPA, IoT etc. Working knowledge of programming languages(C/C++/Java/SQL)

Overview The Cybersecurity Governance, Risk, Compliance (GRC) Senior Analyst position is responsible for managing risks related to information security, privacy, governance, vendor security assurance, policy, and compliance. Contributes to preserving the high standards of confidentiality, integrity, and availability of EagleView mission-critical information. Conducts Cybersecurity risk assessments, evaluates controls, and provides feedback to management and process owners on the design and effectiveness of control processes. Implements and maintains on-going programs and processes to test the design and operational effectiveness of security controls. Responsible for ensuring IT assurance and compliance related activities are completed in accordance with industry standards and regulatory requirements. The position reports to the Manager, GRC, and is responsible for executing the key functions of information risk management, security compliance, governance, and information security assurance. Primary Responsibilities In these roles, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC team. You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas, projects, or technologies for governance, risk and compliance purposes. You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management. You are expected to work independently while still asking for help on some areas. You are a bridge builder helping to coordinate and bring together various parts of the organization around a common process through the use of tools, and communications channels. Ensure compliance with laws, regulations, and industry standards, and compliance programs (e.g. SOC2, PCI, ISO 27001, NIST 800-X) Create processes to support effective risk identification, evaluation, communication, and remediation Participate in Risk Management Committee meetings Work with risk owners to develop plans of action to reduce or mitigate risks Analyzes security controls for effectiveness of design by evaluation of control documentation and process Analyzes security controls for operational effectiveness by evaluation of control evidence Contribute to corporate information risk management strategy, policies, standards, and tactical plans Contributes to a comprehensive internal security audit program that validates existing security controls Contribute to the company-wide security awareness program and compliance training Coordinate annual enterprise risk assessment and PCI-self assessment activities Ensure all systems, processes, and changes are formally documented Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure security compliance Maintains the Risk Register and support processes to define and measure risks, then plan risk responses with company leadership Ability to work collaboratively with internal and external departments, vendors, and other key stakeholders Skills/Requirements Required Knowledge, Skills and Experience: Bachelor's degree in a technology or business-related field (BSc or BBA preferred) 8 years overall experience in Information Security, Risk Management, or IT audit 5 years of hands-on experience supporting one or more of the following programs: Risk Management Vendor Risk Management Security Audits and Compliance (especially SOC2) Vulnerability Management Understanding of controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls Working knowledge of business and risk assessment methodologies/mitigation strategies using industry standards (e.g., COBIT, ITIL, ISO 27001:2013, NIST, OWASP, etc.) Very high attention to detail, with strong skills in managing/presenting data and information Very strong skills in documentation, including policies, standards, processes and procedures Ability to work independently and productively without constant supervision Critical thinking and analytical ability Excellent verbal and written communication skills Preferred Knowledge, Skills and Experience: Certification such as SANS GIAC, CISA, or CISSP preferred Previous experience in a software development company is preferred Experience using a GRC management platform (e.g. Archer, ZenGRC, etc.)

Role & responsibilities Monitoring Backup jobs training the documentation, and keeping to IT Head approval. Responsible for tracking hardware and software inventory in the ticketing tool. Updating the IT assets Maintaining the labels for all IT assets. Responsible for the Backup Responsible for GMP-related queries and prepared the documentation IT-related bills are filed and kept for approval. PCB-related onsite support and coordinating with vendors supported by the reporting Head. Monitoring and maintaining the CC Cameras infrastructure and escalating to the head if anything is critical. Troubleshooting third-party applications at the Unit level and escalating to the reporting Head to get solutions from 3rd party vendors. Technical Support on Enterprise resource planning (ERP/FOCUS) to End users through (Ticket, Mail, Mobile, and Remote) in Sipra has the following modules: Accounts, Purchase, Sales, Inventory, and Payroll. Conduct training sessions for new and existing users for any developments supported by the IT Head. Knowledge on complete Desktop and Server support. Configuring servers using 2003, 2008,2012, 2016 and 2019. Knowledge on Active Directory services, Installing active directory-Domain controller, group policies and adding Client machines in to AD User administration i.e., setting up user accounts, permissions and passwords Knowledge on remote technical assistance Software installations and configurations. Establishing LAN, adding / removing nodes to / from LAN Working knowledge of MS Active Directory 2012 and 2016 Knowledge on DNS, DHCP & FTP Knowledge on firewalls, routers and switches(Cisco, WatchGuard) Giving complete technical support to all virus-related issues and network related issues Managing email, anti-spam and virus protection. Preferred candidate profile Pharma Experience is must for the candidate. Should have basic understanding for 21CFR and GXP Systems

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. Qualifications: Bachelor s degree in engineering, Computer Science, Information Systems, or a related field with 5-10 years rich working experience and strong understanding of SAP S/4HANA GRC (Governance, Risk, and Compliance) Access Control and Security module for overseeing the implementation, configuration, and management of SAP GRC Access Control and Security solutions within the SAP S/4HANA environment.Ensure the organizations access control and security processes align with regulatory requirements and industry best practices.SAP S/4HANA GRC Access Control: In-depth knowledge and hands-on experience with SAP GRC Access Control module, including role management, user provisioning, access request management, and access risk analysis.Segregation of Duties (SoD): Expertise in SoD concepts, methodologies, and tools. Ability to design and implement SoD rules and controls within SAP GRC Access Control.Regulatory Compliance: Understanding of regulatory requirements and standards, such as GDPR, SOX, and industry-specific regulations. Knowledge of controls and processes to ensure compliance with these requirements.Security Administration: Proficiency in SAP S/4HANA Fiori security administration activities, including user account management, role management, and access provisioning Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their colour, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability, or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavour for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Solution Design: Collaborate with stakeholders to understand business requirements and design SAP GRC Access Control and Security solutions that meet regulatory compliance and risk management objectives.Access Control Implementation: Implement and configure SAP GRC Access Control module, including role management, user provisioning, access request management, and access risk analysis.Segregation of Duties (SoD) Management: Design and implement SoD rules and controls within SAP GRC Access Control. Perform SoD analysis to identify and remediate conflicts in user access and ensure compliance with regulatory requirements.Security Administration: Proficiency in SAP ECC, SAP GRC, S/4HANA Fiori security administration activities, including user account management, role management, and access provisioningRisk Assessment and Mitigation: Perform risk assessments to identify potential security risks and vulnerabilities within the SAP landscape. Develop and implement mitigation strategies to address identified risks.Compliance and Audit Support: Ensure compliance with relevant regulations, such as GDPR, SOX, and industry-specific requirements. Support internal and external audits by providing necessary documentation and evidence of compliance.

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. Qualifications: Bachelor s degree in engineering, Computer Science, Information Systems, or a related field with 5-10 years rich working experience and strong understanding of SAP S/4HANA GRC (Governance, Risk, and Compliance) Access Control and Security module for overseeing the implementation, configuration, and management of SAP GRC Access Control and Security solutions within the SAP S/4HANA environment.Ensure the organizations access control and security processes align with regulatory requirements and industry best practices.SAP S/4HANA GRC Access Control: In-depth knowledge and hands-on experience with SAP GRC Access Control module, including role management, user provisioning, access request management, and access risk analysis.Segregation of Duties (SoD): Expertise in SoD concepts, methodologies, and tools. Ability to design and implement SoD rules and controls within SAP GRC Access Control.Regulatory Compliance: Understanding of regulatory requirements and standards, such as GDPR, SOX, and industry-specific regulations. Knowledge of controls and processes to ensure compliance with these requirements.Security Administration: Proficiency in SAP S/4HANA Fiori security administration activities, including user account management, role management, and access provisioning Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their colour, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability, or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavour for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Solution Design: Collaborate with stakeholders to understand business requirements and design SAP GRC Access Control and Security solutions that meet regulatory compliance and risk management objectives.Access Control Implementation: Implement and configure SAP GRC Access Control module, including role management, user provisioning, access request management, and access risk analysis.Segregation of Duties (SoD) Management: Design and implement SoD rules and controls within SAP GRC Access Control. Perform SoD analysis to identify and remediate conflicts in user access and ensure compliance with regulatory requirements.Security Administration: Proficiency in SAP ECC, SAP GRC, S/4HANA Fiori security administration activities, including user account management, role management, and access provisioningRisk Assessment and Mitigation: Perform risk assessments to identify potential security risks and vulnerabilities within the SAP landscape. Develop and implement mitigation strategies to address identified risks.Compliance and Audit Support: Ensure compliance with relevant regulations, such as GDPR, SOX, and industry-specific requirements. Support internal and external audits by providing necessary documentation and evidence of compliance.

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment Job Summary Projects in Role Governance would include Identity Access Governance (IAG) assessment, Role based Access control (RBAC) design and functional assistance in IAG solution implementation along with providing services to run IAG operations for client organizations. A bachelor s degree in engineering and 3-5 years of related work experience; or a master s or MBA degree in business, computer science, information systems.Knowledge of access management concepts and technologies such as single sign on (SSO), multi-facto authentication (MFA) mechanism.Exposure to internal audits, compliance assessments, and regulatory reporting related to access control.Exposure to automation data analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantageFamiliarity with ERP systems, financial applications and other business systems.Understanding of RBAC and SOD principles and risk management practice.Knowledge of IT security concepts and access management tools.Sector specific knowledge such as FS (banking/NBFC) is an added advantage.Proficiency with Microsoft Word, Excel and other MS Office toolsProfessional certifications (e.g., CISA, CISM, CISP or IAM-Specific certifications) can be advantageous and preferred.A team player and strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their colour, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability, or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavour for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Participate in client meetings and discussions to understand user life cycle processes for access management and determine IAG maturity in their environment.Demonstrate knowledge on RBAC and segregation of duties principles and conduct meetings with client stakeholders, to perform identity and access assessments and design RBAC including Access Control Matrices (ACM) and Segregation of Duty (SoD) Matrix.Collaborate with stakeholders to evaluate SOD conflicts in consultation with Business teams to resolve identified conflicts and/or implementing mitigating controls to address risk.Assistance in formal evaluation of potential IAG solutions depending on various identity needs of clients.

Manage internal/external audits (ISO, SOC 2), handle client questionnaires, ensure security compliance (ISO 27001, NIST), coordinate audits via OneTrust, test controls, review policies, and support InfoSec risk, GRC, and compliance processes. Required Candidate profile Looking for 8–12 yrs exp in InfoSec audits, ISO 27001, NIST, client questionnaires, OneTrust GRC, control testing. Good to have CISSP/ISO certs. Shift: 2–11 PM,

To drive and support the business change activities required to underpin Shell s Audit simplification agenda. Shell is focused on aligning and simplifying Internal audit to increase business value which will drive significant and ongoing change in all parts of the business, supporting the business growth agenda. The role is delivery focused and will lead Audit -driven business change in a programme or project environment. T he primary purpose of the role is to: Work on IT Audit and related services like control testing (ITGC / SOX) and SOP designing. Support in reviews of audit processes like IT Audit, ITGC, ISO27001 and SOX audit. Work on Change Management, Incident Management and user access control. Technical Skills Experience Individual contributor in an Audit team handling a project pertaining to a client. Able to understand procedures to be followe'd for execution documentation of below projects: o ITGC Audit. o SOX audit. o Change Management Soft Skills Experience High delivery impact in IT Audit activities Process knowledge of business functions Understanding of Audit approaches Proven track record of building strong stakeholder relationships at different organizational levels Able to produce high quality deliverables and activities Resilient and able to manage challenges in variety of work / sectors Results/outcomes-oriented way of working Confident and able to work in any type of work environment Excellent oral and written presentation skills Qualification: BTech, BCA Graduate or any computer science graduate with 1-3 years of ITGC experience. Certifications in IT audits and ISO27001 would be preferred Selection Process: 2 rounds of technical interview followe'd by business head and ICOE round for culture fitment.

Qualification: BTech, BCA Graduate or any computer science graduate with 1-3 years of ITGC experience. Certifications in IT audits and ISO27001 would be preferred Overview To drive and support the business change activities required to underpin Shell s Audit simplification agenda. Shell is focused on aligning and simplifying Internal audit to increase business value which will drive significant and ongoing change in all parts of the business, supporting the business growth agenda. The role is delivery focused and will lead Audit-driven business change in a programme or project environment. The primary purpose of the role is to: Work on IT Audit and related services like control testing (ITGC / SOX) and SOP designing. Support in reviews of audit processes like IT Audit, ITGC, ISO27001 and SOX audit. Work on Change Management, Incident Management and user access control. Technical Skills Experience Individual contributor in an Audit team handling a project pertaining to a client. Able to understand procedures to be followe'd for execution documentation of below projects: o ITGC Audit. o SOX audit. o Change Management Soft Skills Experience High delivery impact in IT Audit activities Process knowledge of business functions Understanding of Audit approaches Proven track record of building strong stakeholder relationships at different organizational levels Able to produce high quality deliverables and activities Resilient and able to manage challenges in variety of work / sectors Results/outcomes-oriented way of working Confident and able to work in any type of work environment Excellent oral and written presentation skills

Summary -To provide expert advice to superiors for a sub-area within FSC and related key activities; to ensure compliance with external and internal accounting reporting requirements in a timely and accurate manner. About the Role About the role: Novartis being a public company and SEC registrant has established SOX internal control system in order to provide reasonable assurance to the Group s management and Board of Directors regarding the reliability of financial reporting and the preparation of its financial statements. The Senior Consultant ERP Assurance is a member of a global team of IT assurance experts who play a critical role in designing and assessing efficiency of IT Application Controls across the company s IT landscape. This team plays a pivotal role and is exposed to senior stakeholders at all levels, both internal and external. Key responsibilities: You will play an important role as an experienced ERP assurance professional You will be part of a global team of IT Application Controls experts Provide assurance in the areas of ERP systems (eg SAP, others) Identify process and IT controls improvement opportunities and drive implementation Test IT application controls - Reports, Interfaces, Fully Automated Controls etc, ensuring SOX compliance and reliability Participate in IT risk assessments Collaborating with IT Application Owners and Business Process Owners in helping to identify SOX relevant IT Applications and Infrastructures You will support identification and testing of IT application controls when implementing a new ERP system or upgrades You will advise on ITACs structure by understanding the end-to-end processes, IT environment and data context to resolve right mix of preventative and detective controls based on automation and data analytics You will collaborate with teams from all over the world Essential Requirement: University degree (university or college) in economics, business informatics or computer science with a demonstrated track in IT Audit or Internal Controls in any of Big 4 preferably A minimum of 4 years experience in auditing ERP systems (ideally SAP systems), IT environments and (automated) business process controls Experience in performing IT audit or review engagements (focus on ITACs), including a solid understanding of external audit approaches, concepts, methodology Good teammate with the ability to collaborate closely with both technical and business contacts An entrepreneurial and structured attitude as we'll as a result oriented and collaborative approach to work Exceptional communication, presentation, and business writing skills in English Desirable Requirements: Ability To Influence Key Stakeholders. Critical Thinking. Process Optimization.

Responsibilities: * Finalization of books of accounts * Independently handle statutory audits and IT audits of Companies, LLP etc. * Independently handle IT return filing * Perform GST reconciliations and GST annual return filing.

Who we are About the role: We are seeking an experienced Assistant Manager, Technology Internal Audit to be part of our growing Internal Audit (IA) team based in Bengaluru, India. This person should have a motivated and agile mindset, with experience performing technology-risk based audits and SOX ITGCs. The broader Internal Audit & Risk Governance team focuses on providing risk assurance and business insights through audit and operational projects that identify opportunities for management to enhance risk management, controls posture, and improve business operations. We strive to provide value to our stakeholders, insights to the Audit Committee/Board and help management to achieve their strategic goals while mitigating risks and maximizing opportunities. Focus areas include enterprise risk, internal controls, financial reporting, risk governance, business processes, and technology related risks. The Assistant Manager, Technology Internal Audit, will play a key role in executing technology internal audits and SOX ITGC testing, communicating results and identifying pragmatic observations and recommendations to make Samsara s technology related processes and controls more effective. The scope includes working closely with business stakeholders across the company (in key technology-focused areas) to provide independent insights to address risk gaps and improve maturing areas in Samsara s technology, cybersecurity, and compliance risk areas. You should apply if: You want to impact the industries that run our world: Your efforts will result in real-world impact helping to keep the lights on, get food into grocery stores, reduce emissions, and most importantly, ensure workers return home safely. You are the architect of your own career: If you put in the work, this role won t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development, countless opportunities to experiment and master your craft in a hyper growth environment. You re energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers. You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-calibre team that will encourage you to do your best. In this role, you will: Develop, execute, and lead internal audit projects that provide effective coverage over technology, security, compliance, and other relevant risks and controls (e.g. enterprise security, IT strategy & operations, SaaS secure development lifecycle) Manage the execution of technology risk-focused IA projects, including identification of observations, communication to key stakeholders, and formal reporting of results to IA leadership and management Own and drive the SOX IT General Controls testing effort including coordinating and overseeing activities of the SOX ITGC testers, including outsourced vendor, and manage their delivery schedule including quality review of all their testing work-papers. Drive improvements in the SOX process, including implementing best practices, improving documentation, and driving consistency across the business Build and maintain relationships with key partners and collaborators across the business in technology-risk relevant teams (e.g. IT , Security, R&D functions) Champion, role model, and embed Samsara s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) as we scale globally and across new offices Minimum requirements for the role: 6+ years of relevant IT audit / risk / security / compliance (SOX) experience in an internal role or consulting, including experience leading others in these areas Working experience leveraging SOX ITGC, cloud security, and IT governance frameworks (e.g. COBIT, NIST, ISO 27001, SOC 2 etc.) Strong verbal and written communication skills, with the ability to effectively communicate to senior executives Working experience leveraging AI tools in audit or risk-related processes (such as testing, automating workflows, etc). Strong project management skills with the ability to juggle multiple work efforts, be agile and adapt quickly to changing needs An ideal candidate also has: A bachelor s degree or equivalent in relevant fields of study - Information Systems, Computer Science, Engineering/Technology, Accounting, or other related fields is desirable Relevant professional certification(s) such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Chartered Accountant (CA) or other technology / audit-related certifications Working experience executing technology risk-related security assessments and/or advisory engagements, including delivery of results to management and monitoring progress/completion of management action plans #LI-Onsite .

Role & responsibilities Strategic Planning Create forward looking view of what the strategy should be with regard to Risk & Control in AM IT Relationship management Build and maintain relationships within WPB Cyber, CCO tech, ITSO, AM CITRO, Risk and Control Organization, ITID and 2nd line risk Knowledge Drive culture change around Risk & Control Consult on technology projects, providing support during IT audits Share best practice with the WPB Risk and Control Organization Provide guidance and help to IT delivery teams regarding security solutions to enable faster delivery of IT Systems Collaborating with IT development teams and other teams working closely in a DevOps and agile development processes Support the Safe and Secure development framework ensuring developers are coding in-line with security standards, practices and industry best-practice Stakeholder Management/Governance Partner with the AM business and Risk Functions to promote and provide support to relevant policies, standards and governance within AM IT Provide regional stakeholder updates with respect to global IT Control uplift programs Support IT engagement with internal / external / client audit and Regulatory Exams, including oversight of field work, collation of artefacts and partnership with CCO tech to remediate issues Attend relevant governance forums and where applicable provide appropriate MI Prepare the RCMM deck Communicate residual risk through reporting, business governance processes and forums Preferred candidate profile Partner and contribute to the risk & control agenda for AM IT Delivery of risk & control projects and programmes for AM IT Assist service owners in responding appropriately and effectively to firm-wide risk, cyber, internal, and external audits Contribute in evidence collection in delivery of external audits Partner with service owners, AM CITRO and 2nd line risk to identify and assess controls, determine mitigating actions and remediation activities, and understand the overall risk profile Advocate and support initiatives to improve accuracy across all Enterprise Golden Source data repositories Provide technical knowledge to support secure development of applications and remediation programs Provide visibility of status of action plans and external/internal audit issues Coordinate response to ICMP testing Support in mitigation of Risk Issue and Action Plan. Challenge where appropriate, decisions made on control implementation Review allocation of issues to AM IT and agree categorization of high/medium/low with audit and CCO tech Approve the raising and closure of regional IT issues, action plans, but look to automate process Fulfil DBIRO responsibilities for AM IT Advocate security policies and standards to wider IT team Support new IT projects with initial risk assessment, providing consultancy and guidance on controls and policies. Support where necessary key WPB security uplift initiatives Contribute to review of security standards and procedures Providing support for automated application security tooling working with Cybersecurity as necessary Interpret and advise on the results from security testing to both technical and non-technical audiences

Role Purpose The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFP’s received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the client’s need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: ForgeRock Identity Manager. Experience8-10 Years.