117 It Risk Jobs

About the Role: Core Responsibilities: Plan, execute, and report on internal IT audits. Evaluate the effectiveness of IT controls, identify risks, and provide recommendations for improvement. Conduct regular access reviews to ensure that users have appropriate access levels based on their roles. Evaluate the effectiveness of access controls in safeguarding sensitive information. Recommend improvements for identity and access management (IAM) processes. Perform internal risk assessments to identify vulnerabilities and ensure timely mitigation strategies. Work closely with IT, legal, and business teams to address audit findings and track remediation efforts. Preference and Experience: The candidate must have experience in IT auditing, IT risk management, or related fields. Proficiency in compliance with frameworks like ISO 27001, SOC 2, PCI DSS, ITGC, or other relevant standards. Hands-on experience conducting on-site and remote assessments of third-party vendors to evaluate their security posture and related controls. Proficiency in MS Office Suite with experience creating and presenting dashboards and reports. Must be CISA certified. Must have the capability to represent the audit reports to Management. Stay updated on the latest developments in IT audit and compliance practices. Comfortable traveling for on-site visits to the client side for audit purposes.

: Job Title Risk & Control Specialist, AVP LocationBangalore, India Role Description Risk, Finance, Treasury (RFT) Technology is the technology partner to the CRO (Chief Risk Office) and CFO (Chief Financial Office) divisions. The Chief Risk Office is responsible to identify, aggregate, manage and mitigate Financial and Non-Financial risks and includes Market & Valuation Risk Management (MVRM), Credit Risk Management and Non-Financial Risk Management (NFRM). The Chief Finance Office includes Finance and Treasury and is responsible for a broad range of activities designed to ensure the financial and regulatory integrity of the Deutsche Bank Group including official production of PnL, Financial control, Group & Local Financial Reporting, Capital Management, Balance Sheet Management and Planning, and Liquidity & Treasury Reporting and Analysis. RFT Technology support the definition of the IT strategy and provision of solutions to allow CRO and CFO to manage all aspects of the Risk and Finance processes. Over the last couple of years, the regulatory landscape and associated demand to meet the mandated regulatory standards and reporting expectations has exponentially increased in complexity requiring Deutsche bank to significantly invest in its infrastructure and platform capability. The Risk and Control Specialist role supports RFT Technology Management managing all aspects of the Audit lifecycle. This includes (i) ensuring all identified risks (Audit Findings) and proactively managed and closed on time and (ii) identifying and assessing risks and their impact (self identified issues), planning remediation actions, and monitoring and reporting of their progress. The role requires strong stakeholder engagement, including close interaction with the Divisional Risk Leads, Regional leads, 2LoD such as Non-Financial Risk Management (NFRM) and 3LoD Group Audit as well as the groups frontline technology groups. This will include Chief Information Officers (CIOs), Development & Infrastructure Leads, Programme managers, Architects, and Production Support areas This is an exciting opportunity for a high-performing and motivated individual who is looking to contribute to the banks priority to reduce risk in a sustainable way. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Managing findings life-cycle events (e.g. closures, risk downgrades, risk acceptances) with finding owners/ risk leads to ensure they are addressed, appropriately documented within agreed timelines. Collaboration with internal teams to educate and promote Risk and Controls standards, Finding Management Procedure and Central Function checkliststo ensure successful handling oflife cycle events Understand and advocate DB Policies, Procedures, Controls and standards, Finding Management Procedure and Central Function checkliststo ensure successful remediation and handling oflife cycle events with stakeholder Coordinate with Portfolio Owners/risk leads for the upcoming audit schedule and request if any potential SIIs are to be raised for the audit scope. Conduct reviews of all Life Cycle Events before submission to CAF (Central Approval Function), assist with edits to improve quality of documentation Participate in Risk and Control meetings with Portfolio owners / CIO-1 totrack and review the status of remediationagainst risk topics Coordination and management with Portfolio Owners/Delegates, Embedded Risk Team (ERT), Control Owners, CAF members & collaboratively work together to ensure Risk is addressed in a sustainable way, be able to troubleshoot to eliminate blockers. Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums. Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present self-identified findings and proposals for risk mitigation Your skills and experience Overall 8+ years of experience in any of the SDLC/STLC engagement and minimum 2 years on risk and audit related experience in IT Risk. Previous experience with IT risk assessment, audit, controls validation and emerging risk identification. A strong team player who can collaborate with people at all levels in a global matrix organization The ability to manage multiple tasks and efficiently prioritize workload with limited supervision and resilient under pressure. The ability to quickly build a network across RFT and among subject matter experts. Strong analytical and problem-solving skills to evaluate risk Result oriented and ability to deliver under tight timelines. Excellent communication, both written and verbal Desire to learn about new and emerging technologies and continuous upskilling. Must be comfortable with navigating ambiguity to extract meaningful risk insights. Ability to assimilate large quantities of information in short periods of time. How well support you . . .

Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Planning, conducting walkthroughs, drafting process understanding and relevant controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Documenting and Reviewing Test of Designs and Test of Effectiveness controls. Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., Validations of audit issues. Conducting special reviews. What will you need to know: Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, drafting skills, communication, and interpersonal skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.)

- Act as the primary support contact for payment partners (e.g., Payfacs, ISOs). - Handle inquiries related to settlements, transaction statuses, integration, and account settings. - Troubleshoot issues related to transaction processing, reconciliations, chargebacks, and payout delays. - Support partners with onboarding processes, including technical integration (API or host-to-host integrations). - Guide partners through KYC documentation processes and regulatory compliance requirements. - Monitor payment flows and flag any inconsistencies or performance degradation across payment channels. - Deliver periodic performance and transaction reports to partners. - Work closely with product, risk, finance, and engineering teams to enhance partner experience and provide feedback. What you will need to have: - 5+ years of experience in payment operations or financial services. - Strong understanding of payment flows and industry standards (e.g., 3DS, PCI-DSS, chargebacks). - Familiarity with payment gateways, acquiring, issuing, and payment APIs. - Experience with support tools and reporting tools. - Bachelors degree in a relevant field or an equivalent combination of education, work, and/or military experience. What would be great to have: - 7+ years of relevant experience in payment operations. - Proven track record of managing SLAs and prioritizing tasks. - Ability to stay composed under pressure and manage multiple projects simultaneously. - Excellent communication and problem-solving skills.

Provide guidance and direction to the planning process and the execution of fieldwork such as overseeing interviews and walkthroughs, reviewing materials, the design and execution of audit testing, analyzing results, drawing conclusions within the allotted time scheduled. Manage the audit lifecycle, staffing, scheduling, methodology and approach to testing and fieldwork and finally, the quality and timeliness of all work products you oversee. You will be expected to provide weekly, monthly, or periodic status reporting and work with the CAAS leadership team to ensure the appropriate allocation and assignment of resources. Assist the Audit Director in the development and mentoring of Senior and Staff Auditors by providing regular and timely feedback regarding their execution of tasks performed during each audit engagement and their overall performance. What you will need to have: 7+ years of audit experience applying Auditing principles, methodology and standards in a risk-based environment across a variety of audit areas at varying degrees of complexity 5 + years of financial services industry experience and/or experience working in a public accounting firm 2+ years of experience managing other professionals Active professional Audit certification such as CPA, CIA, CISA, CFE Bachelors degree or an equivalent combination of education, work, and/or military experience What would be great to have: Experience working with risk assessment methodologies, control activities, control monitoring, control evaluations and measurement of control effectiveness in accordance with regulatory compliance requirements such as corporate governance, consumer protection, AML/CTF and Financial Crimes, data protection/data privacy, ethics or conduct risk Important info about this role: Were better together. This role is fully on-site. This is a full-time, direct-hire position, and no contract options for unsolicited agency submissions will be considered.

Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Planning, conducting walkthroughs, drafting process understanding and relevant controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Documenting and Reviewing Test of Designs and Test of Effectiveness controls. Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., Validations of audit issues. Conducting special reviews. What will you need to know: Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, drafting skills, communication, and interpersonal skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.)

Project Management Working as a team leader & resource management. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Conduct comprehensive Cyber and Technology controls audits, IT General controls (ITGC) audits. Planning, conducting technology domain/controls related walkthroughs, drafting, and reviewing process understanding and its controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Reviewing Test of Designs and Test of Effectiveness controls Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Validations of audit issues. Conducting special reviews / investigations. Carrying out audit planning including scheduling and resource allocation Conducting discussions with Management representatives on the audit observations/ findings and preparation of Audit Committee Submissions. Conducting internal staff trainings Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., What will you need to know: Experience: At least 5 years of managerial experience (overall 10 years of IT Audit experience) in the areas of IT Internal Audit, ITGC, Cyber security, Infrastructure/Network, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Should possess strong understanding, capability and skillsets in auditing IT controls, IT risk mitigation and technology related processes reviews. Should be proficient and have good knowledge in testing IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, team management and drafting skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.)

Job Posting Title: Internal Audit IT Location: Thane What does a successful Internal Audit IT do at FISERV? Efficiently manage and conduct the audit projects as per The Institute of Internal Auditors standards and in accordance with Fiserv global Internal Audit framework and methodologies. What will you do: Project Management Working as a team leader & resource management. Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas Conduct comprehensive Cyber and Technology controls audits, IT General controls (ITGC) audits. Planning, conducting technology domain/controls related walkthroughs, drafting, and reviewing process understanding and its controls. Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls Reviewing Test of Designs and Test of Effectiveness controls Perform analytical procedures/analysis to test the effectiveness of controls. Document audit procedures and cross reference working papers. Create management representation letter comments and recommendations and draft audit reports for management review. Validations of audit issues. Conducting special reviews / investigations. Carrying out audit planning including scheduling and resource allocation Conducting discussions with Management representatives on the audit observations/ findings and preparation of Audit Committee Submissions. Conducting internal staff trainings Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., What will you need to know: Experience: At least 5 years of managerial experience (overall 10 years of IT Audit experience) in the areas of IT Internal Audit, ITGC, Cyber security, Infrastructure/Network, Compliance & Risk Advisory services preferably in Banking and Financial services domain. Should possess strong understanding, capability and skillsets in auditing IT controls, IT risk mitigation and technology related processes reviews. Should be proficient and have good knowledge in testing IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. Good client interfacing skills, team management and drafting skills. Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.) What would be great to have: Desired certifications: CISA / CISSP / CISM / CCNA certified professionals Qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree]

We are seeking an experienced Senior Information Security Manager to lead our security initiatives and ensure the integrity, confidentiality, and availability of our systems and data. This role is crucial in safeguarding our digital assets and maintaining compliance with industry standards. 1.Should take care of Infosec functions by coordinating with various stakeholders 2. Lead and manage Vulnerability Assessment (VA) and Penetration Testing (PT) programs end to end. 3. Should have technical hands-on knowledge on different VAPT tools, like Qualys, Tenable, BurpSuite, Checkmarx etc. 4.Ensure all cyber security compliance directions issued from time to time by the regulator 5.Coordination with SOC, Technology team to follow up the incidents till closure 6.Follow escalation matrix for delayed issues 7.Assist in Internal and External Audits (Regulatory) and work towards closure of observations if any 8. Should have project management espouse, to run the security PMO for ensuring the multiple initiatives with internal / external teams, vendors, and regulators. 9. Prepare and review new/existing policies, procedures, and secure configure/ hardening documents. 10. Should possess technical skills and knowledge to handle/manage security solutions if required 11. Exposure to Cloud Environment 12. Knowledge of Application Security is a plus. Qualifications and Experience: 1. 15-18 years of experience in security management. 2. Strong understanding of security best practices, frameworks, and security technologies. 3. Proven experience in managing VA, PT, Patch Management, and Audit processes. 4. Familiarity with regulatory requirements and compliance standards (e.g., RBI, SEBI). 5. Demonstrated experience in project management, including planning, execution, and stakeholder management. 6. Excellent communication, interpersonal, and leadership skills. 7. Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Masters degree or relevant certifications preferred.

About Us: Paytm Money is a leading digital investment platform dedicated to providing secure and innovative financial solutions to our users. We prioritize the protection of our customers' data and assets through robust security practices. Role Overview: We are seeking an experienced Information Security Manager to lead our security initiatives and ensure the integrity, confidentiality, and availability of our systems and data. This role is crucial in safeguarding our digital assets and maintaining compliance with industry standards. 1.Should take care of Infosec functions by coordinating with various stakeholders 2.Drive VAPT activity end to end 3.Attend all cyber security compliance directions issued from time to time by the regulator 4.Coordination with SOC & CISO team to follow up the incidents till closure 5.Follow escalation matrix for delayed issues 6.Assist in Internal and External Audits (Regulatory) and work towards closure of observations if any 7. Prepare and review new/existing policies, procedures 8. Should possess technical skills and knowledge to handle/manage security solutions if required 9. Exposure to Cloud Environment 10. Knowledge of Application Security is a plus. Qualifications: * Experience: 7+ years of experience in information security or related fields, with a proven track record in managing security programs. * Technical Skills: Strong understanding of security frameworks, tools, and technologies, including firewalls, intrusion detection systems, and encryption. * Certifications: Relevant security certifications such as CISSP, CISM, or equivalent are highly desirable. * Analytical Skills: Excellent analytical and problem-solving skills to assess complex security issues and develop effective solutions. * Communication: Strong communication skills to effectively convey security concepts and collaborate with cross-functional teams. * Education: Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field. Masters degree or relevant certifications preferred. What We Offer: A dynamic and innovative work environment. Opportunity to make a significant impact on the security landscape of a leading fintech platform. Competitive salary and comprehensive benefits package.

We are seeking an experienced Director of Cyber Defense to lead and enhance ourorganization s cybersecurity capabilities. This role is responsible for overseeing the Security Operations Centre (SOC), Attack Surface Management, Incident Response and Crisis Management, and Dark Web Monitoring. The ideal candidate must have solid Cyber Defense practitioner experience and a proven track record of 15+ years in Cyber Security, with 5+ years leading cybersecurity teams and driving strategic security initiatives. Key Responsibilities Lead and mature the 24/7 Security Operations Centre (SOC) to detect, analyze, and respond to cyber threats in real-time. Establish playbooks, escalation procedures, and cross-functional coordination for handling critical security incidents. Dive deep into technical aspects of escalated incidents, in partnership with other Cyber Defense leads and cross functional peers Direct Incident Response (IR) and Crisis Management efforts, ensuring rapid containment, mitigation, and recovery from cyber incidents. Lead forensic investigations and post-incident reviews to improve security posture and prevent recurrence. Oversee Attack Surface Management to continuously assess, monitor, and reduce the organization s exposure to cyber risks. Oversee Dark Web Monitoring initiatives to identify and assess leaked credentials, insider threats, and external attack indicators. Collaborate with Threat Intelligence teams to track adversary tactics, techniques, and procedures (TTPs). Develop and execute a Cyber Defense strategy, aligning security operations with business objectives. Manage, mentor, and grow a team of cybersecurity professionals across SOC and Cyber Defense functions. Partner with IT, Risk, Legal, and Compliance teams to ensure alignment with security frameworks and regulations. Present key cyber risk metrics, threat trends, and program updates to executive leadership. Qualifications Experience 15+ years of overall experience including 5+ years leading cybersecurity teams in SOC and/or Cyber Defense Strong leadership and crisis management skills with experience handling major security incidents and executive-level communications. Deep expertise in MITRE ATTCK, threat intelligence frameworks, adversary emulation, and digital forensics. Proficiency working with cloud service providers such as AWS, Azure, GCP and must be able to demonstrate ability to effectively conduct IR on incidents within these cloud environments Proficiency in SIEM, SOAR, EDR/XDR Experience implementing cyber defense strategies in large-scale enterprise environments. Familiarity with regulatory requirements and compliance frameworks (NIST, CIS, ISO 27001, GDPR, etc). Strong knowledge of offensive security techniques and how to defend against them. Preferred Certifications CISSP, CISM, GIAC (GCTI, GCIH, GCFA, GNFA, GDAT), CCSP, or equivalent. AWS/Azure/GCP Security certifications are a plus

Cyber & Information Security team is seeking a Third-Party Security Analyst. Reporting to the Director of Cyber & Information Security, the analyst will perform third-party security assessments. You will work with a team of professional Security Analysts leveraging Next Gen security tools to perform the full lifecycle of third-party reviews from onboarding to real-time monitoring of vendors and suppliers. Responsibilities, Functions and Duties : - Conduct technical security assessments of third-party vendors, suppliers and partners by reviewing their security controls, adherence to regulations, compliance and contracts. - Analyze third-party security assessment findings and document security risks within the management software for tracking of risk reporting. - Coordinate with various stakeholders to verify and remediate security risk findings. - Develop KRIs and KPIs around third-party risk assessments and the remediation of key findings. - Develop, Update, and Publish Policies and Standard Operating Procedures for third-party risk management. - Continuously monitor for active vulnerabilities and cyber events against our vendors and suppliers. - Participate in third-party cyber incident response by reaching out to impacted vendors and tracking remediation. - Be an ambassador for Cyber & Information Security within Crum & Forster. Requirements Knowledge and Requirements : - Previous experience performing technical security audits or third-party assessments. - Understanding of current Cyber Vulnerabilities & threats. - Knowledge of security assessments (SOC reports, ISO/NIST, vulnerability and pen testing assessments). - Fundamental understanding of system and network security principles and technology. - Ability to interface with a wide audience of technical and non-technical personnel. Cyber 3rd Party Risk Analyst - Ability to prioritize and manage workloads and deadlines. - Excellent written and verbal communication skills. - Self-starter who is motivated and driven to learn. - Bachelors degree in a technical discipline or equivalent experience Preferred Qualifications : - Prior experience and/or certifications in AWS, Azure, and/or GCP. - Experience in performing third-party assessments of SaaS providers and vendors operating in cloud environments. - Experience performing risk assessments. - Any Security focused Certifications. - 3-5 year Cybersecurity related experience.

Information Security Governance Risk and Compliance Associate Manager Job Type: Full Time Reports to: Director of Information Security & IT Governance POSITION OVERVIEW This Information Security GRC Expert Associate Manager contributes to Morae success by implementing, and maintaining people, process and technology-oriented policies, procedures, and controls to ensure ongoing security and compliance of Morae s innovative technology solutions and information assets. As a part of highly skilled Information Security team the role will focus on all areas of information security governance, risk, and compliance for both our corporate IT environment as well as our innovative client technology solutions serving some of the world s largest corporations. The role will concentrate on maintaining both technology and procedural aspects of our ISO27001 and SOC 2 Type II Regimes, Client Security Compliance, Third Party Risk Management, and Staff Security Awareness efforts. In addition, the role will contribute to defining and developing both process and toolsets for Data Classification, Data Loss Prevention, Data Privacy and Data Segregation in our environments. Working closely with Director of Information Security, global security operations and wider technology teams GRC Associate Manager will contribute to development and review of Global Information Security Strategy, IT Risk Registers and support the work of Risk Management Committee. The GRC Associate Manager will be coaching and developing junior members of Information Security GRC team. We are looking strong Information Security expert ready to develop both their technical and GRC skillset to step up their career onto strategic management level. KEY RESPONSIBILITIES: Contribute to maintenance and development of information security systems, policies and procedures through implementation and maintenance of policies and identification of gaps or non-compliance. Assist with the development, implementation, and improvement of the Morae Global technical security processes. Ensuring Morae Global policies, applicable standards, customer requirements and best practices are being followed. Supporting the delivery of information security projects and initiatives. Represent Morae Global in a professional and productive way while delivering the best in service to our clients and during interactions with both clients and suppliers. Supporting the wider information security and technology team on providing a responsive and pragmatic approach to day-to-day security issues and broader strategic initiatives Ensure security documents are controlled, reviewed, and updated in line with various contractual and regulatory requirements. Develop and lead global information security awareness activities. Deliver related security communication across the organisation as required. Capturing evidence to support audit and compliance requirements. Provide support in responding to client security requests and client assurance assessments and audits. Refine and maintain security dashboards and reports to support the production of security metrics and quarterly security reporting. Initiate continuous improvement ideas and suggestions to increase efficiencies. Actively participate in wider, internal, and external information security initiatives. SKILLS/EXPERIENCE: Bachelor s degree and 5+ years of experience of working with security, privacy and legal in a regulated environment. Manage relationships with senior stakeholders in support of technology. Demonstrable experience of implementing ISO27001 and SOC 2 Type II Security compliance frameworks. Demonstrable experience and knowledge of Data Governance, Data Classification, Data Loss Prevention technical and process implementations. Experience in Data Privacy Regulatory Compliance implementations GDPR, POPI, DPDP. Excellent English language written and verbal communication skills. Ability to write clear and concise policy documentation. Strong communication and presentation skills. Collaboration and conflict management skills. Experience in legal sector, eDiscovery and Document Management architecture would be advantageous. Understanding of IT systems and security tools, including methods, procedures, equipment, and software used for delivery. Planning, and strategic management skills. Why Morae? Morae s approach to employee development is unique in the marketplace. At Morae employees are given opportunities to progress at their own pace and to influence the course of their professional growth. This includes having the opportunity to earn a client facing role or even an oversight role within their first year! About Morae: Morae is a dynamic, high-growth organization that provides an integrated suite of solutions to corporate law departments and law firms, and partners with leading software and services providers, both within and outside the legal industry. We are a young company but are made up of seasoned professionals in the legal industry, with a focus on building productive long-term relationships with employees and clients in an environment where collaboration is encouraged, knowledge is shared freely, and diversity of thought, cultures, communities, and points of view is embraced. Our team has the vision to create an effective solution for any business problem and the experience to execute that vision. Learn more at moraeglobal.com. Our privacy policy can be found here https: / / www.moraeglobal.com / privacy-policy .

We are looking for an experienced governance personal in our Information Technology Team. JOB ROLE The IT Governance specialist is responsible for ensuring the effective management and oversight of IT systems, services, and processes within the organization. This includes developing, implementing, and maintaining IT governance frameworks, policies, and procedures to ensure alignment with industry best practices, regulatory requirements, and organizational objectives. Highlights of this role is to ensure the governance across various area for IT functions, e.g. Information Security compliance, Change management, Agreement Tracking, Incident Management, Software License Management, BCP/DR, Obsolescence Tracking, etc. KEY RESPONSIBILITIES Information security and compliance Develop and maintain IT Governance frameworks, policies and procedures 1. Ensure compliance with relevant laws, regulations, and industry standards (e.g. COBIT, ITIL, ISO 27001, ISO 22301, etc.) 2. Conduct risk assessment and develop mitigation plans to ensure IT Systems and services are secure and resilient. 3. Monitor and report on IT governance metrics 4. Facilitate internal audits and external assessments (e.g. ISO 27001, ISO 22301, etc.) 5. Stay up-to-date with emerging trends and best practices in IT governance. Change Management 1. Manage and coordinate changes through the entire change lifecycle (assessment, planning, implementation, and review) 2. Ensure changes are properly assessed, approved, and prioritized before implementation 3. Develop and maintain change management policies, procedures, and documentations. 4. Communicate changes to stakeholders, including IT staff, management and end-users. 5. Ensure change comply with organizational policies, procedures, and regulatory requirements. 6. Collaborate with IT teams, stakeholders, and vendors to ensure smooth implementation of changes. 7. Develop and maintain change management metrics and reports to measure performance and identify areas of improvements Agreement Tracking 1. Maintain centralized repository of agreements, contracts, and licenses 2. Track and monitor agreement renewals, expirations, and terminations 3. Ensure accurate and up-to-date records, including agreement terms, conditions, and obligations. 4. Provide regular reports and insights to stakeholders on agreement status and performance. 5. Identify and alert stakeholders to potential risks, opportunities, and compliance issues. 6. Collaborate with legal, finance and business teams to ensure agreement alignment and compliance 7. Develop and implement agreement tracking processes and procedures. 8. Ensure compliance with organizational polices, legal requirements, and regulatory standards. 9. Conduct regular audits and quality assurance checks on agreement records. Incident Management 1. Lead the response to critical incident management and ensure effective coordination and communication among all the stakeholders and drive incident call, providing clear direction and updates to all involved parties. 2. Collaborate with IT teams, business unites and external vendors to troubleshoot the incidents. 3. Document all incident details, action taken and resolution in the incident management system and maintain the tracker. 4. Conduct root cause analysis for critical incidents and ensure that corrective actions are implemented to prevent the recurrence. 5. Prepare the monthly and weekly reports and share the same with senior management and Internal Audit team. Software License Management 1. Manage software license and ensure compliance with licensing agreements. 2. Track and monitor software usage, identifying areas of inefficiency and waste. 3. Develop and implement strategies to optimize license utilization. 4. Conduct regular audits to ensure software compliance and minimize risk. 5. Collaborate with IT teams to ensure software deployments align with licensing agreements. 6. Collaborate with finance teams to ensure accurate budgeting and forecasting for software licensing. Business Continuity and Disaster Recovery 1. Develop and maintain business continuity and disaster recovery plans. 2. Develop and maintain BCP/DR calendar, collaborate with cross-functional teams to ensure alignment. 3. Develop and maintain crisis communication plans and protocols. 4. Continuously monitor and update plans to ensure relevance and effectiveness Obsolescence Tracking Maintain a database of components and products with potential obsolescence risks. Collaborate with cross-functional teams to develop and implement obsolescence management strategies Provide regular reports and updates to stakeholders on obsolescence risks and mitigation efforts. Develop and implement processes and procedures for obsolescence tracking and management. Collaborate with design and engineering teams to ensure design-for-obsolescence considerations MANDATORY SKILLS REQUIRED Bachelors degree in Computer Science, Information Technology, or related field. Strong understanding of IT governance frameworks, standards, and best practices. Ability to work with complex data and provide actionable insights. Ability to analyze complex technical and business issues and develop effective solutions. DESIRABLE SKILLS Strong understanding of supply chain management, or a related field. Professional certifications (e.g. CISA, CISM, CISSP, COBIT). Experience with change management tools and software (e.g., ServiceNow, JIRA, etc.) Experience with data analysis and reporting tools (e.g. Excel, Tableau, etc.)

The first line Tech Risk function for business divisions CB, IB and Ops at Deutsche Bank sits within the Divisional Control Office. CB and IB front-to-back have the largest footprint as a risk bearing function within the banking divisions, and you will be part of a dynamic team which is consistently in demand for providing insights, assessments and managing Information Technology (IT) and Information Systems (IS) risks on behalf of the business. Divisional Control Office (DCO) team ensures that the division operates with high levels of integrity. It is responsible for supporting the business by developing, implementing and maintaining a risk culture to ensure a strong and sustainable business control environment whilst minimizing risk arising from non-financial risk factors. DCO strategy includes improving the risk management information and strengthening the governance and risk culture and has a functional responsibility for providing a central point of oversight over the Risk & Control Assessments (RCA). This includes supporting the business by driving Risk & Control Assessment specifically focusing on Information Security (IS) / Information Technology (IT) risks in line with NFRM (2LOD) guidelines. RCA is a key component of the bank's non-financial risk management toolkit, to enable the effective profiling, monitoring and management of operational risks. As part of the team, you will join the Banks journey and contribute towards our strategic goal of managing technology risk within appetite whilst enabling adoption of emerging and new technologies for business growth. This role will specifically perform RCAs as related to the IB business. Knowledge of IB products/operations is a big plus Your key responsibilities Collaborate with businesses and support them in conducting Risk & Control Assessments as per NFRM guidelines specifically focusing on Information Security (IS) / Information Technology (IT) risks Analyze contextual data and relevant data triggers and determine or update risk profile, inherent risk, control environment and residual risk ratings along with supporting rationale, liaising with Risk Types SMEs in their business Ability to assess impact of control environment on inherent risk along with documentation of qualitative assessment Participate in 1LoD-led RCA meetings for business to drive the risk discussions, focusing on key or emerging risks that may impact the business Coordinate with businesses/2LoD and assist in 2LoD challenges Prepare RCA reports and obtain business sign-offs Document risk mitigation decisions, if required, with consideration of risk appetite Deliver high quality Global Governance decks and reporting trends to support senior management Your skills and experience CISA/CRISC or relevant security qualifications with experience of Risk & Controls and/or Internal Audit in banking industry covering Information Security (IS) / Information Technology (IT) risks Experience in SOX/ ISO27001 control framework Knowledge related to risk management (including conducting Risk & Control Assessments) and corporate banking products, processes and systems preferred, specifically focusing on Information Security (IS) / Information Technology (IT) risks Proven people management skills with ability to lead activities independently Strong quantitative and analytical skills required to critically evaluate information for key risk assessments Strong project management skills and a proactive team partner Influencing, negotiation skills and stakeholder management expertise Strong verbal and written communication skills Proficiency with automating tasks in Excel to improve efficiency a plus, but not mandatory

RARR Technologies is looking for Controls Advisory - IT Risk - Assistant Manager to join our dynamic team and embark on a rewarding career journey. The Assistant Manager in Controls Advisory - IT Risk is responsible for leading and executing IT risk assessments, identifying vulnerabilities, and developing mitigation strategies to safeguard organizational assets. They oversee the implementation of IT controls aligned with regulatory standards and industry best practices, ensuring compliance across all technology domains. The role involves conducting detailed risk analyses, reviewing system and process controls, and advising senior management on potential threats and control deficiencies. They coordinate with internal audit teams to facilitate audits and remediate findings. Additionally, they develop and maintain frameworks for continuous monitoring of IT risks, foster awareness of IT risk management policies across departments, and stay updated on emerging threats and regulatory changes impacting IT security and controls. The position requires strong analytical skills, leadership capabilities, and a comprehensive understanding of IT governance, cybersecurity, and risk management principles to ensure the organization maintains a resilient and secure technology environment.

The role is to provide both the Business Units and IT Management with the assurance and visibility that IT Controls are executed in a controlled and managed way. In addition to the specific responsibilities detailed below, the successful candidate will be expected to demonstrate understanding in other areas of Risk & Control Management including strategies surrounding Process Engineering, Configuration Management, Change, Incident & Problem Management, Non-Conformities and Corrective Actions Management, Risk Identification and Control, Project Management and Tools and Methods. Responsibilities Direct Responsibilities Conduct periodic controls assessments across process areas in scope. Raise any non-compliance, and follow up of the corrective actions until closure. Liaise with global and local IT control areas to ensure their certification is timely and appropriate. Perform periodic Root Cause Analysis of process issues and non-compliances at Project and Application Domain level. Ensure that the exercise is planned, executed effectively and reported to appropriate level. Participate in minimising production risks and issues, including but not exclusively, by helping to devise, and by implementing, sufficient regular controls. Ensure appropriate escalation to management and/or Permanent Control (or Compliance as appropriate) as soon as an issue is identified. The enforcement of Permanent Controls, providing ongoing risk & controls self-assessment status of the control environment. Contribute all relevant management information (KPIs/KRIs) to the various scope reports/dashboards. Assist with Historical Incident management process, including liaising with various stakeholders involved, root cause analysis and impact evaluation. Contributing Responsibilities Contribute to the upkeep and maintenance of the ISPL Permanent Control Framework Maintaining relevant Operational Permanent Control (OPC IT) processes and procedures Technical & Behavioral Competencies Good knowledge of IT Risk & Audit domain with focus on Internal and/or External Audits. Good understanding of IT Controls Framework and experience executing controls. Understanding of IT Software, IT Infrastructure and IT Service Management domain is a value add. Strong analysis & problem solving skills Structured and methodical mindset Proactive approach with a strong ability to work on own initiative Ownership of work and commitment to delivery Can do attitude Team oriented (both local and global) Good interpersonal and communication skills Big picture awareness make relationships between tactical issues and strategic options Client focused Pragmatic and creative approach Specific Qualifications (if required) Skills Referential Behavioural Skills : (Please select up to 4 skills) Attention to detail / rigor Communication skills - oral & written Personal Impact / Ability to influence Critical thinking Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to manage / facilitate a meeting, seminar, committee, training Ability to understand, explain and support change Ability to develop and leverage networks Ability to develop and adapt a process Education Level: Bachelor Degree or equivalent Experience Level At least 5 years Other/Specific Qualifications (if required) None

Some careers open more doors than others. If you re looking for a career that will unlock new opportunities, join HSBC and experience the possibilities. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. Our GCIO organisation plays a critical role for the bank. This team partners with the businesses to build the platforms, systems, and products that our customers use every day. We keep people s money and data safe, and are at the forefront of driving innovation for our businesses, customers, and colleagues. Principal Responsibilities The IT Risk and Control Manager is to manage the assessments by working with IT teams to ensure accurate and quality information is provided to the Regulators. Manage relationship with CIOs / CISO/ Heads of IT. Function as Risk Point of Contact for CIO , COO, Internal and External Auditors Drive Audit and regulatory planning and execution Liaison with 2nd and 3rd line of defence including IT Security, Operational Risk, Compliance, CISO, Internal Audit etc Drive standardization of collaboration model among IT and Chief Control Office Drive governance and reporting standards. Manage thematic reviews / investigations / compliance reviews in response to internal or external events Engage with the business to identify, measure, mitigate, monitor, and report risk Drive issues and actions management along with remediation activities Improve existing audit planning and execution processes and reporting Improve existing issues and actions mgmt. processes and reporting Perform thematic reviews / investigations / compliance reviews in response to internal or external events To continually re-assess the operational risks inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures, management restructures, and the impact of new technology. Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators. Understands, follows and demonstrates compliance with all relevant internal and external rules, regulations and procedures that apply to the conduct of the business in which the jobholder is involved, specifically Internal Controls and any Compliance policy including, inter alia, the Group Compliance policy. Requirements Engineering Background preferrable 7-8+ years of work experience related to the banking and financial services organization Relevant experience in managing IT risk function Relevant experience in managing audits and facing off the regulators Strong communication, negotiation / influencing and presentation skills Ability to handle crisis situations and take appropriate / timely decisions Ability to work well under pressure with high degree of accuracy Self-driven Overall IT experience across all domains Experience of working within a matrix environment preferred Excellent communication and inter-personal skills, with experience of dealing with executives at all levels Strong team working ethic- actively contributes to the team, leading by example. Helps to maintain a co-operative, conscientious and customer focused environment Self-Motivated and having the ability to work in a highly challenging environment

Audit helps the Board and Executive Management meet the strategic and operational objectives of the DBS Group. We conduct independent checks to ensure that the Group s risk and control processes are adequate and effective. All our team members are highly sought-after professionals who work as trusted advisors to our clients, in all matters related to a company s internal controls. Responsibilities Conduct end-to-end audits of Global Transactions Services (Trade, Cash & Securities and Fiduciary Services) risk, product and processes. Evaluate the design and operating effectiveness of processes and controls and develop appropriate tests to be conducted and ascertain the level of testing of controls required Effective execution audit fieldwork for assigned areas in depth testing, data analytics where applicable Escalate issues appropriately and timely. Ensure concise and clear audit findings and reports are presented on a timely basis. Keep abreast on the development of regulatory, industry and product development through continuous monitoring and auditing. Requirements At least 6 years of relevant auditing experience in Payments, Trade and Custody business &operations and/or with relevant GTS (Trade & Cash) product and operations experience. Strong knowledge on transaction banking products (cash management, trade finance and securities and fiduciary services), and the related operations, regulatory requirements and compliance practices (including FEMA and AML) Reasonable knowledge in Corporate Banking application controls is required. Candidate that can demonstrate auditing knowledge in Corporate banking context will be an added advantage. Should be IT savvy - Knowledge of APIs and data analytics, experience of risk-based auditing and clearly understand the relationship between IT risk and underlying business risk would be beneficial. Candidate must have excellent written and verbal communication skills in English, can communicate with clarity, both orally and in writing, in a logical order and with a structured approach. Ability to multi-task assignments, prioritize workload with limited supervision and be resilient under pressure when faced with tight deadlines. Auditing, Global Transaction Services Cash & Trade KYC/AML Credit Working knowledge of core banking (e.g. Finacle), SWIFT and Digital payment systems will be preferred. CA/MBA (or equivalent) from an accredited college or university (or equivalent) Professional/industry recognized qualifications e.g. ACAMS, CDCS, CFE are highly beneficial.

Position Purpose Located within the RISK Function of BNP Paribas (BNPP), the role of the Data Protection Correspondent (DPC) is to ensure that the components of the operational risk management framework are implemented and operating effectively within ISPL, and to provide RISK ORM management and Business senior management with relevant, synthetic, transparent, exhaustive and consistent information and a front-to-back view of operational risk across ISPL activities. To achieve this objective, this 2nd line of defense (LOD2) role works closely with RISK ORM Regional and Central teams and with ISPL management and stakeholders. The DPC provides expertise on personal data protection related topics in accordance with the relevant RACI. India DPC must assist India Data Protection Officer (DPO) in supervising the compliance of projects and with legal and regulatory personal data protection requirements throughout the APAC region as well as the Groups and APAC personal data protection policies. RISK ORM ISPL mandate is to independently challenge and supervise the operational risk management framework of ISPL activities as described in level 2 procedure Organizational framework and governance for Operational Risk Management & Permanent Control Framework. This includes control framework adequacy checks, independent challenge, proximity with the business and contribution to the sign-off process on key decisions. The DPC is to ensure second level controls by providing the required supervision and assistance to the 1st Line of Defense Due to the global and regional models applied by the BNP Paribas (BNPP) activities outsourced to ISPL, the role covers the contribution as well to reviews, control testing, analysis and reports carried out under the supervision of the APAC DPO Regional teams. Responsibilities Direct Responsibilities To contribute to relevant personal data protection activities realization To guarantee required norms and methods definition and application to a companys good data protection risks apprehension (follow-up of projects, information systems adaptation, declarations conception and maintenance, subcontractors contracts analysis, follow-up on control plans reporting, etc.) To guarantee advice and assistance to strategical program ongoing. To support the implementation of the privacy strategy defined by DPO To assist the DPO in the supervision and monitoring of implementation of the Group's Data Protection policies and guidelines, bearing the local regulatory requirements in mind, to ensure consistency To define action plans and corrections related, and to ensure application of the same To alert DPO when activity is under operational risk (non-appropriateness between needs and resources, etc.), to propose correction solutions and to implement those solutions To contribute to continuous efficiency improvement and to any optimization process. To contribute to operational collaborative activities To support and assist APAC DPO team for control campaigns, typical DPO and RISK ORM activities in BAU (e.g. RCSA check & challenge, data breach assessments, project and third-party risk assessment support see below), but also in case of emergencies and escalated issues To contribute to permanent control actions To contribute to perform LOD2 controls and challenge LOD1 To contribute to perform the check and challenge of the RCSA To contribute to RISK ID exercise To contribute to OR&C report To ensure professional network development To participate in local Data Protection Committees when requested by the DPO To contribute to Internal Control Committee To collaborate with local CROs and RISK teams Contributing Responsibilities To assist the DPO on exchanges with the authorities in charge of the protection of personal data under the responsibility of the DPO To assist the DPO in the supervision and implementation of Privacy by Design principles throughout the lifecycle of all projects, activities, products, services, processes and systems To contribute to role development by validating data protection requirements for new activities, new products, services or specific operations, and to carry technical assistance To receive, process and advise internal and external local solicitations about data protection To receive, process and advise requests from data subjects, subcontractors and partners etc. To itemize existing processes and identify breaches regarding data protection requirements using your broad knowledge on APAC-wide local regulation (at minimum: Indias new DPDPA & GDPR requirements To contribute to perform risk assessment on personal data breaches To assist the DPO in monitoring documentation, e.g. the RoPA (Register of Processing Activities) To contribute to the identification and notification process for data protection violations according to defined procedures and local legal requirements To realize effectiveness for data protection controls and to ensure expected reporting To ensure regular reporting to DPO about the activity To contribute to the creation and implementation of awareness programs and to the promotion of a culture of protection of personal data within the scope of responsibility. * DPO may refer to India DPO or APAC DPO or Business Line DPO as the case may be reflecting a matrix organization while maintaining a direct reporting to the India DPO Technical & Behavioral Competencies Knowledge (Required to exercise the position) Level * To know standards and norms about data protection 1 Know-how (implementation of technics, methods, tools to achieve activities) Level * Technics To know how to assess maturity level of the existing facility about Data Privacy 1 Transverse To have a professional face-to-face or phone discussion with an overseas colleague 1 To prioritize 1 To efficiently manage several topics at the same time 1 To issue advice / recommendation considering every parameter 1 To have an efficient speaking communication 1 Tools To work with BNP Paribas tools (e.g. Data Protection Hub, RISK360) 2 Behavioral and soft skills To efficiently multi-task with topics and maintain attention to detail / rigor 1 To issue advice / recommendation considering all parameters 1 To have efficient communication skills (oral & written) 1 To conceptualize / formalize an idea, a process or a project 2 To work as a team / transversally 1 To identify and analyse risks for the activities that are handled 1 To assess, issue an opinion 1 To deploy a strategy and to define an action plan 2 To animate resources and coordinate their intervention 1 To show diplomacy to allow a message to be heard 1 To show conviction, to generate interlocutors acceptance 1 Being able to anticipate and come up with ideas 2 Creativity and innovation 2 To show discretion about delicate and / or confidential topics 1 Ability to manage conflict 2 To integrate multicultural dimension 1 * Level: Level 1: Deep Level 2: Intermediary Level 3: Basic Specific Qualifications Legal background with IAPP Certification (CIPP/E) or equivalent Skills Referential Behavioural Skills : (Please select up to 4 skills) Communication skills - oral & written Attention to detail / rigor Creativity & Innovation / Problem solving Client focused Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to develop and leverage networks Ability to develop and adapt a process Ability to understand, explain and support change Ability to set up relevant performance indicators Education Level: Bachelor Degree or equivalent Experience Level At least 5 years Other/Specific Qualifications (if required) Business Skills 1. Data Protection 2. Risk knowledge and awareness 3. Risk anticipation 4. Data quality & Security 5. Regulatory 6. Business analytics 7. New Technologies and Digital Law [IT/IP] 8. IT risk and cyber security .

Job Description Summary As part of GEs IT Risk Identity & Access Management team, this individual will contribute to the definition and implementation of the next generation of Identity & Access Management tools and policies across GE. This individual will integrate with new and existing initiatives across GE Digital to drive the IT Risk & Security requirements and policies from design through implementation. Job Description Roles and Responsibilities We are seeking a skilled and motivated Mid-Level Single Sign-On (SSO) Engineer with experience in Ping Identity solutions to join our team. The ideal candidate will have a strong background in identity and access management (IAM) and be proficient in implementing and managing SSO solutions. Education Qualification Bachelors Degree in Computer Science or STEM Majors (Science, Technology, Engineering and Math) with advanced experience. Responsibilities: Develop, engineer, integrate, and implement single sign-on solutions using Ping Identity products (PingFederate, PingID, PingAccess). Design and maintain SSO configurations and policies to ensure secure and seamless access to applications. Collaborate with cross-functional teams to gather requirements and deliver SSO solutions that meet business needs. Troubleshoot and resolve issues related to SSO and IAM systems. Monitor and optimize the performance of SSO solutions. Stay updated with the latest trends and technologies in IAM and SSO. Requirements: Bachelors degree in Computer Science, Information Technology, or a related field. 3-5 years of experience in IAM and SSO technologies, with a focus on Ping Identity solutions. Proficiency in authentication protocols such as SAML, OAuth, and OpenID Connect. Experience with Active Directory Federation Services (ADFS) and other federation services. Strong problem-solving skills and the ability to work independently and as part of a team. Excellent communication skills and the ability to explain technical concepts to non-technical stakeholders. Preferred Qualifications: Experience with multi-factor authentication (MFA) solutions. Knowledge of cloud-based IAM solutions. Certification in Ping Identity products. Inclusion and Diversity GE HealthCare is an Equal Opportunity Employer where inclusion Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership - always with unyielding integrity. Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you d expect from an organization with global strength and scale, and you ll be surrounded by career opportunities in a culture that fosters care, collaboration and support. Relocation Assistance Provided: No

Cyber Security Auditor Location: Mumbai Leading Bank Work From office mail at manjeet.kaur@mounttalent.com whatsap at 8384077438 Roles and Responsibilities 4 years of experience (upto 12 yrs.) in the field of information security operations, Information System Audits encompassing experience into any of the Banking Technologies Domains Application Security, Database management and administration, / Network security and SOC / Payment systems in addition to IT General controls (ITGC). Exposure to the Banking / Finance / Payment industry domains would be preferrable. Hands-on experience in the following areas: Writing Information security policies, procedures, and processes Conducting risk assessment covering Cyber Security domains as noted below: Application Security: Mobile application assessment, OWASP security practices for applications, VA/PT/AppSec, source-code review, black/grey/white box testing, application SDLC, Strong knowledge of programming languages for applications. Database Security: Database administration and management - Oracle, MS SQL etc., Database Activity Monitoring tools, data security and localization. Payments Systems Security: Understand payment systems and architecture such as SWIFT, UPI, IMPS, ATM, Internet Banking, Mobile Banking, Core Banking System, payment gateway, ATM switch and terminal. Experience in PCI DSS implementation/assessment and ATM end-point security and Cards data security and operations. Networks Security: Managing firewalls, routers, proxy, WAF, email filtering, DLP, DDoS protection, data encryption, IPS/IDS, Incident response and investigate security breaches, VA-PT for networks. Security Operations Centre- Implementation and review. IT General Controls: Familiarity with Technical Security controls of Identity & Access Management, Network, Server, Application, Change management, Backup and Restoration etc. and process controls reviews. Understand BCP and DR processes and architecture. Experience in conducting reviews based on ISO standards and regulatory guidelines in banking sector for a medium to large sized organization would be preferred. Experience in conducting Information System Audits Must have experience in preparing quality deliverables such as audit reports, presentations etc. Excellent written, oral communication and presentation skills Excellent organizational and interpersonal skills Ability to work independently or as part of a team Information technology / Banking and Financial services / Auditing / Cyber Security consulting Candidate will have to travel extensively within Mumbai and across the country for performing audits, as per RBI requirements. Conducting audit of Information security policies, procedures, and processes to identify process/design gaps. Conduct audits of information security systems and infrastructure to verify systems are secure and support the related applications/business processes. Conducts audits in different banking technology domains such as Active Directory, WAF, Network access security, End-point security, Application VA/PT/AppSec, SDLC, Database management and security, PCI-DSS, ATM controls, Cards (Debit/Credit) security, Payment-gateway, Cloud and API Security and IT General Controls etc. Additional weightage will be given to candidates with experience in domains such as Cloud Security, API security. Developing project plans, work programs, evaluating system controls, identify risks and audit gaps, documenting results in proper audit report format, making recommendations, and communicating information to stakeholders. Support in maintaining audit checklist and documents, trend analysis, preparing presentations etc. Should be a self-learner and must keep updated with the latest security guidelines issued by regulators, international standards for information security, threats and vulnerabilities researched/discovered. Research public domain to keep up to date knowledge on latest banking applications / technologies and emerging technologies Cloud, Virtualisation, AI-ML, IOT etc. and ensure continuous learning in identified security competencies and new/emerging technologies. Experience into people management / team management will be preferred.

Job Title: IT Security & Audit Compliance Analyst Location: Mumbai, Thane Experience Required: 1 to 3 Years Employment Type: Full-Time Job Description: We are seeking a highly motivated and detail-oriented IT Security & Audit Compliance Analyst to support end-to-end audit, compliance, and security operations across enterprise systems. The ideal candidate will be responsible for managing audit logs, ensuring policy compliance, generating reports, and supporting internal and external audit requirements. Key Responsibilities: Active Directory Audit Logs Management Manage and analyze audit logs for incident troubleshooting Ensure all log-on, log-off, and failed login attempts are captured #ActiveDirectory #AuditLogs #SecurityMonitoring Audit Journal & Security Compliance Reporting Generate, review, and submit audit reports as per schedule Identify and resolve discrepancies and respond to audit queries Ensure timely support for all audit activities (minimum 16 audits per year) #SecurityCompliance #AuditReporting #IncidentManagement User ID Management & Policy Compliance Maintain audit records for user ID approvals, revalidations Manage exceptions for shared IDs and non-expiring passwords #UserIDManagement #AccessControl #PolicyCompliance System Log Management & Retention Enable and manage logging on servers, network, and storage devices Ensure log retention for a minimum of 90 days within client infrastructure #LogRetention #SystemMonitoring #NetworkSecurity Desired Skills: Experience with Active Directory auditing and compliance Strong understanding of IT audit processes and security controls Ability to handle audit queries independently Familiarity with enterprise infrastructure and log management Strong communication and analytical skills #ITSecurity #InfoSec #AuditCompliance #InfrastructureSecurity #ITGovernance Qualifications: Bachelors degree in Computer Science, Information Technology, or a related field 1+ years of relevant experience in IT Security, Audit, or Compliance roles Application Process: Interested candidates are requested to share their updated resume along with the following details: Total Experience: Relevant Experience: Current CTC: Expected CTC: Notice Period: Current Location: Willing to Relocate to Mumbai (Yes/No):

Mega Hiring for IT AUDIT Please send cv on zeenat@contactxndia.com / it@contactxindia.com Call on 9359055605 / 8971092439 Role & responsibilities We are hiring for one of the Big4 for IT Audit Location: Bangalore / Hyderabad Experience : 2 to 10 Years Candidate Should have : T Audit ITGC ITAC SOC1 SOC 2 Candidate should be from well know firm ((Big4 ,Big6 , MNC , Tier1 & 2 Companies ) Responsibilities Roles & responsibilities Mandatory technical & functional skills Experience in evaluating and testing Process level manual, automated controls and General IT Controls.• Experience in evaluating risks across a variety of IT platforms (including ERPs, UNIX/Linux, Windows, Mainframe, iSeries (AS400), SQL, Sybase, Oracle, DB2 and popular Cloud Hosted solutions)• Hands on experience of industry standards and frameworks such as COBIT, COSO, HIPAA etc. preferred. Qualifications Education Qualification : BE/B.Tech, B.Com, BCA, B.Sc, MBA, M.Sc, MCA,M.Tech, CA.•• Work Experience : The candidate must have 2-10years of relevant experience in a similar role, preferably with a Big 4 firm.•Team leading / Performance Management experience for a minimum of 1-2 years. Send cv on zeenat@contactxndia.com Call on 9359055605 Visit our website for more details / positionswww.contactxindia.com Preferred candidate profile

How you'll make an impact: Engaging the third party and driving the ITGC operations across P&A (Platforms and Applications). Review that all the JSOX Controls are executed as per the standards and the required quality is being adhered to by the third party. Defining the key attributes needed to perform the controls effectively. Planning and ensuring that all the audits are completed in a timely manner in Coordination with the Control performers. Liaison between the P&A Application managers and the Control performers. Support Framework transition and optimization. Work out opportunities for efficiency improvements, automated controls, aggregation of controls, etc. Work out concept of internalization of Control Owner. Defining the KPI and come out with adequate measures to reduce the outsourcing costs without reducing the security risks to the applications. Supporting non JSOX audits and defining clear plans with timelines for all identified gaps, working on mitigations. Supporting non JSOX compliance maturity enhancements across P&A. Responsible to ensure compliance with applicable external and internal regulations, procedures, and guidelines. Living Hitachi Energy s core values of safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business. Your background: The candidate should have more than 20 years professional experience and more than 15 years in Internal audits The candidate should be a CISA and ISO 27001 Certified The candidate should have extensive experience with compliance service The candidate should have extensive experience in dealing with diverse technological audits The candidate should have experience in dealing with regulatory audits and also have a track record of completing SOX audits testing on time The candidate should have experience in managing large, global and diverse teams include handling third parties The candidate should have worked with senior management, provided and discussed reporting Proficiency in both spoken & written English language is required.