120 It Risk Jobs - Page 5

About The Role Manager - Technology Risk Assessment Team - Technology Risk & Compliance ,Compliance Location - Bangalore The PhonePe Technology Risk and Compliance team plays a critical role in the successful execution of the firm's compliance mission. The Tech Risk and Compliance function ensures the development and maintenance of a strong compliance culture by developing and maintaining program infrastructure that identifies, measures and monitors compliance with applicable laws, regulations and rules that govern our business globally. Compliance teams work closely with Engineering, SREs, business, legal and other functions to provide expertise on regulatory compliance matters; assess and measure compliance and related risks and monitor and test the adequacy of the firm's compliance control environment. Roles and Responsibilities: To review PhonePe products, processes and environment from the perspective of security, regulatory compliance and best practices. To conduct due diligence on new and existing technology implementations across business units at PhonePe. To provide support to internal departments in areas of compliance with regulatory bodies (i.e. RBI, NPCI, SEBI, IRDAI, UIDAI), and implementation of security related requirements from circulars issued by regulators. To collaborate with product/business/engineering teams to implement compliance plans to mitigate risks in the early stage of product development To create control frameworks in guidance of the team and conduct gap assessment against security practices, various regulatory guidelines and compliance requirements Must Haves: 7 to 9 years of relevant work experience, B. Tech Prior people management experience. Strong understanding of ITGC domains and business processes. Experience in managing audits and implementing cyber security controls, NIST, PCI DSS standards, ISMS etc., Certifications such as ISO 27001 / CISA / CISM / CISSP preferred. High ethical standards and are able to work diligently to complete your duties. Analytical mind able to see the complexities of procedures and regulations. Demonstrate the ability to plan and execute projects with minimal management support. PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles) Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy

This is regarding opening For IT Audit with leading Financial Industry!! Experience: 3+Years Location: Mumbai Job description: Role is to perform an audit of information systems. Responsibility: Creating succinct and understandable risk/control matrices and reporting Perform the audit in accordance with the audit strategy. When interacting with IT stakeholders, show professionalism, expertise, and clear communication. Exhibit a reasonable understanding of the sector or industry and be cognizant of any technical difficulties or audit concerns. Qualifications: Graduates with pertinent certifications, including CISA. Work Experience: Strong understanding of rules and circulars issued by regulatory bodies (RBI) 47 years of work experience with prior experience in Internal Audit, Risk Management, Regulatory, and Compliance roles in the banking and financial services (NBFC) industries Experience conducting information systems and security audits, application control reviews, and application functionality reviews Experience with audit approach in practice Strong logical and reasoning abilities; the capacity to collaborate well with others; and the technical skill set required of an information systems auditor include: A strong foundation in computer hardware and software expertise; familiarity with a range of operating system. Proficiency in databases Practical knowledge of network architecture; familiarity with other IT infrastructure; and familiarity with application controls and interfaces. Understanding of information security governance; familiarity with computer-assisted auditing techniques (CAATs); and familiarity with the framework for business continuity and disaster recovery. If you are interested kindly share your updated resume on aayushi@thepremierconsultants.com

Manage end-to-end client engagements and ensure timely, high-quality deliverables. Conduct quality assurance reviews for documentation and testing results in line with regulatory guidelines. Identify process improvement areas and prepare relevant recommendations. Ensure compliance with engagement plans and internal quality/risk management procedures. Escalate any engagement-related risks or red flags to US engagement counterparts. Assist with the preparation of reports, deliverables, audit committee presentations, and status updates. Client Relationship Management: Build and maintain strong relationships with client stakeholders (functional heads and key influencers). Contribute to the development of new methodologies, business proposals, and marketing collaterals. Identify potential business opportunities during ongoing client engagements. People Development: Mentor and coach junior team members including Assistant Managers, Senior Associates, and Analysts. Deliver training sessions and contribute to the teamknowledge management initiatives. Provide constructive feedback and promote a positive learning environment. Contribute to effective teamwork and process improvements. Skills Required: Proficient in IT Risk Advisory practices, including: IT General Controls (ITGC) testing ITGC testing for Internal Audits SOX 302 and 404 audits Third-party reporting (e.g., SOC1, SOC2) Experience with risk assessments, walkthroughs, control design, and flowchart creation. Strong command of Microsoft Office tools (Word, Excel, PowerPoint, Access). Excellent written and verbal communication skills. Strong interpersonal skills with the ability to coach and lead junior team members. Preferred Attributes: Prior experience working with clients from Big 4 or similar consulting environments. Ability to manage engagement budgets and contribute to business development initiatives. Solution-oriented mindset with strong problem-solving abilities. Demonstrated industry expertise and a keen understanding of current trends and challenges.

Department: Information Security Location: Mumbai Reports to: IS GRC Head Employment Type: Full-time Job Purpose: This role is responsible for driving the organization’s Information Security Governance, Risk, and Compliance (GRC) function, Industry standards (ISO 27001, NIST CSF), and regulatory requirements. The candidate will lead internal audits, vendor risk governance, SOC 2 readiness, automation initiatives, client assessments, and security awareness across the enterprise—while managing a team of security professionals. Key Responsibilities: Governance, Risk & Compliance • Implement and maintain a scalable Information Security GRC framework based on ISO 27001, NIST Cybersecurity Framework, and applicable regulatory requirements (RBI, SEBI, IRDAI, DPDPA). • Manage the information security policy lifecycle, risk registers, and control objectives across business units. • Lead the exception management process, including impact assessments, approval workflows, and periodic reviews. Internal Audit & Control Testing • Plan and execute periodic internal audits, control design evaluations, and operational effectiveness testing for IT and cybersecurity controls. • Coordinate external assessments, including SOC 2 readiness, ISO 27001 surveillance audits, and customer/compliance audits. • Track and close audit findings with clear ownership, root cause analysis, and sustainable remediation plans. Vendor Risk Management (End-to-End) • Oversee the Third-Party Risk Management (TPRM) lifecycle: onboarding, risk assessment, security clauses, ongoing monitoring, and exit governance. • Drive continuous oversight of critical vendors based on data exposure and service criticality, using automated tools where feasible. Automation & Tooling • Identify manual GRC activities suitable for automation; perform POCs, evaluate tools, and drive implementation. • Lead automation initiatives for risk assessments, control testing, evidence gathering, and exception workflows. SOC 2 & Compliance Readiness • Lead organizational readiness for SOC 2 Type 1 and Type 2 audits, working with Business SPOC's, application owners and control owners. • Align existing practices to SOC trust service criteria (Security, Availability, Confidentiality). Security Training & Awareness • Develop and deliver cybersecurity training and awareness programs tailored to various stakeholder groups (employees, management, vendors). • Promote a risk-aware culture and drive ongoing compliance awareness campaigns. Incident Response Oversight • Support and enhance the incident response governance process by aligning it with NIST CSF framework. • Ensure roles, responsibilities, and reporting mechanisms are clearly defined and followed during incidents. • Oversee the documentation of lessons learned, RCA, and incorporation of incidents into risk registers. Reporting & Stakeholder Engagement • Prepare and present dashboards, heatmaps, and reports for executive management, audit committees, and the board. • Maintain governance KRIs and provide insights into risk trends, audit closures, and compliance status. • Serve as a key liaison during client assessments, RFP security responses, and due diligence efforts. Team Leadership • Manage, mentor, and upskill a team of GRC analysts and specialists. • Allocate responsibilities, track performance, and foster collaboration across IT, Legal, Procurement, and Business teams. Key Requirements: Qualifications: • Bachelor’s/Master’s in Information Security, Computer Science, or related field. • Professional certifications preferred: CISA, CRISC, ISO 27001 LA, CISSP, CCSK, or equivalent. Experience: • 8+ years of experience in Information Security GRC, IT Risk, and Regulatory Compliance. • Strong expertise in internal audits, control testing, and vendor security governance. • Hands-on experience in managing SOC 2, ISO 27001, or similar frameworks. • Demonstrated leadership in team management and multi-stakeholder coordination. • Exposure to automating GRC functions using platforms like ServiceNow GRC, Archer, OneTrust, or similar. Skills & Competencies: • Strong analytical, documentation, and reporting skills. • Effective communication across technical and business audiences. • High level of integrity, ownership, and stakeholder management.

About PhonePe Group: PhonePe is Indias leading digital payments company with 50 crore (500 Million) registered users and 3.7 crore (37 Million) merchants covering over 99% of the postal codes across India. On the back of its leadership in digital payments, PhonePe has expanded into financial services (Insurance, Mutual Funds, Stock Broking, and Lending) as well as adjacent tech-enabled businesses such as Pincode for hyperlocal shopping and Indus App Store which is India's first localized App Store. The PhonePe Group is a portfolio of businesses aligned with the company's vision to offer every Indian an equal opportunity to accelerate their progress by unlocking the flow of money and access to services. Culture At PhonePe, we take extra care to make sure you give your best at work, Everyday! And creating the right environment for you is just one of the things we do. We empower people and trust them to do the right thing. Here, you own your work from start to finish, right from day one. Being enthusiastic about tech is a big part of being at PhonePe. If you like building technology that impacts millions, ideating with some of the best minds in the country and executing on your dreams with purpose and speed, join us! About The Role Manager - Technology Risk Assessment Team - Technology Risk & Compliance ,Compliance Location - Bangalore The PhonePe Technology Risk and Compliance team plays a critical role in the successful execution of the firm's compliance mission. The Tech Risk and Compliance function ensures the development and maintenance of a strong compliance culture by developing and maintaining program infrastructure that identifies, measures and monitors compliance with applicable laws, regulations and rules that govern our business globally. Compliance teams work closely with Engineering, SREs, business, legal and other functions to provide expertise on regulatory compliance matters; assess and measure compliance and related risks and monitor and test the adequacy of the firm's compliance control environment. Roles and Responsibilities: To review PhonePe products, processes and environment from the perspective of security, regulatory compliance and best practices. To conduct due diligence on new and existing technology implementations across business units at PhonePe. To provide support to internal departments in areas of compliance with regulatory bodies (i.e. RBI, NPCI, SEBI, IRDAI, UIDAI), and implementation of security related requirements from circulars issued by regulators. To collaborate with product/business/engineering teams to implement compliance plans to mitigate risks in the early stage of product development To create control frameworks in guidance of the team and conduct gap assessment against security practices, various regulatory guidelines and compliance requirements Must Haves: 7 to 9 years of relevant work experience, B. Tech Prior people management experience. Strong understanding of ITGC domains and business processes. Experience in managing audits and implementing cyber security controls, NIST, PCI DSS standards, ISMS etc., Certifications such as ISO 27001 / CISA / CISM / CISSP preferred. High ethical standards and are able to work diligently to complete your duties. Analytical mind able to see the complexities of procedures and regulations. Demonstrate the ability to plan and execute projects with minimal management support. PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles) Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy Working at PhonePe is a rewarding experience! Great people, a work environment that thrives on creativity, the opportunity to take on roles beyond a defined job description are just some of the reasons you should work with us. Read more about PhonePe .

Hello Talented Techie! We provide support in Project Services and Transformation, Digital Solutions and Delivery Management. We offer joint operations and digitalization services for Global Business Services and work closely alongside the entire Shared Services organization. We make efficient use of the possibilities of new technologies such as Business Process Management (BPM) and Robotics as enablers for efficient and effective implementations. We are looking for Asst. Manager- Governance & Enablement Job Summary: We are seeking a dedicated Information Security Professional to join our team. The ideal candidate will focus on maintaining and managing our ISO27001 certification. This role involves handling the overall Information Security Management System (ISMS), managing internal stakeholders, conducting internal audits, facilitating external audits, and overseeing the information security program management. Key Responsibilities: Implements IT governance strategy and guidelines, and develops/defines functional specific policies, processes and/or methods for general services for organizational units and the business in responsibility from a technical and governance perspective. SPOC, respectively Bridge Head to central IT, CYS and LC for all general Service-related topics. SPOC for GBS ASP community reg. all IT and CYS related governance and standardization topics. Coordinates resources and monitors and reports progress and milestones regularly to all stakeholders. Offer Governance related trainings for GBS BLs focusing relevant rules and regulations. Management & support of ISO topics for DS services & Products. Represent GCI ASP Lead in the various regional bodies and communities. Qualification: Bachelor"™s degree in information technology or a related field. Strong knowledge of ITIL, COBIT or other IT governance standards and Cybersecurity standards. Bais understanding in the CYS (IT) and identify potential threads Strong organizational and program management skills. 8-12 years of experience in Information technology with at least 5 years in IT governance or related area. Good communication and networking skills in an intercultural environment and across all management levels. Certified Lead auditor/Implementor in ISO 9001, ISO 27001 will be an advantage Create a better #TomorrowWithUs! This role, based in Bangalore, is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We value your unique identity and perspective and are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. Come bring your authentic self and create a better tomorrow with us. Find out more about Siemens careers atwww.siemens.com/careers

About The Role : Job TitleIT Application Owner Lead, Risk & Control Specialist - VP LocationPune, India Role Description The ITAO Lead is a critical IT role with overall accountability and ownership of the applications and infrastructure instances. The role's key responsibility is to ensure applications IT Governance is in line with the banks policies, procedures and standards. The ITAO Lead must manage and maintain the applications, ensuring compliance with applicable IT policies & procedures with specific consideration to Information Security guidelines/policies. The Risk and Control Specialist supports all aspects of the Audit lifecycle. This includes Ensuring all identified risks (Audit Findings) are proactively managed and closed on time and Identifying and assessing risks (Self-identified issues) and their impact, planning remediation actions, and monitoring and reporting their progress. What we'll offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Supports the ITAO function across foundational platform portfolio. Has a good understanding of development methodologies and IT policies and procedures, with a focus on IT management and information security. Ensures the compliance with Deutsche Bank IT policies & procedures of all the applications in foundational platform. Implements the processes to improve safety and security of the applications, compliance with regulations, policies and standards and enhance operational readiness. Assists the banks audit function in the remediation of audit points and self-identified issues to reduce risk. On-boards the applications onto Deutsche Banks IT Risk and control related tools. Interface with Internal and External Auditors for IT Audits. Applications and infrastructure offboarding Controls IT assets ensuring that administration of the acquisition, storage and disposal of the assets is carried out as per the banks processes. Remediates IT related Audit Findings and IT Risk and control related issues. Facilitates open communications and discussions among the stakeholders with the stakeholder engagement strategies and plans. Manages the technical roadmap of the application Plans/conducts/supports the disaster recovery tests. Provides the trainings and facilitate the knowledge sharing within the ITAO function. Coordinates with external vendors and service providers to ensure seamless support and maintenance. Manages findings life-cycle events (e.g. closures, risk downgrades, risk acceptances) with finding owners/ risk leads to ensure they are addressed, appropriately documented within agreed timelines. Collaborates with internal teams to educate and promote Risk and Controls standards, Finding Management Procedure and Central Function checkliststo ensure successful handling oflife cycle events Understands and advocates DB Policies, Procedures, Controls and standards, Finding Management Procedure and Central Function checkliststo ensure successful remediation and handling oflife cycle events with stakeholder Coordinates with Portfolio Owners/risk leads for the upcoming audit schedule and request if any potential SIIs are to be raised for the audit scope. Participates in Risk and Control meetings with Portfolio owners / CIO-1 totrack and review the status of remediationagainst risk topics Ensures management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums. Identifies and evaluates potential areas of non-compliance or risk, assessing impact, probability and present self-identified findings and proposals for risk mitigation Your skills and experience Desirable experience at least 12-14+ plus years in the IT industry Strong people management, mentoring to other peers also leadership skills who also can work under pressure, independently and proactively while balancing competing priorities to achieve results on complex new development and integrations. Prior ITAO experience is preferrable. Strong understanding of the SDLC and current IT trends in managing Projects. IT Risk Frameworks experience is needed. Banking / Financial industry Exposure is a plus. Business Risk audits experience is needed. Project/Development/ Release/Support Management and Technology Infrastructure management would be a plus. Strong people management and mentoring skills, along with leadership abilities. Capable of working under pressure, independently, and proactively while balancing competing priorities to achieve results in complex new development and integrations. Experience of working together with Agile/Scrum teams and their methods. Tools UsedJira, Confluence & other server monitoring tools. Experience in working in IT Risk, IT Service Management, Run the Bank and Support domains. How we'll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs

About The Role : Job Title Technology Risk Manager Corporate Title Director Location Pune, India Overview Our Corporate Bank group is a technology centric business, with an increasing move to real-time processing, an increasing appetite from customers for integrated systems and access to supporting data. This means that technology is more important than ever for the business. The CIO Corporate Bank (CB) division sits in the Banks Technology, Data and Innovation (TDI) group. The Risk and Control (R&C) team ensures the Bank's technology control priorities are effectively implemented across CIO - CB. The R&C team offers dedicated support for each Chief Information Officer (CIO) business line, advisory services for control responses, and program management services for broad control uplifts. The team's mission is to reduce the organization's technology risk exposure by implementing key bank controls, ensuring appropriate and timely resolution of audit and regulatory issues, and participating in the Bank's design of control implementations. Therefore, a role on the R&C team is integral in supporting the front-line management in identifying, assessing/measuring risks, developing/implementing remediation actions, and monitoring risks. We are looking for a technology risk manager (also known as embedded risk team lead) to join the Risk & Control team to ensure robust and sustainable control governance across CIO CB, in particular for CB Data and head for India Risk and Control team. You will be responsible for supporting the CB Chief Data Office in managing audit/regulatory/self-identified findings, participating in regulatory and audit exams, monitoring stakeholders compliance with key risk indicators, and ensuring controls are implemented effectively and sustainably. Your role will be integral in supporting the front-line management in identifying and assessing/measuring risks, determining remediation plans, monitoring levels of risk, and implementation of remediation. You will work directly with CIO-1s, the CIO Corporate Bank Risk Leads, senior technology management, business and operations stakeholders, regulatory management, and other embedded risk teams and will represent CB Risk & Control . As a senior member in the region, you will spearhead risk initiatives within the region and will oversee India applications. As a Tech Risk and Controls Director, you will play a pivotal role in shaping and implementing the firms technology risk management strategy. What we'll offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under child care assistance benefit (gender neutral) Flexible working arrangements Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your Key Responsibilities: Partner with CB CDO, in risk management and control implementation. Create deep and productive relationships with the teams and finding owners for audit/regulatory/self-identified issues to ensure overall risk posture for the area is improved. Support CIO-1 portfolio(s) in managing audit/regulatory/self-identified findings to ensure appropriate and timely resolution of risks/gaps in controls, and resolve non-compliance with Bank policies, procedures and processes and non-compliance with regulations and laws. Review and revise findings lifecycle event documentation. Provide strategic direction on risk management matters to senior leadership including implementation of detailed data driven narratives to inform leadership of risks related to IT and Cybersecurity topics. Provide credible challenge across all information technology and cybersecurity enabling business growth while ensuring that risks remain within appetite. Participate in, and coordinate with technology stakeholders, on internal and external audits and regulatory exams Ensure Risk & Control topics and standards are effectively included in all Change Programs related to CB Data, in particular within the perimeter of the EDM Program. Ensure appropriate senior management awareness/oversight of follow-up on action items to resolve identified technology issues Support application teams in control implementation requirements Ensure risk remediation programs are initiated and executed. Design and implement processes to test effectiveness and sustainability of technical controls. Develop strategies for reducing the risk exposure of CIO CB portfolio(s), including preparedness of critical applications for audit and regulatory exams and working with application owners to address and prevent common risk issues Assist application owners and other technology stakeholders in identifying and documenting risks and developing remediation Tracking and reporting on CIO CB portfolio(s) key risk indicators (KRI) and control uplift programs. Assisting application owners in developing plans to ensure compliance with KRIs. Close control gaps. Ensure risk remediation programs are initiated and executed in line with the Banks policies, procedures and standards. Work with the application teams and control owners to identify and resolve potential issues in control design. Advise on effectiveness metrics, ensure control design includes proper evidence, and provide input to the design and effectiveness of centrally provided tooling. Create risk awareness and positive attitudes through specialized trainings and educate the wider Corporate Bank CDO stakeholders regarding Risk & Control. Develop and guide a culture of talent development to meet business objectives and strategy. Your Skills and Experience: Excellent communication skills, both written and verbal to present ideas and concepts effectively Extensive experience (15-20 years) in technology risk management and risk advisory Strong understanding of three lines of defense model and compliance frameworks, Experience with regulatory environments and financial services technology. Robust knowledge and experience of data risks, in particular data-related technology controls, - policies, - standards and - tools Excellent analytical and investigatory skills to identify underlying technology issues Extensive experience in assessing risk, writing issues, and developing appropriate corrective actions Demonstrate viable solutions and problem solving Relevant experience working with auditors, regulators and external auditors on exams, reports and information requests Prefer experience with designing and testing technology controls and processes Prefer technical background (application development, infrastructure engineering, etc.) How we'll support you Training and development to help you excel in your career Flexible working to assist you balance your personal priorities Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of Sr. Associate Director, Data and Analytics In this role, you will: Manage cross value stream inititaitives/projects to uplift controls, delivery new capabilities , right size our infra estate etc Manage one or more controls to ensure compliance and identify opportunities to uplift the control Act as escalation proint for all infra issues the teams are unable to resolve themselves. DevOps. Improve the efficiency and effectiveness of the infrastrutcure , production support and other IT teams by championing the use of Agile and DevOps principles/methodologies. Identify key blockers and play a lead role in the removal of blockers and hence facilitate the implemenation of tactical and strategic solutions accordingly Advise and guide the shaping of the infrastructure architecture which underpins the WPB business. Work with the Value streams to maximise consistency and re-use of solutions across the WPB business we support Move towards a federated but governed model for as much Infrastructure work as we can whilst ensuring we meet standards accordingly Requirements To be successful in this role, you should meet the following requirements: Strong, credible technical background with extensive knowledge of technology platforms and infrastructure (Data Centre, Server, Networks, Storage, Database, Desktops, Virtualisation, Cloud etc). Proven Project/Portfolio management skills in infrastructure related projects. Experience of both Agile and water fall project management methodologies preferred. Proven problem solver who can lead from the front when required. Able to take a hands on/off view when managing problems. Proven manager with experience of managing physical /virtual teams (located locally and remotely) across the globe. Proven Relationship Management skills, within an infrastructure, layered products and application management space. Experience of navigating infrastructure processes (for example project delivery, procurement and service delivery). Exposure to IT Risk frameworks (especially CyberSecurity) is desirable. Help to drive continuous improvement and service stability of the WPB infrastructure and production systems. Excellent decision making and problem solving skills. Excellent written and verbal communication skills, ability to translate technical details into easily understood and consumable data/reports. Have an automation/change mentality and strive for constant improvements via automated processes. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

About the Role: The Analyst would be a part of Vendor Risk Continuous Monitoring Team within Vendor Risk Management (VRM) program. The primary responsibilities include Continuous monitoring of vendors via monitoring tools, reviews the alerts and work with Vendor, Business and SMEs to validate the impact and recommend the corrective actions. These monitoring would be across financial, compliance, reputational cyber security, and privacy domains. This role requires a strong understanding of vendor risk management processes, compliance frameworks, and industry regulations. This role would also require to conduct period assessments on the Third parties as well as on the Affiliates to support the organizations overall risk management strategy. The Team: Vendor Risk Management is a critical function that organizations globally are increasingly focusing on. Our team ensures thorough reviews of each vendor engaged globally, supporting the business in making risk-informed and data-driven decisions. We collaborate closely with Business Units and Risk Domain Subject Matter Experts (SMEs), such as Cyber Risk, to conduct assessments and recertifications in compliance with regulatory requirements. When issues are identified, VRM team is responsible for ensuring risk mitigation and providing feedback to leadership before engaging with the vendor. Responsibilities and Impact: Working in Vendor Risk Management Team provides the opportunity to continuously improve processes in response to the evolving requirements of various regulators. This dynamic environment offers ample opportunities to expand your knowledge and expertise. In addition to conducting risk assessments, and continuous monitoring, you will have the chance to contribute to various projects, enabling you to showcase and further develop your skills and experience. Key responsibilities: Continuously monitor the risk posture of vendors, identifying emerging risks or changes in risk levels. Leverage monitoring tools and data to track and evaluate the ongoing performance of vendors. Conduct comprehensive risk assessments of third-party vendors and Affiliates, ensuring alignment with organizational risk tolerance and standards. Evaluate financial, operational, cyber, compliance and privacy risks associated with each vendor relationship. Perform periodic reviews and assessments of existing vendor relationships, and affiliates to ensure that risks are managed appropriately. Work directly with Internal Business Partners to understand the services and assist them in capturing the correct risk in the assessments and perform the quality review. Work with vendors and internal teams to develop risk mitigation plans and track remediation efforts for any identified issues or non-compliance. Collaborate with Cyber Risk/Information Security, Business Continuity, Procurement, Compliance and other Domain SMEs to ensure correct risk level is documented in the Vendor Risk Assessment results and track the progress. Lead and support enhancement projects within Vendor Risk Management to meet various business and regulatory requirements. Identify opportunities to streamline risk assessment processes and improve the overall effectiveness of the Vendor Risk Management program. Assist the team members in balancing the load and managing Ad-hoc projects. What Were Looking For: Basic Required Qualifications: Professional with Vendor Risk Management background, having good experience in conducting vendor risk assessments, or related fields (e.g., compliance, IT audit, GRC) with at least 2-5 years of experience after Degree/Masters Should have experience in understanding and managing the risk for IT and Cloud based vendors. Should have experience working in information security and understanding of the concepts of information security controls including ISO and NIST. Should have understanding on the roles and responsibilities of different risk functions like Third Party Risk Management, QA Function, IT Risk, Operational Risk, Financial Risk, Internal Control, Internal audit, Privacy and Compliance etc. Familiarity with vendor management tools and continuous monitoring platforms is a plus. Excellent communication skills - a must. The resource should have the ability to communicate with cross-functional teams and vendors, both written and oral communication is critical. Can work from 2pm-11pm India Time Additional Preferred Qualifications: This position is required to work in UK Shift; flexibility is a must, especially when it comes to vendor and internal meetings held during US business hours. Strong organizational skills with the ability to multitask and prioritize while maintaining close attention to detail. Ability to build strategic partnerships with internal stakeholders. Must be a critical thinker with strong qualitative skills. Information Security/Risk Management certification would be an advantage.

Job Description Job Title IT Application Owner Lead, Risk & Control Specialist - VP Location Pune, India Role Description The ITAO Lead is a critical IT role with overall accountability and ownership of the applications and infrastructure instances. The roles key responsibility is to ensure application s IT Governance is in line with the bank s policies, procedures and standards. The ITAO Lead must manage and maintain the applications, ensuring compliance with applicable IT policies & procedures with specific consideration to Information Security guidelines/policies. The Risk and Control Specialist supports all aspects of the Audit lifecycle. This includes Ensuring all identified risks (Audit Findings) are proactively managed and closed on time and Identifying and assessing risks (Self-identified issues) and their impact, planning remediation actions, and monitoring and reporting their progress. What we ll offer you As part of our flexible scheme, here are just some of the benefits that you ll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Supports the ITAO function across foundational platform portfolio. Has a good understanding of development methodologies and IT policies and procedures, with a focus on IT management and information security. Ensures the compliance with Deutsche Bank IT policies & procedures of all the applications in foundational platform. Implements the processes to improve safety and security of the applications, compliance with regulations, policies and standards and enhance operational readiness. Assists the bank s audit function in the remediation of audit points and self-identified issues to reduce risk. On-boards the applications onto Deutsche Bank s IT Risk and control related tools. Interface with Internal and External Auditors for IT Audits. Applications and infrastructure offboarding Controls IT assets ensuring that administration of the acquisition, storage and disposal of the assets is carried out as per the bank s processes. Remediates IT related Audit Findings and IT Risk and control related issues. Facilitates open communications and discussions among the stakeholders with the stakeholder engagement strategies and plans. Manages the technical roadmap of the application Plans/conducts/supports the disaster recovery tests. Provides the trainings and facilitate the knowledge sharing within the ITAO function. Coordinates with external vendors and service providers to ensure seamless support and maintenance. Manages findings life-cycle events (e.g. closures, risk downgrades, risk acceptances) with finding owners/ risk leads to ensure they are addressed, appropriately documented within agreed timelines. Collaborates with internal teams to educate and promote Risk and Controls standards, Finding Management Procedure and Central Function checklists to ensure successful handling of life cycle events Understands and advocates DB Policies, Procedures, Controls and standards, Finding Management Procedure and Central Function checklists to ensure successful remediation and handling of life cycle events with stakeholder Coordinates with Portfolio Owners/risk leads for the upcoming audit schedule and request if any potential SIIs are to be raised for the audit scope. Participates in Risk and Control meetings with Portfolio owners / CIO-1 to track and review the status of remediation against risk topics Ensures management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums. Identifies and evaluates potential areas of non-compliance or risk, assessing impact, probability and present self-identified findings and proposals for risk mitigation Your skills and experience Desirable experience at least 12-14+ plus years in the IT industry Strong people management, mentoring to other peers also leadership skills who also can work under pressure, independently and proactively while balancing competing priorities to achieve results on complex new development and integrations. Prior ITAO experience is preferrable. Strong understanding of the SDLC and current IT trends in managing Projects. IT Risk Frameworks experience is needed. Banking / Financial industry Exposure is a plus. Business Risk audits experience is needed. Project/Development/ Release/Support Management and Technology Infrastructure management would be a plus. Strong people management and mentoring skills, along with leadership abilities. Capable of working under pressure, independently, and proactively while balancing competing priorities to achieve results in complex new development and integrations. Experience of working together with Agile/Scrum teams and their methods. Tools Used Jira, Confluence & other server monitoring tools. Experience in working in IT Risk, IT Service Management, Run the Bank and Support domains. How we ll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs

& Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive Network Security, Cloud Security, ITGC Reviews, Compliance Reviews, ISO 27001 Reviews, Purpose of the Job /Role Lead/Manage/Perform Security Reviews which includes Cloud Security and Data Security, Threat and Vulnerability Management, Identity and access management, Technology controls, process controls, and governance, risk and compliance elements, IT General Controls. Responsibilities Should manage/ oversee/execute engagements around Cyber Risk and Maturity Assessments, Cyber Strategy, Cloud Security, Data Protection, Third Party Risk Management, Enterprise Architecture reviews. Knowledge on NIST CSF, ISO 27001, ISO 27701, ISO 27017, DPDP Act Experience in financial sector companies like banks, NBFCs and FinTechs Mandatory Skill Strategy and Governance Preferred Skill Cyber Strategy Education Qualifications Minimum Qualification BE/ BTech Postgraduates in any stream would be preferred (not mandatory) Prior Big 4 experience would be an added advantage Experience in IT Risk Advisory/ Assurance for varied industry segments preferred Excellent communication skills both written and oral Certifications CISA/CISM/ISO will be added advantage Education Degrees/Field of Study required Bachelor of Technology, Bachelor of Engineering Degrees/Field of Study preferred Required Skills Strategic Governance Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Analytical Thinking, Azure Data Factory, Communication, Creativity, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Learning Agility, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture

Add to favorites Favorited View favorites Section 1: Position Summary As a key member of the Procurement Vendor Strategy Department, this role provides meaningful contributions to, and oversight of, the efforts of the team to proactively identify, assess, monitor, and mitigate third-party risk throughout the organization. The Junior Vendor Analyst plays a key role in the first line of defense for vendor risk management, ensuring that third-party vendors meet security, compliance, and operational standards before escalations to onshore teams. This role will focus on vendor risk profiling, due diligence, tracking assessments, and following up with vendors and internal stakeholders to ensure timely completion of required tasks. The analyst will work within SAI360 daily to monitor workflows, escalate risks as needed, and drive vendor compliance with organizational policies. Section 2: Job Functions, Essential Duties and Responsibilities First Line of Defense & Vendor Oversight Serve as the initial point of review for vendor risk assessments, escalating higher-risk findings to onshore teams. Perform initial screening and risk profiling for new vendors, classifying them based on criticality and risk exposure. Conduct preliminary due diligence on vendors by reviewing SOC reports, compliance attestations, and security documentation. Ensure all required vendor risk documentation is submitted, complete, and stored properly. Ongoing Monitoring & Issue Tracking Use SAI360 daily to monitor vendor risk tasks, follow up on overdue items, and drive completion of assessments. Chase vendors and internal vendor owners to ensure required documentation and assessments are provided on time. Track remediation items, risk findings, and non-compliance issues, escalating where necessary. Maintain an accurate repository of vendor risk data, documentation, and assessment results. Remediation & Escalation Support Identify gaps or missing information in vendor assessments and coordinate with vendors to resolve them. Support onshore teams by tracking remediation efforts, ensuring vendors address security or compliance concerns. Escalate delayed responses, incomplete information, and high-risk issues to the appropriate teams. Ensure that vendor risk assessments and compliance activities are progressing smoothly in SAI360. Vendor Lifecycle Management Support vendor onboarding and offboarding processes, ensuring risk considerations are properly addressed. Assist with routine vendor reviews and compliance attestations, ensuring vendors meet ongoing requirements. Monitor vendor relationships to ensure risk management processes are followed throughout the contract lifecycle. Collaboration & Coordination Coordinate with Procurement, IT, Risk, Compliance, and Legal to ensure vendor-related tasks are completed. Communicate effectively with vendors to request missing information and ensure compliance with company policies. Support internal audits and regulatory reporting by maintaining accurate and up-to-date vendor documentation. Project Management Initiatives Assist with various departmental projects including platform changes to process improvement initiatives Responsible for protecting, securing, and proper handling of all confidential data held by Ascensus to ensure against unauthorized access, improper transmission, and/or unapproved disclosure of information that could result in harm to Ascensus or our clients. Assist with other tasks and projects as assigned Responsible for protecting, securing, and proper handling of all confidential data held by Ascensus to ensure against unauthorized access, improper transmission, and/or unapproved disclosure of information that could result in harm to Ascensus or our clients. At Ascensus, we are guided by our Core Values of People Matter, Quality First and Integrity Always . They inspire us every day to prioritize an environment of respect for those we serve and one another and should be visible in your actions on a day-to-day.. Supervision N/A Section 3: Experience, Skills, Knowledge Requirements Minimum of 2 to 3 years of financial service experience, preferably within vendor or risk management. Basic understanding of vendor risk assessments, SOC reports, and compliance frameworks (ISO, NIST, GDPR, CCPA, etc.). Ability to learn vendor risk management platform quickly. Demonstrated ability to work effectively with senior management and across all levels of an organization Knowledge of internal controls processes, corporate governance, or enterprise risk management Ability to respond to routine multi-tasking as well as complex, unplanned issues while adhering to aggressive deadlines for multiple initiatives Proven ability to proactively and independently research issues, gather evidence, and successfully work with various groups throughout the organization Exceptional oral, written, and presentation skills with a demonstrated ability to communicate effectively across all functional areas and levels of seniority Self-motivated, proactive, and energetic team player Excellent interpersonal and communication skills, including the ability to successfully interact with stakeholders at all levels, internal and external, to achieve desired results Ability to proactively identify areas for process improvement, and to turn recommendations into actions Strong analytical, problem solving, and organization skills Ability to manage multiple tasks/deadlines with limited supervision Detail-oriented, PC proficient, flexible, committed to quality For all virtual remote positions, in order to ensure associates can effectively perform their job duties with no distractions, we require an uninterrupted virtual workspace and there is also an expectation of family care being in place during business hours. Additionally, there is an internet work speed requirement of 25 Mbps or better for individual use. If more than one person is utilizing the same internet connection in the same household or building, then a stronger connection is required. If you are unsure of your internet speed, please check with your service provider. Note: For call center roles specifically , it is a requirement to either hardwire your equipment directly to the internet router or ensure your workstation is in close proximity to the router. Please ensure that you are able to meet these expectations before applying. We are proud to be an Equal Opportunity Employer Be aware of employment fraud. All email communications from Ascensus or its hiring managers originate from @ascensus.com or @futureplan.com email addresses. We will never ask you for payment or require you to purchase any equipment. If you are suspicious or unsure about validity of a job posting, we strongly encourage you to apply directly through our website. For all virtual remote positions, in order to ensure associates can effectively perform their job duties with no distractions, we require an uninterrupted virtual work space and there is also an expectation of family care being in place during business hours. Additionally, there is an internet work speed requirement of 25 MBps or better for individual use. If more than one person is utilizing the same internet connection in the same household or building, then a stronger connection is required. If you are unsure of your internet speed, please check with your service provider. Note: For call center roles specifically, it is a requirement to either hardwire your equipment directly to the internet router or ensure your workstation is in close proximity to the router. Please ensure that you are able to meet these expectations before applying. At Ascensus, we aspire to make a difference for others. We are a technology-enabled services company that helps people save for a better future through our network of institutional, financial advisor, and state partners. Our culture is guided by sound principles, is committed to high standards, operates with transparency, and welcomes diversity housed within our Core Values: People Matter. Quality First. Integrity Always. Ascensus provides equal employment opportunities to all associates and applicants for employment without regard to ancestry, race, color, religion, sex, (including pregnancy, childbirth, breastfeeding and/or related medical conditions), gender, gender identity, gender expression, national origin, age, physical or mental disability, medical condition (including cancer and genetic characteristics), marital status, military or veteran status, genetic information, sexual orientation, criminal conviction record or any other protected category in accordance with applicable federal, state, or local laws ( Protected Status ). Tweet

Client interface for understanding the IT Governance, IT Risk & Compliance Management Controls as applicable to Infrastructure operations. Responsible and accountable for driving and maintaining the Compliance Program Which Includes: I. Defining and implementing controls as per Customer defined Security and Privacy policies II. Ensuring measurement and compliance to the policies. III. Drives Internal and External Audits IV. Participate and advise on Security Incident Investigation V. Training and awareness of Employees on Security Policies Well versed and hands-on experience for establishing processes, controls and audits of compliances like ISO 27001, ISO 15408. SOX ITGCs, SSAE 18 SOC 1 & SOC 2, PCIDSS,HIPAA, Data Privacy Standards (GDPR/Schrems) Frameworks. Documentation of IT & risk management Controls as they are currently being executed in client environment and ensuring that the same controls are followed and implemented in service delivery operations Work with the client & technical teams for change request on any risk or control implementation as well as governance process Participate in internal as well as external regulatory audits as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security Point of contact for the client compliance & IT audit team for provisioning audit evidences within the SLAs defined. Provide strategic guidance & consulting support on implementation of IT controls for Networks, Operating Systems, System Security, Backup & Recovery, Storage, BCP/DR Work with the client & team in identifying any process/ control gaps and suggesting the remediation plan& tracking the plan progress till closure. Liaison with Audit Firms and Client for all types of External audits like (ISO 27001, SSAE 16 SOC 1/ SOC 2 etc)

Qualification and Minimum Entry Requirements B.Tech (IT/CSE) with 8+ Years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls and ERP Audits. Candidate should have intermediate knowledge of financials, operations and technology and its related risks Candidate should have good knowledge for SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security and risk management frameworks/ standards (ISO 27001, NIST, COBIT, ITIL, PCI.) Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP) Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word and PowerPoint MS Visio skills to develop process and data flow diagrams Strong multi-tasking and project management skills Excellent verbal and written communication (English) as this a client facing role and it requires frequent communications with RSM International clients. Position and Key Responsibilities As a Manager in RSMs growing Technology Risk Consulting, you will have the opportunity to develop into a seasoned consultant through a high degree of client and industry exposure, career development and mentorship opportunities, and a diverse and inclusive culture. The fast-paced and dynamic environment in which we operate will provide you with daily challenges and exciting opportunities. In the Technology Risk Consulting Practice, our consultants help our clients with design and optimization of controls utilizing a general knowledge of business processes, accounting, and information technologies by identifying and prioritizing risk and transform their technology risk management and assurance capabilities to be aligned to the key risks and strategies of their organization. Develop an understanding of the RSM Technology Risk Consulting approach, methodology and tools Develop an understanding of the Industry leading frameworks and methodologies for Sarbanes-Oxley, COBIT, NIST and ITIL Demonstrate understanding of business processes, internal control risk management, IT controls, and related regulatory and compliance standards Perform technology risk assessments and reviewing, documenting, evaluating control’s design and operating effectiveness, IT internal audit consulting activities (internal audits over ERP systems, IT security, and other IT systems), perform external audit assurance activities, and perform service organization control services activities related to SSAE18 SOC 1 and SOC 2 reporting services Performing risk analysis by reviewing the information security policy documents against industry standards/ regulatory requirements and drafting risk reports, which summarize the information security assessment including any risks to the organization Perform first level review of associates work for accuracy, completeness, and well-reasoned conclusions Review and complete status documents for client delivery Execute components of IT audits under offshore delivery model in an effective and efficient manner Use problem solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw the appropriate conclusions to best advise our clients Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, supervisors, and senior management in the U.S. on a daily basis Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients Provide timely, high quality client service that meets or exceeds client expectations including coordinating the development and execution of the consulting work plan and client deliverables Understand RSM US and RSM Delivery Center's LOB’s and work as a team in providing an integrated service delivery Ensure professional development through ongoing education

The Impact you will have in this role: The IT Risk & Security Engineerfor the Global Security & Identity Management team is responsible for monitoring, analyzing, provisioning access across multiple platforms globally for DTCC. The successful candidate will work in conjunction with other team members grant access in Active Directory, Mainframe, ISAM and several distributed platforms in accordance with DTCC Policy and Procedures, will also identify risks in user profiles; convey those risks to appropriate support teams;. Support Disaster Recovery tests. . Establishing strong collaborative relationships with business and technology owners for technology projects central to success. Qualifications: Minimum of 4 years of related experience Bachelor's degree preferred or equivalent experience Talents Needed for Success: Active Directory: Maintaining Users, Groups, Service Accounts, Providing access for users to highly secure systems. Managing Folders and granting access.. Follow established Policy and troubleshoot errors. Mainframe zSecure, create IDs, grant access across multiple Lpars. Tivoli Access Manager: (ISAM) Create/Modify urls, grant and monitor Administrative access. Incident Management and Change Management in ServiceNow, SLA compliance Management for Incidents and Requests

Role & responsibilities As Identity Audit and Control Analyst, you will be responsible for facilitating control gap identification, risk remediation, and proactive control monitoring. Responsibilities include, but are not limited to, the following: Deliver and present control evidence to internal and external auditors. Contribute to the planning and exertion of Audit findings remediation. Control evidence quality analysis. Preferred candidate profile Experience as an Internal Auditor is preferred Proficiency in scripting and programming languages (e.g., Python, Java, PowerShell, SQL, etc.) is preferred Hands-on experience with Identity Governance tools such as Saviynt, Aveksa, or Active Directory preferred Experience in data analytics and/or data mining

Corporate IT Security and Governance, exp. in Information Security, ISO 27001 Implementation , Documentation. risk assessment , 2nd Line of Defense , Control Review, Control Testing, ITGC controls. ,corporate policies and procedures, GAP Analysis,

Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelor's Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

IT Risk and Governance Selected candidate to support our client, APAC based Investment bank, in IT risk and governance profile. JOB SUMMARY: The client is seeking an experienced and proactive 1st line Risk and Governance candidate. The successful candidate will play a crucial role in Client’s Regional team in driving 1st line IT risk management, and Identity Access Management activities for all business units. KEY RESPONSIBILITIES Drive 1st line IT risk management activities regionally through annual RCSA review, user security awareness campaigns, key risk indicator (KRI) metric reporting, IT issue management, IT dispensation and support management in different steering committee or risk reporting forums. Support client’s compliances to APAC regulatory requirement on Technology Risk Management and Cyber Security through various governance activities. Management and support for Identity Access Management related projects, operations, risk, and compliance activities. Work with Group Information Security team to ensure alignment of local country security controls with regional and group policy/standard/guideline. Manage all internal/external audits and regulatory inspections for Singapore and provide advisory on IT RFIs for Country LBUs. Provide support to third party security risk assessment associated with third party vendors and clients. Work closely with stakeholders from business, IT, 2nd line enterprise/operation risk, and group/external 3rd line auditor to ensure effective security controls in place. EXPERIENCE / QUALIFICATIONS 5-10 years working experiences in information security and/or IT Risk areas, preferably within financial institution, or from consulting firm. Proficiency and in-depth knowledge and experience in identity and access management. Knowledge and experience in IT risk management and an understanding of regulatory requirements particularly in the following domains: security risk management, change management, data leakage prevention, application security, cloud security, vulnerability management, security monitoring, security incident response and 3rd Party Security Risk. A plus to have knowledge on Privacy (PDPA) Ordinance/requirement of APAC countries. Can work independently with ownership and able to work with multiple IT stakeholders/leaders, 2nd line (OPS risk) and 3rd line (IT Audit) stakeholders. Either one or more of below IT security certificates CISSP, CISA, CISM, CCSP OTHER TRAITS Possess excellent communication skills, with the ability to effectively convey messages to diverse stakeholders effectively at all levels in different geographies. Can effectively navigate through a complex environment undergoing change and managing internal and external stakeholders to resolve issues with objectives aligned. Ability to deliver work within tight timescales, to budget and to a high quality. Exhibit proactiveness in identifying, articulating, and remediating gaps and issues.