307 Itgc Jobs - Page 4

Greetings from Northern Trust! We want to approach you for an exciting vacancy of Sr. Associate/Lead, Cyber Sec Risk Mgmt position with Northern Trust for Pune location. Your profile seems to be matching the requirement. Please find below the job details for your reference Job Role: Sr. Associate/Lead, Cyber Sec Risk Mgmt Job Location: Pune Experience: 7+ years Skills: IT Audit, IT Risk Mgmt, SOC Reports, NIST Frameworks, TPRM Job Description: Responsibilities: Perform information security risk assessment processes for new and existing Northern Trusts third parties business partners. Demonstrate some proven knowledge on some of the following domains: Information Security Governance and Risk Management Access Control Vulnerability and Penetration Network Security Application Security Cryptography Security Architecture and Design Operations Security Business Continuity and Disaster Recovery Planning Legal, Regulations, Investigations and Compliance Physical and Environmental Security Cloud Security Perform assessment of IT controls operation, identifying, gaps, risks and areas for improvement. Report writing skills. Knowledge on regulations related to banking and compliance Should be well versed with contract language, analysis and negotiation process. Responsible for reviewing master services contracts of the third parties to identify information technology and security related clauses. Responsible for working with procurement teams to formulate/renew the contracts as per the information security team guidelines. Responsible for documenting, and reporting to management, all findings from risk assessment processes. Collaborate with internal stakeholders & functional teams to ensure that all identified risks within each third party are assigned to business owners and tracked for timely closure. Able to interact in a professional manner and develop relationships with individuals and teams at any level in Northern Trust. Foster a positive and collaborative environment. Demonstrate ability to work well in both an individual contributor and team capacity. Rapidly and effectively adapt to a highly dynamic and fast-paced work environment. Skills Preferred: Excellent written and verbal communication skills. Able to converse and develop business relationships with individuals and teams at any level within Northern Trust. Knowledge of IT Security Domains / Frameworks (e.g., NIST, ISO27001). Knowledge of Compliance regulations. Understanding of IT Audit process. In-depth understanding of information security, risk assessments, security risk management principles. Principle understanding of Technology controls relating to Application and system vulnerabilities Advanced experience with MS Office, SharePoint, and Reporting tools Ability to develop visual representations of processes and risks to support executive updates. We want to take it ahead for further screening and interview rounds. Please respond back at the earliest to move your candidature ahead. Regards, Northern Trust Talent Acquisition Team

: Job TitleTPRM - Process Unity Specialist, AS LocationPune, India Role Description Process Unity Application expert for the design and development within Process Unity and its integration with different applications supporting software to meet TPRM business requirements. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Must have good knowledge of TPRM process i.e., process from sourcing/screening till the Exit plan. ProcessUnity Application functional expert should coordinate the design and development with in ProcessUnity and its integration with different applications supporting software to meet business requirement. SQL & Configuration expert having knowledge to write query for Changes build in TPRM application Support Operational Readiness Records for maintaining the regulatory compliance & Audit Assessments and Control function for Third party risk management process containing standard/high risk to low-risk process. Proven experience in overseeing Change Management processes with planning, testing, implementing changes ensuring seamless transitions. Develop and maintain comprehensive documentation on Change Management/Incident Management/Audit /Process Frameworks/ RCA etc. with clear framework reducing ambiguity and enhance team efficiency. Handle system administrator role, working on Service Requests and Jira changes. Utilize incident data to root causes and pattern, driving continuous improvement in process and application stability. Integration between different applications and maintenance of architecture layouts. Strong Stakeholder relationship as acting a layer between core IT integration and business to meet expected requirements. Maintain transparent and open lines of communication with stakeholders keeping informed about project progress, changes, and potential risk. Support the collection, analysis and production metrics on process data for KPIs to find out improvements. Your skills and experience Overall, 6-9 years of experience 3+ years experience on ProcesUnity Development How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

: Job Title- I&A On-boarding Information Security Analyst, Associate Location- Pune, India Role Description: As I&A On-boarding Information Security Analyst you will be part of Access Lifecycle On-boarding global family which includes access management for application end user recertification On-boarding, user access for request & approval, user provision On-boarding and Functional Taxonomy SoD On-boarding & maintenance as well as IDAHO (Access concept) SME as central DB services. Deutsche Bank is looking for bright and open-minded individuals to support Business Identity & Access Services within Access Lifecycle Solution On-boarding team for application end user request & approval as well as end user access provision central service On-boarding. A key success factor of the Access Lifecycle Solution On-boarding team is the quick understanding of complex application set ups for Identity & Access Management and support Information Security Officer (ISO) and IT Application Owner (ITAO) along end-to-end central solution On-boarding process across DB. You will gain insights into the complete Identity & Access Management lifecycle as you will learn about the roles and entitlements and their set up, segregation of duties, application authentication and authorization process. What well offer you . 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities As I&A On-boarding Information Security Analyst you will be responsible to perform On-boarding assessments if an IT asset is applicable for end user application access for request & approval and business requirement gathering (based on existing KOP ID Admin procedures) to identify, how future user provisioning (ID Admin via automated connector or manual, centrally or decentral managed) will be set up between central request & approval platform and to be on-boarded application in adhering to Information Security (IS) internal and regulatory requirements. Efficiently engage, manage, and influence the main stakeholders, along with application On-boarding process including Information Security Officer, IT Application Owner, Engineering and Operations teams Provide process improvement inputs to various stakeholders involved. Proactively seek ways to improve upon existing practices and processes. Display insight and ability in identifying issues and develop successful solutions. Report and escalate potential risks to the management to help avoid / minimize the impact. Work with multiple, distributed teams (across different locations) Support develops key operational procedures where necessary and ensure adherence to all such defined policies. Comfortable with associated disciplines of Security Policy and Governance in banking domain Very good presentation and communication skills allowing to communicate with our stakeholders. A structured and methodological way of working with the objective to deliver high quality results. Supports tough people decisions to ensure people performance is aligned with organization imperatives and needs. Addresses individual performance issues, where necessary, to drive for high performance. Pro-active and flexible working approach, Team spirit Your skills and experience Minimum 5 years working experience in Identity & Access Management, Governance, Risk and Control related topics. Team management experience Basic knowledge and/or willingness to work with industry best practices and frameworks like ISO27001, NIST, CSA CCM, COBIT, ITIL Good business analyses knowledge of system design, development, implementation, and user support principles and practices Knowledge of IT Service Management or IT Governance or IT Delivery Management or IT Project Management or IT Delivery background or IT Security Knowledge on Database Systems, application interactions and server operating systems Excellent Excel knowledge Competencies: Self-motivated and flexibility to work autonomously in virtual and multicultural teams. Good communication skills (both written and verbal), fluent in English (written/verbal) Good analytical skills and problem-solving abilities Pro-active and flexible working approach A structured and methodological way of working with the objective to deliver high quality results. Flexible mindset with an eye for detail and continuous improvement Good understanding in business related information Being flexible, open minded, able to share information, transfer knowledge and expertise to stakeholders and other team members. How well support you . . . .

Role & responsibilities Job Overview: We are seeking a highly skilled Senior Database Specialist with strong expertise in audit trail management and IT General Controls (ITGC). The ideal candidate will be responsible for the administration, performance tuning, and security of SQL / Hana databases, while also ensuring compliance with audit requirements and implementing effective ITGC controls. This role requires a keen eye for detail and a thorough understanding of database auditing practices. Key Responsibilities: 1. SQL / Hana Database Administration: Database Management: Database Architecture & Strategy, Multi-cloud database architecture design, Database consolidation strategies, Administer and maintain SQL Server databases, including installation, configuration, migration (Database migration planning (on-prem to cloud, cloud-to-cloud)) and upgrading (Version upgrade strategies with minimal downtime) of database servers. Performance Tuning: Optimize database performance through query tuning, index optimization, and performance monitoring. Backup and Recovery: Implement and manage database backup and recovery procedures to ensure data integrity and availability. Security: Apply and manage database security measures, including user access control, encryption, and compliance with security policies. 2. Audit Trail Management: Audit Trail Implementation: Develop and maintain audit trails to track database activities, including changes to data and schema, user access, and system events. Audit Logs: Configure and manage audit logging mechanisms, ensuring that logs are comprehensive, secure, and retained according to regulatory and organizational policies. Compliance: Ensure that audit trails meet industry standards and regulatory requirements (e.g., GDPR, 11G, ISO). 3. IT General Controls (ITGC) Implementation: ITGC Controls: Design, implement, and monitor IT General Controls related to database management, including access controls, change management, and data integrity. Risk Management: Identify and mitigate risks associated with database systems and ensure controls are effective in preventing unauthorized access and data breaches. Audit Support: Provide support during internal and external audits by preparing documentation, responding to audit inquiries, and addressing any findings. 4. Incident and Problem Management: Issue Resolution: Troubleshoot and resolve database-related issues and performance problems in a timely manner. Problem Analysis: Conduct root cause analysis for recurring issues and implement preventive measures to avoid future occurrences. 5. Documentation and Reporting: Documentation: Maintain detailed documentation of database configurations, changes, and audit trails. Reporting: Generate and review regular reports on database performance, audit logs, and ITGC compliance. 6. Collaboration and Communication: Cross-Functional Teams: Collaborate with development teams, IT support, and other stakeholders to ensure database systems meet business requirements. Training and Support: Provide training and support to team members and end-users regarding database management and auditing best practices. Qualifications: Education: Bachelors degree in Computer Science, Information Technology, or a related field. Relevant certifications such as Microsoft Certified: Azure Database Administrator Associate, or Certified Information Systems Auditor (CISA) are a plus. Experience: Minimum of 12-15 years of experience as a SQL Database Administrator, with a strong focus on audit trail management and ITGC controls. Certifications : Microsoft and SAP certifications for Database management. Skills: SQL Server: Proficiency in SQL Server administration, performance tuning, and security management. Must have supported applications like SAP ECC SQL Clusters, SharePoint running on MS Sql, SAP Analytics Cloud with HANA DB. Audit Management: Expertise in implementing and managing audit trails and compliance with regulatory requirements. ITGC Controls: Strong understanding of IT General Controls and risk management practices. Troubleshooting: Advanced problem-solving skills for database issues and performance optimization. Communication: Excellent communication skills for documenting processes, reporting findings, and collaborating with cross-functional teams. Preferred candidate profile Attention to Detail: Meticulous attention to detail in managing audit trails and implementing controls. Adaptability: Ability to adapt to changing technologies and regulatory requirements. Continuous Learning: Commitment to staying current with advancements in SQL Server technologies and auditing practices.

In Scope of Position based Promotions (INTERNAL only) Job Title: TPM External Engagement Manager Location: Pune, India Corporate Title: VP Role Description Third Party Management (TPM), part of Deutsche Banks Global Procurement function, is responsible for the processes that manage risks related to the engagement of third party vendors and outsourcing. TPM has been through a large-scale transformation program to change the approach, process and technology used for the vendor risk management process. In parallel, there has been a significant increase from regulators and auditors on vendor risk and the way in which it is managed within DB. Your key responsibilities Given the increased focus on vendor risk and the establishment of a Regulatory Engagement team within TPM, additional support is required to drive and co-ordinate a range of activities, falling into three main areas, Regulatory Analysis, Operational Management, and Content Production: Regulatory Analysis Advisory Build and drive: Create and maintain and up to date analysis of DBs compliance against Third Party Regulations Run the Regulatory Governance Forum, a governance meeting across first and second lines of defence (Global Procurement, TPRM, Legal, Compliance), which includes the below activities: Track the progress of new regulations against the banks Regulatory Compliance Management processes including: Understanding the key owners for each stage of in flight regulations Track and report the progress Escalate report risks and issues via the Regulatory Governance Forum Create Points of View papers for internal audiences for new and emerging regulations and consultation papers Operational Management: Be the primary contact for TPM issues for Asia Pacific region (and other regions as necessary), including all regulatory requests, Outsourcing governance forums and BAU questions. Relay feedback from APAC region into relevant global governance forums, to drive improved outcomes for DBs third party risk management approach Track and report on progress of Management of a communications plan to implement External Engagement activities Contributing to the development of processes to deliver effective management of Regulatory requests from regional, business and Regulatory Management Group Office stakeholders. Development and production of a reporting framework for Regulatory engagement. Creation and management of a repository of Regulatory engagement, peer benchmarking and external communication activity. Development and maintenance of a KOD to document External Engagement procedures. Developing strong relationships with key internal regulatory external audit facing functions Content Production: Responding to business and RTC requests for information to support regulatory audit responses regarding TPM VRM processes, providing high quality content to protect and enhance the reputation of the Banks third party risk management activities. Sourcing and developing credible content to support regulatory engagements, senior management communications and ongoing business and regulatory requests. Work closely with the External Engagement Lead and other stakeholders to agree and implement regular MI to support the TPM story to regulators. Develop deep functional understand of the Third Party Risk Management process and associated platform Functionality This role reports directly to the Lead, TPM External Engagement. Your skills and experience Deep understanding of key global third party regulations (MaRisk, EBA Outsourcing Guidelines, Interagency Guidance, PRA SS1/21, PRA SS2/21, DORA, MAS, HKMA, etc) Ability to influence and build collaborative relationships with a broad range of stakeholders Understanding of the third party risk management process Strong project management and organisational skills Ability to develop and deliver credible content Strong communication skills Self-starter, with the ability to work autonomously and drive engagement Strong attention to detail Ability to challenge the current operating environment Ability to identifying innovative value added solutions

Job Title: Divisional Risk and Control Location: Pune, India Corporate Title: AVP Role Description The 1st line Tech Risk and controls function at Deutsche sits within the Group Technology Infrastructure (GTI) for Deutsche Bank Group. GTI has the largest footprint within the Technology, Data and Innovation division and is joined by other business-aligned CIO IT divisions. The Tech Risk and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner. As part of the team, you will join the Banks journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction. Specifically, you will bring expertise to Control definition and assessments capability across IT Infrastructure, SDLC and Architecture domains supporting a proactive risk management function. It will therefore also include providing change risk advisory services for transformational change programs undertaken by or impacting GTI. You will liaise with other risk and control functions, on a management level to assure the integration of risk initiatives and projects. You will also support Regulatory Adherence and Policy Management function within TDI Risk Management. Its purpose is to provide oversight and supervision of new & changed material regulation impacting TDI, including full traceability to derived DB-specific Policies, Procedures, Key Operating Documents and Supporting Documents. Your key responsibilities Risk & Control Management Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present findings and proposals for risk mitigation measures. Support the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments. Work closely with teams in and out of the division to understand risks impacting the group. Align internal Deutsche Bank policies/procedures against industry recognized framework to strengthen the control framework and its implementation for both within the Bank and our 3rd party vendor relationships Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums Regulatory Adherence and Policy Management Coordination of regulatory adherence assessments across sub-divisions within TDI and management and review of Policies, Procedures, Key Operating Documents, Supporting Documents within TDI. Engage with stakeholders across TDI and other (e.g. 2nd line of defence) divisions in reviewing, assessing, and documenting the impact of regulations and ensuring remedial actions are established and monitored. Steer and support the publication of a consistent set of global and local Policies, Procedures, Key Operating Documents and Supporting Documents relating to Information Technology from laws, rules, and regulations. Risk remediation and Change Risk Advisory Support the Head of TDI GTI Risk Management in assessing risks related to strategic changes within the GTI Organization Proactively monitor risk landscape shift within the industry to identify transformation project opportunities to insulate Deutsche Bank from any potential risk exposure e.g., Production design life cycle, application and infrastructure architecture and its resilience Stakeholder Management Identify, Partner and Collaborate Work with relevant stakeholders to identify and assess controls gaps related to technology risk - measure and mitigate them in a timely manner Align with COO Division Control Office (DCO) team and NFRM (2nd LoD) ensuring successful and consistent implementation of the established control framework. Promote and support proactive IT risk culture at the Bank. Your skills and experience Desired experience Minimum 5 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework or IT Audit in a global organization. Experience in a regulatory oversight, assurance, or policy management function within technology. Or have suitable compliance or audit background within infrastructure (and preferably IT & Information Security). Extensive experience regarding development, training and implementation of IT Policies, Procedures, Key Operating Documents and Supporting Documents. Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 Other professional qualifications and certifications in Technology risk management Desired behaviors A strong team player comfortable in a cross-cultural and diverse operating environment Result oriented and ability to deliver under tight timelines Ability to successfully resolve conflicts in a globally matrix driven organization Excellent communication and collaboration skills Desire to learn about new and emerging technologies and continuous upskilling Must be comfortable with navigating ambiguity to extract meaningful risk insights

Designation : Senior Process Analyst Sarbanes Oxley Information Technology ******************************* IMMEDIATE JOINERS ALERT! We're looking for candidates who can join immediately. If you're available, please send your CV via WhatsApp only to: 9152808909 Along with your CV, kindly share a short video profile talking about your experience. Please note: No calls will be entertained. ******************************* Job Description The Senior Process Analyst will participate in the planning, fieldwork, and reporting phases for allocated Sarbanes Oxley (SOX) IT audit assignments. This will involve designing the required tests for execution, performing the detailed testing, and vetting the potential findings with key business liaisons. Qualifications - Required: Bachelors degree, preferably in information technology or related field. Minimum of two years of work experience in public accounting and/or industry dealing with SOX Key Control testing (Big 4 experience highly desired). Qualifications - Desired: Advance degree or certification (e.g. CISA), preferably in information technology or related field. Technical Knowledge and Experience: Working knowledge on IT General Controls (ITGC) and IT Automated Controls (ITAC) including detailed testing on Logical Access, Change Management, Backup & Restoration, and Incident Management. Experience in validating Test of Design (TOD) and Test of Effectiveness (TOE). Basic understanding of professional audit standards, COSO, SOX, and risk assessment practices. Good interpersonal skills, including listening, verbal, written and presentation communication skills, with the ability to communicate effectively with a range of stakeholder. Strong critical thinking, analytical, and problem-solving skills with excellent attention to detail. Working knowledge in Microsoft applications. Participate in initiatives in a fast paced environment and comfortable implementing and assimilating to change. Good customer service focus and the ability to strike a balance between oversight and getting buy-in from the businesses. Execute on individual performance goals. Maintain knowledge of current information technology and auditing practices through continuing professional education. Highly motivated with ability to meet deadlines and ensure quality in every aspect of assigned work. Good organizational and project management skills. Ability to manage/balance multiple priorities.

Job Title: IT Auditor, AVP Corporate Title: AVP Location: Pune, India Role Description You will be responsible for auditing Deutsche Banks technology and security controls. You will be involved in the planning, preparation, coordination and execution of audits to evaluate the adequacy and effectiveness of internal controls related to IT Infrastructure services primarily within TDI Global Technology Infrastructure including End User Computing. You will undertake audit assignments, draft and consolidate audit reports as well as tracking and closing audit findings. You will work as part of a global team, spread across the US, Germany, the United Kingdom and Singapore What well offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities What You’ll Do Plan, prepare, coordinate and execute audits to evaluate the adequacy and effectiveness of cyber security controls in accordance with Group Audit’s Methodology. Contribute to Continuous Monitoring and overall implementation of Group Audit Methodology. Undertake audit assignments, draft and consolidate audit reports for review by audit management and facilitate finding tracking and validate closure of findings. Participate in ad hoc projects and special inquiries. Work closely with colleagues in New York, Jacksonville, London, Birmingham, Berlin, Frankfurt and Singapore. Your skills and experience Skills You’ll Need University degree in computer science, mathematics, engineering or a related scientific degree. Certifications as CISA, CISM, CISSP or equivalent qualification in the areas of information security, project management or process-/quality management would be an advantage. Demonstrable experience in one or more of the following disciplines: IT infrastructure, IT production, IT operation such as system administrator, database administrator, operator in a data centre or software development for IT infrastructure applications. Experience in IT Audit, IT risk management or information security. A fundamental understanding of the following Audit disciplines: audit concepts (e.g. pre-/post implementation audits), controls in outsourced environments (e.g. for managed services), auditing project management and auditing IT service- and quality management. Skills That Will Help You Excel Very good written/verbal communication skills and the ability to communicate effectively in conflicts and at all management levels. Language skills beyond English are not a requirement, but are generally useful. Experiences in analyzing and articulating IT Infrastructure risks combined with a good understanding of IT services and IT processes in an enterprise environment. Flexibility, pro-active, self-sufficient and innovative with strong organizational skills to take ownership and responsibility of agreed targets and meet them within budget to enable a timely and efficient completion of audit projects. Ability to multi-task assignments and prioritize the workload with limited supervision and be resilient under pressure and the ability to deliver to deadlines. How we’ll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

Experience Implementation of ISO 27001, GRC ITGC & IT Regulatory compliance Knowledge in ISMS, ITRS, Knowledge about regulators RBI, IRDA, SEBI. Fresher 2023 /2024 in Btech or Cybersecuirity.

Role Description The 1st line Tech Risk and controls function at Deutsche sits within the Group Technology Infrastructure (GTI) for Deutsche Bank Group. GTI has the largest footprint within the Technology, Data and Innovation division and is joined by other business-aligned CIO IT divisions. The Tech Risk and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner. As part of the team, you will join the Banks journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction. Specifically, you will bring expertise to Control definition and assessments capability across IT Infrastructure, SDLC and Architecture domains supporting a proactive risk management function. It will therefore also include providing change risk advisory services for transformational change programs undertaken by or impacting GTI. You will liaise with other risk and control functions, on a management level to assure the integration of risk initiatives and projects. You will also support Regulatory Adherence and Policy Management function within TDI Risk Management. Its purpose is to provide oversight and supervision of new & changed material regulation impacting TDI, including full traceability to derived DB-specific Policies, Procedures, Key Operating Documents and Supporting Documents. Your key responsibilities Risk & Control Management Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present findings and proposals for risk mitigation measures. Support the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments. Work closely with teams in and out of the division to understand risks impacting the group. Align internal Deutsche Bank policies/procedures against industry recognized framework to strengthen the control framework and its implementation for both within the Bank and our 3rd party vendor relationships Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums Regulatory Adherence and Policy Management Coordination of regulatory adherence assessments across sub-divisions within TDI and management and review of Policies, Procedures, Key Operating Documents, Supporting Documents within TDI. Engage with stakeholders across TDI and other (e.g. 2nd line of defence) divisions in reviewing, assessing, and documenting the impact of regulations and planning remedial actions. Steer and support the publication of a consistent set of global and local Policies, Procedures, Key Operating Documents and Supporting Documents relating to Information Technology from laws, rules, and regulations. Risk remediation and Change Risk Advisory Support the Head of TDI GTI Risk Management in assessing risks related to strategic changes within the GTI Organization Proactively monitor risk landscape shift within the industry to identify transformation project opportunities to insulate Deutsche Bank from any potential risk exposure e.g., Production design life cycle, application and infrastructure architecture and its resilience Stakeholder Management Identify, Partner and Collaborate Work with relevant stakeholders to identify and assess controls gaps related to technology risk - measure and mitigate them in a timely manner Align with COO Division Control Office (DCO) team and NFRM (2nd LoD) ensuring successful and consistent implementation of the established control framework. Promote and support proactive IT risk culture at the Bank. Your skills and experience Desired experience Minimum 5 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework or IT Audit in a global organization. Experience in a regulatory oversight, assurance, or policy management function within technology. Or have suitable compliance or audit background within infrastructure (and preferably IT & Information Security). Extensive experience regarding development, training and implementation of IT Policies, Procedures, Key Operating Documents and Supporting Documents. Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 Other professional qualifications and certifications in Technology risk management Desired behaviors A strong team player comfortable in a cross-cultural and diverse operating environment Result oriented and ability to deliver under tight timelines Ability to successfully resolve conflicts in a globally matrix driven organization Excellent communication and collaboration skills Desire to learn about new and emerging technologies and continuous upskilling Must be comfortable with navigating ambiguity to extract meaningful risk insights.

The 1st line Tech Risk and controls function at Deutsche sits within the Group Technology Infrastructure (GTI) for Deutsche Bank Group. GTI has the largest footprint within the Technology, Data and Innovation division and is joined by other business-aligned CIO IT divisions. The Tech Risk and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner. As part of the team, you will join the Banks journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction. Specifically, you will bring expertise to Control definition and assessments capability across IT Infrastructure, SDLC and Architecture domains supporting a proactive risk management function. It will therefore also include providing change risk advisory services for transformational change programs undertaken by or impacting GTI. You will liaise with other risk and control functions, on a management level to assure the integration of risk initiatives and projects. You will also support Regulatory Adherence and Policy Management function within TDI Risk Management. Its purpose is to provide oversight and supervision of new & changed material regulation impacting TDI, including full traceability to derived DB-specific Policies, Procedures, Key Operating Documents and Supporting Documents. This role will report to GTI Control Assessment Lead Your key responsibilities Risk & Control Management Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present findings and proposals for risk mitigation measures. Support the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments. Work closely with teams in and out of the division to understand risks impacting the group. Align internal Deutsche Bank policies/procedures against industry recognized framework to strengthen the control framework and its implementation for both within the Bank and our 3rd party vendor relationships Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums Regulatory Adherence and Policy Management Coordination of regulatory adherence assessments across sub-divisions within TDI and management and review of Policies, Procedures, Key Operating Documents, Supporting Documents within TDI. Engage with stakeholders across TDI and other (e.g. 2nd line of defence) divisions in reviewing, assessing, and documenting the impact of regulations and planning remedial actions. Steer and support the publication of a consistent set of global and local Policies, Procedures, Key Operating Documents and Supporting Documents relating to Information Technology from laws, rules, and regulations. Risk remediation and Change Risk Advisory Support the Head of TDI GTI Risk Management in assessing risks related to strategic changes within the GTI Organization Proactively monitor risk landscape shift within the industry to identify transformation project opportunities to insulate Deutsche Bank from any potential risk exposure e.g., Production design life cycle, application and infrastructure architecture and its resilience Stakeholder Management Identify, Partner and Collaborate Work with relevant stakeholders to identify and assess controls gaps related to technology risk - measure and mitigate them in a timely manner Align with COO Division Control Office (DCO) team and NFRM (2nd LoD) ensuring successful and consistent implementation of the established control framework. Promote and support proactive IT risk culture at the Bank. Your skills and experience Desired experience Minimum 5 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework or IT Audit in a global organization. Experience in a regulatory oversight, assurance, or policy management function within technology. Or have suitable compliance or audit background within infrastructure (and preferably IT & Information Security). Extensive experience regarding development, training and implementation of IT Policies, Procedures, Key Operating Documents and Supporting Documents. Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 Other professional qualifications and certifications in Technology risk management Desired behaviors A strong team player comfortable in a cross-cultural and diverse operating environment Result oriented and ability to deliver under tight timelines Ability to successfully resolve conflicts in a globally matrix driven organization Excellent communication and collaboration skills Desire to learn about new and emerging technologies and continuous upskilling Must be comfortable with navigating ambiguity to extract meaningful risk insights

Job description At EY, youll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Technology Risk – Senior As an IT risk professional, you’ll contribute technically to risk assurance client engagements and internal projects. An important part of your role will be to perform IT audits, document good quality assessment reports and issue opinions. You’ll anticipate and identify risks within engagements and share any issues with the audit stakeholders. You’ll also identify potential business opportunities for EY within existing engagements and facilitate integration as appropriate. In line with EY’s commitment to quality, as an influential member of the team - you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for experienced staffs with 1 to 3 years of hands-on experience in IT Risk/Audit, Assurance and Advisory to join our Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your key responsibilities Participate, lead and execute the IT Risk and Assurance engagements Develop and maintain productive working relationships with client and onshore stakeholders Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress Help prepare reports and schedules that will be delivered to clients and other parties Develop and maintain productive working relationships with client personnel Build strong internal relationships within Ernst & Young Services and with other services across the organization Stay current with and promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise. Skills and attributes for success Work effectively as a team player - collaborate and share responsibility, coach, and support team members to succeed Role & responsibilities To qualify for the role, you must have B.E/B.Tech (CS/ IT, Electronics, Electronics & Telecommunications,)/MBA/M.Sc., Chartered Accountant and/or MBA with Finance/IT with at least 1-3 years of experience 1-3 years of professional experience in the areas of IT audits, ITGC, SOX / ICFR / IFC / SAS 70 / SSAE / SOC1, SOC2, IT Financial Audit and Business Automated Controls, IT Risk consulting or any other regulatory / compliance audits Expertise in pre and post implementation reviews and auditing configuration of major ERPs like SAP, Oracle, JDE, WorkDay, Netsuite, Navision etc. Expertise in performing infrastructure reviews pertaining to OS, DB and Active Directory such as Windows, UNIX, SQL, Mainframe, Oracle etc. Assist with the development of policies, procedures and standards that meet existing and newly developed policy and regulatory requirements Assist with facilitating IT security/risk training curriculum. Work closely with cross-functional teams and develop strong relationships as project lead within IT security and GRC projects. Stay current with and promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise Must have end-client facing experience. Ideally, youll also have CISA, CISM, CRISC, ISO27001, Cloud and Data privacy certifications IT audit knowledge for a financial audit - Control frameworks such as COSO, related regulations including SOX and J-SOX Data analytics/automation tool – SQL, Monarch, BluePrism, Alteryx, PowerBI Familiarity with a typical IT systems development life cycle

Job Title- Engineer, AS Location- Pune, India Role Description This role is within the DWS Global Technology team and will interact with the various business groups globally, e.g. Global Client Group, Trading, Risk, Compliance and Finance. The resource will be responsible for delivering the technology projects with focus on the DWS Strategic projects and changes driven by upcoming regulatory milestones. Your key responsibilities Drive the Vendor Risk Management (VRM) process for the new vendors onboarding Arrange Quarterly Business Review (QBR) post VRM completion Periodic review of VRM and completion of process Own the actions for Self-Identified Issue (SII) and work with business to close the actions/ SII as per compliance guidelines Facilitate Disaster Recovery activities by reviewing DR plans and coordinating the execution of DR exercise for the application. Manage Internal and external application audits and Audit issue remediation activities. Manage remediation of gaps in application lifecycle management activities such as Account recertification, remediation of Application configuration gaps etc. Manage application related Risk and Compliance Evaluation tasks and resolution of gaps in this area. Manage any IT Security incidents that may occur in the application. Plan and Manage Application events and Database Events monitoring using Bank wide standard monitoring tools. Manage application capacity forecasting and monitoring. Plan and manage Application user access related tasks. Plan for Application Hardware / Software / License upgrades or migration activities to align to the compliant platforms. Close Coordination & Collaboration with Internal Stakeholder/ External Stakeholders and Vendors Manage the application Non-Functional Requirement process Support the BISO/TISO in compliance assessment & implementation of IS controls in their IT Assets Aware of Application landscape, Infrastructure Assets and the Procurement process; should be able to proactively create demands for new applications assets Familiar with Change Management Process and related SDLC onboarding & compliance process Your skills and experience 8+ years experience in Application management including infrastructure, security and connectivity in Finance domain. Experience in vendor risk management process Understanding database Oracle, MS-SQL Good to have experience in Document Management solutions Experience on DevOps strategy Strong Logical Aptitude to understand the overall Application and root out the gaps wherein required Good Questioning skills to understand the Root Cause of the request Experience in Vendor Risk Management process will be added advantage Understanding of cloud architecture will be added advantage Excellent communication skills; fluent in English (written and verbal)

Skill required: SOX Control Testing - SOX Compliance Audit Designation: Int Controls & Compliance New Associate Qualifications: Any Graduation Years of Experience: 0 to 1 years About Accenture Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. Visit us at www.accenture.com What would you do Help clients transform their compliance function from reactive to proactive through an intelligent compliance operating model powered by data, intelligent technologies and talentLooking for someone with SOX testing knowledge with good communication skills.A SOX compliance audit is intended to verify the financial statements of the company, and the processes involved in creating them. During the audit, the financial statements and management of internal controls are analyzed and assessed by an external auditor. The audit report must be made available to relevant parties. What are we looking for Ability to work well in a teamAdaptable and flexibleCommitment to qualityRisk management Roles and Responsibilities: In this role you are required to solve routine problems, largely through precedent and referral to general guidelines Your primary interaction is within your own team and your direct supervisor In this role you will be given detailed instructions on all tasks The decisions that you make impact your own work and are closely supervised You will be an individual contributor as a part of a team with a predetermined, narrow scope of work Please note that this role may require you to work in rotational shifts Qualification Any Graduation

Educational Bachelor of Engineering Service Line Information Systems Responsibilities 1. SAP Security & Access Control: Manage and monitor the SAP security landscape, ensuring the appropriate configuration and implementation of security policies across critical systems (SAP S/4HANA, SAP BW, SAP Business Objects, SAP BTP). Oversee user roles, authorizations, and profile management to ensure compliance with corporate security policies and SAP best practices. Implement and manage SAP GRC Access Control, ensuring secure access across SAP systems while preventing unauthorized access and ensuring compliance with regulatory standards. Collaborate with other departments to define and enforce access control policies and procedures across SAP landscapes.2. Segregation of Duties (SoD) Management: Lead and manage Segregation of Duties (SoD) assessments to identify conflicts within SAP roles and authorizations. Conduct regular reviews of SoD violations and propose remediation plans to eliminate conflicts in user access and roles. Use SAP GRC Access Control or other relevant tools to monitor and mitigate SoD violations, ensuring compliance with organizational and regulatory standards.3. Audit & Compliance Management: Manage and support IT General Controls (ITGC) audits and assist in the preparation of security and audit documentation for internal and external audits. Ensure all SAP systems meet the necessary compliance requirements, including SOX, GDPR, and other industry-specific regulations. Provide guidance and support during security audits, responding to audit queries and implementing necessary corrective actions based on audit findings. Ensure the integrity and confidentiality of SAP data and comply with internal policies and regulatory standards related to data security and privacy.4. Risk Management & Security Governance: Develop and implement security strategies, policies, and frameworks to ensure the protection of SAP systems and data. Monitor and respond to potential security threats or vulnerabilities within the SAP environment. Oversee security patch management, system monitoring, and vulnerability assessments. Provide continuous improvement recommendations for security controls based on the evolving threat landscape. Additional Responsibilities: Education & Experience: 5+ years of experience in SAP Security Technical and Professional : Required Skills & Qualifications: Proven experience in managing SAP security, particularly in the context of SAP S/4HANA, SAP BW, SAP Business Objects, and SAP BTP. Strong expertise in SAP GRC Access Control, including role management, SoD assessments, and access reviews. In-depth knowledge of Segregation of Duties (SoD) management, including the identification and resolution of SoD violations. Solid understanding of IT General Controls (ITGC), SOX compliance, and other regulatory standards related to IT security and access management. Experience with SAP audit preparation and support, including responding to internal and external audit findings. Strong problem-solving and troubleshooting skills in SAP security and access control issues. Ability to work cross-functionally and manage multiple projects simultaneously. Strong leadership, communication, and interpersonal skills. Preferred Skills: Technology-SAP Functional-SAP GRC Technology-SAP Technical-SAP HANA Technology-SAP Technical-SAP Security Technology-Cloud Security-GCP - GRC

: Job Title - Engineer Process Unity Consultant, AS Location - Pune, India Role Description This role offers a unique opportunity to be part of a high performing team implementing a strategic future state technology landscape for all of DWS Corporate Functions globally. An Engineer is responsible for designing, developing and delivering significant components of engineering solutions to accomplish business goals efficiently and reliably. Key responsibilities of this role include active participation in the design of their solution components, investigating re-use, ensuring that solutions are fit for purpose, reliable, maintainable, and can be integrated successfully into the overall solution and environment with clear, robust and well tested deployments. Engineers actively look for opportunities to improve the availability and performance of components by applying the learning from monitoring and observation, automating towards zero touch, and championing a 'DevOps' mind-set. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Individual contributor role for developments in ProcessUnity application Thorough understanding on ProcessUnity Third Party Risk Management (TPRM) architecture Exposure to data integration architecture and data transfer method between ProcessUnity and other data provider applications Understand business requirement and perform high level and low level estimation with technical solution approach Build and deliver projects as per the estimates Should have experience in Design and development in implementation projects Own technical delivery of individual components, working with Architects, Business Analysts etc. Driving continuous improvement and a high performance agile culture Ensure high quality standards by getting it right the first time. Your skills and experience 6+ years of experience in configuration and customization in ProcessUnity Strong knowledge on TPRM functionality Good communication and team player Working experience on data integration with ProcessUnity and other TPRM related applications Rigorous, resourceful, adaptable with good attention to detail and strong project ownership Strong configuration management skills How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

#Notice Period: Immediate . #Employment Type Contract SAP GRC Architect Implementation experience and configure GRC all modules. Simplified navigation and improved user experience with new SAP Access Control strong understanding of various compliance and regulatory areas (e.g. SOX, PCI, FFIEC) or the risk register, risk exposure, risk reporting and handling of risk events End-to-end integration Develop the strategic plan and roadmap to mature the initial implementation of GRC application. Leverage industry and technical expertise to assist management to address more effectively risks associated with the business. Assist management in the assessment of project risks and controls. Apply the concepts of Enterprise Risk Management to help identify, assess, mitigate, and proactively consider emerging risks. Enhance internal audit functions to further align to company strategy and risk. GRC Administrator should be able to create a Mitigating Control.

Person should be at least 4 to 5 years of Experience into CyberArk.Person must have hands on experience in below concepts 1.Onboarding of Accounts. 2.Offboarding of Accounts 3.Reports generation and preparation 4.Safe creation and access provision 5.Platform duplication and customization.Strong problem solving skills(Password management and session management issues)Person should know about master policy and how it works.person must have knowledge on DR drill process in CyberArk environment.Person should know how to install and upgrade our CyberArk Components((EPV,PVWA,CPM,PSM,PSMP, etc) Preferred Knowledge/experience on vulnerability management and ITGC controls

We have Immediate Openings on Third Party Risk Management (TPRM) for Contract to Hire role for multiple clients. Job Details Skills Third Party Risk Management (TPRM) Experience 5+Years Job Description : Third Party Risk Management Job Description: Conduct third party risk assessments in alignment with company security policies and industry standards Perform on site assessments of vendors to identify opportunities for improvement Provide input and aid in the development of policies focused on the security of third party business processes Foster relationships and influence the behavior internal teams and external parties Develop and maintain supplier risk and control monitoring plans, performing monitor activities and analysis of evidence to determine controls are operating effectively Complete monitor and control tasks triggered by supplier Tier and Third Party Interaction Model Collaborate with the line of business stakeholders to deliver year over year cost savings with managed third party relationships Assist in development and execution of category/supplier strategies Partner with internal budget owners to deliver against operating or marketing budgets Partner with appropriate stakeholders on contract negotiations for all managed third party relationships Qualifications for third party risk management: Minimum 4 years of experience developing and maintaining global vendor risk management programs CISSP, CISM, CISA, or CRISC certification preferred Solid understanding of information technology and security solutions Responsible for proper invoice review, reconciliation, and payment Monitor and ensure successful delivery against third party contractual obligations Assist in development of, and monitor, SLA's or key performance indicators for third party relationships

Key Deliverables: Lead ITGC/ITAC control testing and SOX IT audits across diverse technology stacks Manage remediation strategies for deficient controls and identify compensating controls Drive ICFR compliance through stakeholder engagement and annual assurance support Supervise and coach IT audit teams to deliver testing within scope, time, and quality targets Role Responsibilities: Act as risk advisor for technology functions on IT control design and effectiveness Build and manage strong cross-functional relationships with business and tech teams Guide and mentor control testers, providing direction, reviews, and performance feedback Review and oversee ICFR/IT control testing as 1st, 2nd, or 3rd line of defence

Key Deliverables: Lead design, testing, and improvement of IT internal controls including SOX, ITGC, and ITAC Perform IT risk assessments and maintain risk-control matrices for core business processes Liaise with technology and finance teams to ensure accurate governance of internal controls Act as SME for information security domains and regulatory frameworks across functions Role Responsibilities: Communicate risk insights clearly to both business and technical teams Lead cross-functional meetings and manage stakeholder relationships Drive compliance with IT security and audit standards (e.g., ISO27001, CISA) Provide mentorship and guidance in audit frameworks and control design

Role & responsibilities Requirement IT Risk Assessment Location : Mumbai/Gurgaon Work mode : 5 days WFO Experience 4+ years(AM), 7+ years(Manager) Budget max 15 LPA(AM), 24 LPA(Manager) Mandates IT Audit, Risk Assessment, ITGC, ITAC Have you executed client related engagements in the areas ITGC, process reviews, IT Application Controls, standard operating procedures review, SOCR (SOC 1, SOC 2), SOX 404 Audits. Have you identified engagement related risks and escalate issues as appropriate. Have you actively establish & strengthen client (functional heads & key influencers) and internal relationships. Have you Identified & escalated potential business opportunities for the firm on existing client engagements. Are you a Qualified CA or MBA or BTech/BE. (Preferred CISA or equivalent certifications) Preferred candidate profile Core ITRA Roles & Responsibilities: Responsible for managing audit engagements with a focus on IT risks Manages a team of IT audit professionals involved in evaluating and testing ITGCs, conduct business and IT process reviews, IT Application Controls tests, IPEs. third party assurance (SOC1&2) and related areas; Is seen as a subject matter expert either on specific technology platforms (SAP, Oracle etc.) or industry (FS, Manufacturing, Retail etc.) Supports leadership in developing the ITRA team by coaching, providing technical guidance during audit engagements, ensuring completion of work within tight deadlines and delivers high quality audit results consistent with the firms expectations. Is well versed with latest technology updates in the field and encourages team members to constantly learn and adapt. Engages with the client senior management in articulating IT audit findings and can convince them his point of view Engages with firms internal stakeholders on how the findings relating to IT audits have a bearing on the financial reporting and internal controls. Supports the firms quality agenda and ensures zero defect audits during internal/external quality reviews Is viewed as a trusted advisor by the team and the clients alike Actively establish & strengthen client and internal relationships. Assists leaders in developing new methodologies and internal initiatives. Identify & escalate potential business opportunities for the firm on existing client engagements. Should be a team player with a proactive and result oriented approach. Ability to prioritize, work on multiple assignments, and manage ambiguity. Should have excellent presentation & communication skills. High on personal integrity and work ethics and can be trusted without micro-level supervision from leaders Qualified CA, MBA, BTech/BE. / BSc IT (Preferred CISA or equivalent certifications)

Skill required: Risk & Compliance - Sarbanes-Oxley Act (SOX) Designation: Risk and Compliance Specialist Qualifications: BCom/Chartered Accountant Years of Experience: 5 to 7 years About Accenture Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. Visit us at www.accenture.com What would you do You will be aligned with our Risk and Compliance vertical and help us perform compliance reviews, publish reports with actions and provide closure guidance as needed. We design & recommend effective controls to mitigate risks and help service delivery team prepare for upcoming client / external audits.You will be working as a part of the Risk & compliance team which is responsible for helping clients and organizations identify risks and create mitigation plans.United States federal law that set new or expanded requirements for all U.S. public company boards, management and public accounting firms. Assist in implementation of client-designed Sarbanes-Oxley controls into client s financial processes, enterprise resource planning system or supporting technology. What are we looking for In this role you are required to do analysis and solving of moderately complex problems May create new solutions, leveraging and, where needed, adapting existing methods and procedures The person would require understanding of the strategic direction set by senior management as it relates to team goals Primary upward interaction is with direct supervisor May interact with peers and/or management levels at a client and/or within Accenture Guidance would be provided when determining methods and procedures on new assignments Decisions made by you will often impact the team in which they reside Individual would manage small teams and/or work efforts (if in an individual contributor role) at a client or within Accenture Please note that this role may require you to work in rotational shiftsIn this role you are required to do analysis and solving of moderately complex problems May create new solutions, leveraging and, where needed, adapting existing methods and procedures The person would require understanding of the strategic direction set by senior management as it relates to team goals Primary upward interaction is with direct supervisor May interact with peers and/or management levels at a client and/or within Accenture Guidance would be provided when determining methods and procedures on new assignments Decisions made by you will often impact the team in which they reside Individual would manage small teams and/or work efforts (if in an individual contributor role) at a client or within Accenture Please note that this role may require you to work in rotational shifts Roles and Responsibilities: In this role you are required to do analysis and solving of moderately complex problems May create new solutions, leveraging and, where needed, adapting existing methods and procedures The person would require understanding of the strategic direction set by senior management as it relates to team goals Primary upward interaction is with direct supervisor May interact with peers and/or management levels at a client and/or within Accenture Guidance would be provided when determining methods and procedures on new assignments Decisions made by you will often impact the team in which they reside Individual would manage small teams and/or work efforts (if in an individual contributor role) at a client or within Accenture Please note that this role may require you to work in rotational shifts Qualification BCom,Chartered Accountant

IT Audit Manager At Smith+Nephew, we design and manufacture technology that takes the limits off living. As a key member of the Internal Audit team, the IT Audit Manager will be responsible for: leading IT Reviews; supporting the Director to develop the end-to-end IT Audit Plan; developing stakeholder relationships across the Group; coaching and mentoring more junior team members; and acting as an ambassador for the Internal Audit Function across the Group. What will you be doing? Leads and conducts assigned audit engagements (specifically IT audits consisting of complex cyber security, IT, and programme assurance reviews) successfully in accordance with the Global Internal Audit Methodology and professional standards. Represents Group Internal Audit in global steering committees and IT leadership forums to provide governance, risk and control related input. Drafts the Terms of Reference, develops audit programs and testing procedures relevant to risk and audit / test objectives. Supervises senior auditors and co-source staff assigned to engagements providing guidance and overall review of deliverables. Communicates assigned tasks to engagement team in a manner that is clear and concise ensuring high quality, accurate, and efficient results. Obtains and reviews evidence ensuring audit conclusions are well-documented. Identifies and communicates issues, offering recommended solutions relevant to business and risk. Drafts the closing meeting presentation. Prepares draft audit reports, ensuring that audit conclusions are based on a complete understanding of the process, circumstances, and risk. Assesses and monitors managements progress in implementing agreed upon actions. Provides technical expertise in emerging digital risk areas and GBS SOX and MAPS control efficiency and effectiveness improvements. Provides data analytics thought leadership and support to the Group Internal Audit team to enable continuous assurance. Assists in preparation of Annual Audit plan for IT and audit committee papers Ensures adequate focus on personal professional growth relevant to taking on more challenging assignments, in line with standard audit career progression proactively seeks relevant education and training opportunities. Acting as an ambassador for Internal Audit across the business. Performs other related duties as assigned. What will you need to be successful? Education: Graduate + CISA certified Preferred - Qualified Accountant (i.e; ACA / ACCA / CA / CPA / CMA) or CISM, CISSP or equivalent preferred. Min 10-12 years post qualified experience gained in either the profession and / or a large corporate internal audit / risk management department. Experience auditing cybersecurity, cloud and digital technologies. Experience auditing IT General Controls or SOX IT controls. Significant experience auditing SAP or another ERP. Experience of auditing large scale international systems implementations and / or project management of international systems implementations. Thorough knowledge of audit procedures, including the IIA standards and guidelines and risk-based auditing techniques. Strong understanding of IT and Cyber Security risks and controls Ability to lead audits, present findings to senior management and resolve conflict. Ability to write audit reports and maintain comprehensive audit papers. Experience in Teammate ( or similar Audit Management software) administration. PowerBI certifications and /or Data Analytics qualifications an advantage (preferred). Strong Data Analytics skills and proven experience in using tools such as PowerBI, Alteryx, MS Fabric etc. Excellent communication skills; oral and written. Able to communicate audit findings and negotiates with others to agree audit findings and recommendations often requiring them to adopt a different point of view. You Unlimited. We believe in crafting the greatest good for society. Our strongest investments are in our people and the patients we serve. Inclusion, Diversity and Equity- Committed to Welcoming, Celebrating and Thriving on Diversity. Learn more about it on our website: https://www.smith-nephew.com/. Other reasons why you will love it here! Your Future: Major medical coverage + policy exclusions and insurance non-medical limit. Educational Assistance. Work/Life Balance: Flexible Personal/Vacation Time Off, Privilege Leave, Floater Leave. Flexibility: Hybrid Work Model (For most professional roles)

About the Role: Core Responsibilities: Plan, execute, and report on internal IT audits. Evaluate the effectiveness of IT controls, identify risks, and provide recommendations for improvement. Conduct regular access reviews to ensure that users have appropriate access levels based on their roles. Evaluate the effectiveness of access controls in safeguarding sensitive information. Recommend improvements for identity and access management (IAM) processes. Perform internal risk assessments to identify vulnerabilities and ensure timely mitigation strategies. Work closely with IT, legal, and business teams to address audit findings and track remediation efforts. Preference and Experience: The candidate must have experience in IT auditing, IT risk management, or related fields. Proficiency in compliance with frameworks like ISO 27001, SOC 2, PCI DSS, ITGC, or other relevant standards. Hands-on experience conducting on-site and remote assessments of third-party vendors to evaluate their security posture and related controls. Proficiency in MS Office Suite with experience creating and presenting dashboards and reports. Must be CISA certified. Must have the capability to represent the audit reports to Management. Stay updated on the latest developments in IT audit and compliance practices. Comfortable traveling for on-site visits to the client side for audit purposes.