57 Technology Risk Jobs

About the Role: Grade Level (for internal use): 10 The Team Digital Solutions (DS) is an enterprise-shared technology service enabling people, functions, and divisions. We drive S&P Global to Power the Markets of the Future by working as trusted partners delivering secure, scalable, resilient, and innovative services and solutions that enable seamless experiences for our people and customers. The Impact This role rolls up to the Head of Technology Risk and Governance, in the Global Digital Technology Organization . The Head of Technology Risk and Governance drives the Digital Solutions technology risk and governance strategy, partnering with the second line of defense in Information Security, Digital Technology Services, and Corporate Platforms, as well as with Enterprise Risk and Compliance, and Audit. Responsibilities and Impact This role belongs to First Line of Defense. Support in defining a comprehensive risk inventory, focusing on granular-level risks. Support in development of detailed controls inventory for various technology processes based on various industry frameworks (COBIT, ITIL, ISO, NIST) and DS Technology Standards. Perform self- QA over the controls inventory to ensure key risks and controls are covered. Support in implementation of the Governance, Risk, and Compliance (GRC) tool, focusing on the technology aspects. Support in development of Key Risk Indicators (KRIs) and Key Control Indicators (KCIs) Establish and manage thresholds for risk indicators Coordinate with key stakeholders to ensure alignment and effective communication Develop and operationalize risk scorecards to track and report on risk metrics. Aggregate risk data to provide a holistic view of organizational risk Support in p repar ing and deliver ing comprehensive risk reports to measure performance against the organization's Risk Appetite. Prepare presentations for the Management reporting (requires very good PowerPoint presentation skills) Basic Required Qualifications Bachelor's Degree in a relevant field such as Engineering, Business, or Information Technology. 5 + years of experience in technology risk management and internal controls implementation, including both building and operating a function. Proven ability to convey complex risk topics to varied audiences, including executive leadership and technical teams. Successful track record in a global environment, with strong relationship-building and communication skills. Exceptional analytical skills and problem-solving abilities, with experience in high-pressure environments. Additional Preferred Qualifications 5 + years of experience in a large global organization in a technology risk function. Master of Business Administration or equivalent advanced degree preferred but not required . Role Location Gurgaon, Noida, Bangalore Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. ---- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ---- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), RSKMGT202.1 - Middle Professional Tier I (EEO Job Group)

Overview The Information Security Assessment Lead is responsible for safeguarding PepsiCo's digital assets by assessing the cyber risk and compliance of new and changing systems against information security requirements and managing risks associated with IT and Information Security systems throughout the project lifecycle. The ISA Lead will collaborate with various security teams and businesses to facilitate compliance with Information Security standards, provide technical guidance for key strategic initiatives, and drive the secure delivery of technology solutions within PepsiCo. The role heavily focuses on security risk-based assessments, and data-driven decision-making and automation. Responsibilities Security Design ExpertiseProven track record in assessing security designs, including data flow diagrams, architectural blueprints, low-level designs, networking diagrams, authentication mechanisms, and authorization schemes. Must demonstrate experience in aligning these designs with industry standards such as NIST 800-53, ISO 27002, CIS, and OWASP to ensure robust security postures. Skilled at identifying potential security gaps and implementing best practices to fortify system architectures against emerging threats. Familiarity with the latest security tools and technologies, as well as experience in integrating security measures into complex IT environments, is essential. Compliance AssessmentAssess new and changing application designs and requirements to ensure compliance with PepsiCo information security standards. Risk CommunicationIdentify, quantify, and communicate technology risks impacting the business, recommending resolutions and identifying root causes. Explain scan results (infrastructure, applications, databases) and pen testing results to stakeholders. Threat ModelingUtilize expert knowledge in threat modeling techniques and methodologies to proactively identify, assess, and prioritize security risks, enabling the organization to implement targeted mitigation strategies and maintain a robust information security posture. Project Lifecycle ReviewsReview IT and Information Security systems throughout the project lifecycle, identifying risks and security requirements, and recommending paths to eliminate identified risks and implement compensating controls. Automated Risk AssessmentsConduct risk-based assessments using automated tools and techniques to prioritize and address security risks. Collaboration and EducationCollaborate with various IT and Business teams to ensure they are knowledgeable about Information Security processes and requirements, influencing them to eliminate or reduce risks. ServiceNow UtilizationExperience using ServiceNow to gather necessary information and data, automating security assessment processes to enhance efficiency and effectiveness. Metrics Management and ReportingManage operational metrics related to the ISA and GRC processes, utilizing Power BI for advanced reporting, tracking project progress, and developing corrective action plans. Process Improvement and Proactive SecurityGovern Information Security services from the ISA, tracking process metrics, identifying issues, and driving process improvement initiatives. Stay updated with threat intelligence, leverage Azure and cloud security knowledge, and implement Agile and DevSecOps methodologies to integrate security into the development process. Qualifications A minimum of 8 years of experience in Information Security, IT Risk Management, or a similar role. Mandatory Technical Skills: In-depth technical experience and knowledge of infrastructure technologies, networks, web, computing, cloud services, manufacturing equipment, mobile devices, and information (cyber) security. Strong understanding of information security frameworks, regulations, and standards such as NIST 800-53, CIS, and ISO 27002. Proficient in ServiceNow, with the ability to leverage its modules for information gathering, data analysis, and automation of the ISA service. Experience in threat modeling and applying threat modeling methodologies in previous roles. Proficient in Power BI for developing reports and dashboards to support data-driven decision-making. Strong skills in developing ad hoc reports and managing metrics. Knowledge of Azure and general cloud security principles. Ability to read and explain scan (infrastructure, applications, databases) and pen testing results to technical and non-technical stakeholders, guiding them on risk and vulnerability remediation. Mandatory Non-Technical Skills: Proficient in influencing and educating stakeholders on security best practices and policies, ensuring understanding and adherence to security standards. Established a reputation as a trusted adviser, providing expert guidance on information security matters. Strong presence to represent PepsiCo Information Security in complex situations with business and IT partners. Ability to collaborate with various stakeholders, including business units and product managers.

The Global Information Security (GIS) Technology Risk Management Analyst will work with peers in Global Information Security (GIS) and across the Technology Division to ensure that third party technology risks are properly identified, assessed, monitored, and communicated in support of the overall Third Party Risk Management (TPRM) program. The Analyst will assist with the continuous improvement and daily operation of the GIS Third Party Risk Management (GIS TPRM) program. Responsibilities Include: Work with peers to identify and assess Information Security risks Conduct risk assessments using CME Groups established GIS Third Party Risk Management assessment process Collaboratively author and edit various assessment related documents including Deficiencies Observed, Summary of Work, Risk Advisory Memos, exceptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities Participate in and contribute to various working groups across the Technology Division, including, but not limited to, Third Party Risk Management working group, Governance, Risk Management, and Compliance (GRC) working group, etc. Assist the GIS TPRM function with: Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage third party technology risks Providing advisory and consulting services to the Information Technology Management Team related to InfoSec risks, treatment strategies, and decision-making Assist in the preparation of management reports, presentations, metrics, and other documentation required to support governance functions Assist in compiling and delivering business and operational metrics at regular intervals Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support Problem Solving: Objectively assess the impact, likelihood, and velocity of identified risks Objectively advise on any number of controls that will mitigate risk while not imposing undue burden on those who must implement the controls Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers Rapidly analyze complex technical details Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the company Decision Making: Recommend risk treatment decisions Recommend remediation actions when risk mitigation is desired Recommend improvements to methods, instrumentation, training, documentation, and processes Recommend solutions for automating and streamlining GIS TPRM risk management practices Working Relationships: Interacts with peers across all elements of the Technology Division Communicate regularly with cross-functional peers outside of the Technology Division, including Legal, Information Governance, Global Operations, Global Assurance (Internal Audit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership Interact occasionally with industry peers from other Systemically Important Financial MarketUtilities(SIFMUs),research organizations, solution providers, etc. Required Experience: Bachelors Degree or equivalent experience Minimum of 1 to 3 years of relevant experience in publicly traded companies or finance/technology industry operations with third party risk management experience a plus Experience in at least two of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit Experience working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, COBIT, etc.) Demonstrable knowledge of a broad range of InfoSec technologies and practices Demonstrable, impeccable writing skills for technical, management, and executive audiences Additional preferred experience: Demonstrable knowledge of InfoSec risk management methods and practices Experience with operating GRC solutions Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.)

As a global leader in assurance, tax, transaction and advisory services, EY is dedicated to hiring and nurturing passionate individuals to contribute towards building a better working world. At EY, the emphasis is on fostering a culture that provides training, opportunities, and creative freedom to help individuals reach their full potential. The organization believes in focusing not only on who you are at present, but also on who you can evolve into. EY acknowledges that your career journey is yours to shape, offering limitless possibilities and promising motivating and fulfilling experiences to aid you in becoming your best professional self. The current opportunity is for a Manager in the Business Consulting Risk team within the CBS - FIN - Markets - Finance division based in Kolkata. EY Consulting is committed to driving positive transformation in businesses through the integration of people, technology, and innovation. The client-centric approach of EY Consulting aims at delivering long-term value by addressing the most critical strategic challenges faced by clients. The Business Consulting Risk team falls under the umbrella of EY Consulting and includes Performance Improvement and Risk Consulting, Technology Consulting, and People Advisory Services. The primary objective of the Business Consulting Risk team is to assist clients in identifying and managing risks effectively to ensure the alignment of decisions with the organization's future business strategy and objectives. The team focuses on three key areas: 1. Enterprise Risk: This area helps clients in recognizing and addressing critical risk areas, fostering agility to respond swiftly to challenges such as Enterprise risk and resilience, Internal audit, Compliance, and Internal controls. 2. Technology Risk: This segment aids clients in achieving sustainable growth by safeguarding business performance and providing transparent communications on internal control and regulatory compliance, thereby assessing technology risks introduced to businesses. 3. Financial Services Risk: This domain supports clients in the financial sector by identifying, managing, and monitoring risks through a transformative and agile approach encompassing processes, risk management, data modeling, analytics, reporting, business requirements analysis, and capital and liquidity management. Key Responsibilities: The role involves overseeing and supporting the Delivery Organization (DO) leader in executing core functions at the organizational level, including: - Supervising personnel allocation and assignment. - Monitoring and enhancing consulting staff utilization. - Updating skill set records of available personnel. - Coordinating internal staff transfers and monitoring financial benefits. - Ensuring accurate and timely timesheet submissions. - Distributing profiles of available personnel for vacant roles. Skills and Attributes: To be considered for this role, you must possess the following qualifications and experience: - Qualification: Any Graduate/ Post Graduate Degree - Experience: Minimum 6 years of experience in a similar/related role What We Look For: EY seeks individuals who can collaborate effectively across various client departments, adhere to commercial and legal requirements, and offer practical solutions to complex issues. The organization values individuals who are agile, curious, mindful, and energetic, demonstrating adaptability and creativity in their approach. What We Offer: EY, with its extensive client base, global workforce, and strong presence in India, stands out as a leading employer in the industry, offering unparalleled opportunities for growth and development. The organization invests significantly in skills development and learning initiatives for its employees, providing personalized Career Journeys and access to career frameworks to enhance understanding of roles, skills, and opportunities. EY is committed to fostering an inclusive work environment, ensuring a balance between delivering exceptional client service and supporting employee career progression and well-being. If you meet the specified criteria and are eager to contribute towards building a better working world, we encourage you to apply and join us on this rewarding journey. Apply now to be a part of EY's mission to create a positive impact through your professional capabilities and enthusiasm.,

As a global leader in assurance, tax, transaction and advisory services, EY is dedicated to hiring and nurturing the most passionate individuals in their respective fields to contribute towards building a better working world. Our culture is rooted in providing you with the necessary training, opportunities, and creative freedom to unleash your full potential. We believe in shaping not just who you are at present, but also in empowering you to become the best version of yourself. Your career at EY is yours to craft, with limitless possibilities for growth, coupled with enriching and fulfilling experiences that will guide you towards realizing your professional aspirations. The role of Consultant-GPS-Business Consulting Risk-CNS in the Risk Management division in New Delhi involves contributing to EY Consulting's mission of transforming businesses through the strategic blend of people, technology, and innovation. With a client-centric approach, our focus is on delivering sustainable value by addressing our clients" most critical challenges. EY Consulting encompasses Business Consulting (encompassing Performance Improvement and Risk Consulting), Technology Consulting, and People Advisory Services. Within the Risk Management domain, we assist clients in identifying and managing both upside and downside risks to facilitate informed decision-making that aligns with their business strategy and future objectives. The key areas of focus include Enterprise Risk, Technology Risk, and Financial Services Risk, each aimed at providing tailored solutions to mitigate risks and enhance business resilience. Your key responsibilities in this role include: - Demonstrating Technical Excellence by identifying and escalating potential issues, preparing reports and deliverables, managing multiple projects, handling data analytics, and ensuring compliance with internal auditing standards. - Possessing the necessary skills and attributes, such as a Chartered Accountant/Certified Internal Auditor/Masters in Business Administration qualification, along with 1 to 3 years of relevant experience. We seek individuals who can collaborate effectively across various client departments, adhere to commercial and legal requirements, and offer practical solutions to complex problems. Ideal candidates exhibit agility, curiosity, mindfulness, and a positive energy that fuels their creativity and adaptability. At EY, we offer a dynamic environment with diverse opportunities, where you can engage with a wide range of clients and work alongside industry leaders and innovators. Our commitment to continuous learning and skill development ensures that you have a personalized Career Journey and access to resources that enhance your professional growth. As an inclusive employer, we prioritize achieving a balance that allows our people to excel in client service, advance their careers, and prioritize their overall well-being. If you meet the criteria outlined above and are ready to contribute to building a better working world, we encourage you to apply and join us on this transformative journey at EY.,

Help drive the Operational Risk Management (ORM) process for technology organization. Guide key contacts in Technology teams through completion of ORM deliverables with a focus on identifying key risks and controls in processes deemed vital for the reliably delivering services and solutions. Identify new risks and keep action plans current for high risk items. Help drive the Operational Risk Management (ORM) process for technology organization. Guide key contacts in Technology teams through completion of ORM deliverables with a focus on identifying key risks and controls in processes deemed vital for the reliably delivering services and solutions. Identify new risks and keep action plans current for high risk items. Provide in depth technology operational risk subject matter expertise and engage Technology s leaders and their business, risk, compliance and audit partners to further operationalize our technology risk framework. Help drive Technology risk management practices through consulting and thought leadership. Provide leadership of at least one direct report as well as provide direction to less experienced. Represent the Technology Risk Office in presentations and meetings with leaders. Be a go to person in Technology Risk Office when Director is unavailable. Leverage the organization s Technology Control Framework and comprehensive risk catalog to collectively help drive Technology performance while meeting other stakeholder needs. Implement and support approach to drive Technology Risk Office functions, including documented processes, risks and controls, and provide reporting of status. Build out current reporting to provide the CIO leadership team a view into current status of effort. Implement and support approach to drive Technology Risk Office functions, including documented processes, risks and controls, and provide reporting of status. Build out current reporting to provide the CIO leadership team a view into current status of effort. Facilitate deployment and maintenance of Technology risk and controls model with assigned Technology teams using industry standard models (e. g. , COBIT5, ITIL, NIST) as references. Support Technology teams to deploy, monitor and improve their critical functions in alignment with the model requirements. Communicate requirements to Technology teams and, supporting leaders in complying and soliciting areas for improvement. Help drive the Operational Risk Management (ORM) process for technology organization. Guide key contacts in Technology teams through completion of ORM deliverables with a focus on identifying key risks and controls in processes deemed vital for the reliably delivering services and solutions. Identify new risks and keep action plans current for high risk items. Work with Risk & Control Services (RCS) and other audit and compliance functions to align work and deliverables with the Technology Risk Office operating model. Provide assurance that work remains focused on risks and controls deemed vital for the reliably delivering services and solutions. Design materials and conduct any Technology Risk-related training. Facilitate the inclusion of Technology Risk Office principles into awareness and training programs on topics such as performance management, quality management, risk management, compliance, etc. . Ameriprise India LLP has been providing client based financial solutions to help clients plan and achieve their financial objectives for 125 years. We are a U. S. based financial planning company headquartered in Minneapolis with a global presence. The firm s focus areas include Asset Management and Advice, Retirement Planning and Insurance Protection. Be part of an inclusive, collaborative culture that rewards you for your contributions and work with other talented individuals who share your passion for doing great work. You ll also have plenty of opportunities to make your mark at the office and a difference in your community. So if youre talented, driven and want to work for a strong ethical company that cares, take the next step and create a career at Ameriprise India LLP. Full-Time/Part-Time Timings (2:00p-10:30p) India Business Unit AWMPO AWMP&S Presidents Office Job Family Group Technology

About The Role Skill required: Control Testing - Agile testing Designation: Regulatory Compliance Analyst Qualifications: Any Graduation Years of Experience: 3 to 5 years About Accenture Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. Visit us at www.accenture.com What would you do Help clients transform their compliance function from reactive to proactive through an intelligent compliance operating model powered by data, intelligent technologies and talentLooking for someone with SOX testing experience.Conduct testing tasks within Agile models and integration processes and manage development sprints. Automated/IT control testing experience is required What are we looking for Commitment to qualityWritten and verbal communicationRisk managementAbility to work well in a teamAbility to meet deadlinesAutomated/IT control testing experience is must Roles and Responsibilities: In this role you are required to do analysis and solving of lower-complexity problems Your day to day interaction is with peers within Accenture before updating supervisors In this role you may have limited exposure with clients and/or Accenture management You will be given moderate level instruction on daily work tasks and detailed instructions on new assignments The decisions you make impact your own work and may impact the work of others You will be an individual contributor as a part of a team, with a focused scope of work Please note that this role may require you to work in rotational shifts Qualification Any Graduation

The BNP Paribas Fortis Governance, Risk and Compliance team supports IT and Business Units to develop adequate solutions on operational IT and Cyber risk management practices, with specific focus on Information Security. Their main missions are: Identify operational IT and Cyber risks on assets/applications, projects and 3rd-parties. Advice, consult, monitor and report on risk treatment in order to reduce the overall risk exposure of IT and Business at an optimized cost. Elaborate and manage the implementation of a flexible strategy to reduce IT and Cyber risks in accordance with the IT and Information Security policies of BNP Paribas Group. Responsibilities Direct Responsibilities Instruct the 5 European Bank Authority ICT risks categories and to follow them throughout TPTRM assessments Perform third-party technology risk assessments to help beneficiaries/contract owners identify and evaluate complex business and technology risks related to their third parties, and provide recommendations for managing those risks Provide periodic status updates including potential risks and delays to the project delivery to beneficiary project manager, conduct workshops wherever necessary contribution to the definition and review of contractual clauses. Work with Procurement team in adding or amending any IT related clause in the contract Assist in the selection and tailoring of third-party technology risk management approaches, methods and tools to support delivery of third-party cyber risk assessment services Review thoroughly Asset classifications and pre-existing asset related risks & control responses ensuring sync with TPTRM assessments responses Identify key actors for decision making according to flagged risk families Apply group key procedures, templates, to carry out risks activities Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Network Security Operations, Security Architectures, Identity Management, Disaster Recovery & Business Continuity, Incident Response, Risk Management, Privacy and Data Protection, Encryption. Contributing Responsibilities As part of its defined missions, the TPTRM Analyst/Consultant is responsible for executing - or supporting the execution of TPTRM Assessments involving - IT operational risks identification, assessment, documentation, treatment, monitoring and closing Document TPTRM risks, assess inherent and residual risks in the activity Analyze the root cause and the business impact Work towards strong mitigation plan and the execution of the same Provide support to beneficiary/contract owner to implement actions to reduce the residual risk Report to P&P/ Project Manager about key TPTRM risks information, warning, or alert Contribute to various exercises and reviews on controlling and assessing TPTRM risks As a TPTRM Analyst/ Consultant review if all the mandatory prior-assessments are properly completed if not take necessary actions towards compliance Define and document a methodology, use groups tool to manage and document assessments and outcomes Facilitate the business / sponsor / beneficiary / SME decision-making with deep analysis based on relevant flagged risk families Provide support to provider teams/ contract owners and coordinate/ assist to ensure proper assessments are done Manage TPTRM inventory with follow-up tracker management Monitor the process with specific and group standard indicators to steer the activity As an IRM team member this includes all or part of the following activities: Execute as Second Line of Defense: Oversight of risk management and compliance, providing support and guidelines to operational teams. Contribute to process improvement, upkeep with new policies, regulations, standards & guidelines Contribute to IRM IT risk awareness actions Technical & Behavioral Competencies Functional Skills Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation. Experience in the Finance & IT industry with a strong exposure to IT Operations, Application Security, and/or network administration, IPS Strong demonstrated knowledge of Risk & Compliance, cybersecurity, cyber risk, cyber threats, Third Party Technology Risk Management/ Vendor assessments Risk knowledge and awareness of risks combined with enthusiasm and a genuine interest in the role of Risk Assessment, Third Party Technology Risk Assessment, Risk Analysis in business and providing Risk Opinion as a subject matter expert. Working knowledge of global regulations, frameworks and standards(ISO, NIST, COBIT, PCI-DSS, HIPAA) and conversant in the tactics, techniques and procedures used by Risk adversaries. Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. IT knowledge Technical : - Good understanding of organizations and IT Businesses - Good technical understanding of infrastructures and IT Security Productions and Systems - Experience in vulnerability management and penetration testing - - IT risk /Third Party risk analysis and management methods and should have worked on Risk Management Tools like RSA Archer, Metric stream, ServiceNow etc - Knowledge of Cyber Resilience, IT continuity and business continuity - GRC - Governance, Risk Management and Compliance Management. - Firewall and Internet technologies; Cloud Security, Banking Tools & Technologies. - Secure access control mechanisms; Encryption and Key management technics Behavioral : - Strong Communication, Analytical and problem-solving skills. - Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills - Good documentation and reporting skills - Ability to work independently - Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back-office users - Good communication, technical writing/diagramming skills - Attention to detail and accuracy - Ability for creativity and innovation - Self-discipline Specific Qualifications (if required) - One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CEH, CRISC, OSCP or Security+. - IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc. - IT Auditing (ISO27001/2, NIST 800 Series, ISO27005, ISO42001) - Regulatory Compliance - MBA in Finance/Systems/IT, Masters in Technology, Bachelor of Commerce, Masters in Commerce, Bachelor in Science, Bachelor in Technology Skills Referential Behavioural Skills : (Please select up to 4 skills) Communication skills - oral & written Attention to detail / rigor Ability to deliver / Results driven Creativity & Innovation / Problem solving Transversal Skills: Analytical Ability Ability to manage a project Ability to understand, explain and support change Ability to develop and adapt a process Ability to anticipate business / strategic evolution Education Level: Bachelor Degree or equivalent Experience Level At least 5 years Other/Specific Qualifications (if required)- CISA/CISSP/CISM/CRISC -

To provide independent and control function opinion on DORA implementation at CIB level Scope : CIB activities worldwide, covering all business lines and all geographies Corporate and Institutional Banking ( CIB ) businesses are fast paced, dynamic, growing and complex. RISK ORM CIB oversees, evaluates and supervises the wider operational risks of all its business lines. The main responsibility of the role is to participate, oversee and check and challenge the programme of CIB to be compliant with DORA regulation. The candidate will work closely with the first level of defence in charge of the DORA programme and ensure the programme actions and roadmap, adequately covers DORA requirements in a sustainable and risk-controlled manner. COORDINATION with business lines ORO for DORA requirements. with reporting on DORA updates from the CIB programme to wider RISK ORM CIB and OROss with Coordination with Group RISK ORM and IT teams on any updates and instructions on DORA requirements fulfilment with RISK ORM CIB T&TR practices and OROs (i.e., TPRM, Operational Resilience, ICT) FIELD WORK Working on HIs that are in scope of DORA and ensuring these are raised and challenged adequately Working with CIB Regulatory affairs team to ensure that all supervisory requests are answered and proactive monitoring of upcoming requests by interacting with peers and other banks. DORA TPRM aspects and coordination with TPRM OROs across CIB REPORTING to the wider RISK ORM CIB community to the business lines ORO for their respective scope to RISK ORM CIB management As part of the role, the candidate will as well coordinate the RISK ORM CIB community worldwide on the DORA aspects, especially in EMEA region and be the SPOC for any DORA related matters. CONDUCT Be a role model, supporting and fostering a culture of good conduct including respect for others. Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks. Considerate of the implications of actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure, Listens and responds to feedback. Gives feedback to others. Specific Qualifications Required EXPERIENCE The successful candidate will have a proven track record in managing risks and technology in a large/global organization, with robust knowledge of technology, risks and controls, third party technology risk management. Prior experience to ICT/Business Continuity/Operational Resilience Risk Management and exposure to financial services industry is a requirement Knowledge of DORA regulation 10 years or more of suitable professional experience QUALIFICATIONS Bachelors degree in business or risk management, Information Technology, Information Security (or equivalent professional qualification). Excellent written and verbal communication skills (ENGLISH) is an absolute requirement due to the need to foster strong relationships with a broad base of stakeholders across the Bank (beyond the market activities perimeter) and to present often at senior level of the bank. FRENCH language is a plus. Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate. Team player, contributes to the success of the whole T&TR team, as well as being able to be autonomous Ability to communicate, co-operate and work well with other teams The position requires a strong analytical background across the main categories of risk and the ability to synthesize large amounts of diverse information at any one time. A strong delivery focus is required as strict deadlines are to be respected and limited time is available to roll out the program.

RISK Operational Risk Management (RISK ORM), created early 2021 to oversee operational risks within the mandate of the RISK function, is organised, under the responsibility of the Group Chief Operational Risk Officer (Group CORO), around 3 Poles: RISK ORM Framework, RISK ORM Technology & Transversal Risks and RISK ORM Network. Under the authority of the Poles Manager, RISK ORM Network is made up of all the Operational Risk Officers (OROs) acting as the second line of defence (LoD2) within the Groups operational entities (Poles, Business Lines, Functions, Transversal Activities). In this context, the Common Outsourcing Controls Execution Platform (COCEP), whose missions are presented below, reports hierarchically to the Group Head of ICT Controls Testing. He/she: Contributes to protect the Bank by securing the oversight of the completeness and quality of the outsourcing register (360 RiskOp Arrangement module) to guarantee an accurate oversight of outsourcing arrangements and their characteristics, Assures the accuracy and data quality of regulatory reporting (e.g., CASPER) and notifications (e.g., IMAS), Ensures the homogeneity, the robustness and effectiveness of the outsourcing controls executed by the LoD1 by implementing LoD2 controls execution platform across Poles and Functions, Facilitate and pilot outsourcing operational risk management framework. Key success of the COCEP relies on building trusted partnerships with stakeholders and particularly with the RISK ORM Framework, TPRM and Network community and globally all entities of the Group. Responsibilities Direct Responsibilities The COCEP Outsourcing Risk Officer contributes to identify and reduce risks on activities delegated to third-party service providers and thus improves the efficiency of the overall activities for the Bank. Key missions of role - Outsourcing Risk (COCEP) Oversee the process of the outsourcing register data quality of regulatory reporting: o Define the process to remediate data quality anomalies for CASPER regulatory reporting, o Perform cross-business consistency analysis to identify inconsistencies or incorrect qualifications in the register, o Identify any inconsistencies between the outsourcing register critical outsourcing arrangements data and IMAS portal, o Build a process to ensure consistency between the outsourcing register and the exit strategy standard documentation (e.g., alignment between the exit plan and the outcome of assessment of the service providers substitutability, the substitutability modality, and the time-of-service providers substitutability). Verify the compliance of outsourcing regulatory documentation: o Build a process and perform the verification, with the related OROs, of the alignment between the draft record in IMAS portal and the content of the notification template submitted at the Validation Committee, o Build a process and perform the verification, with the related OROs, that the exit strategy documentation is available and compliant with the Group format. Execute LoD2 controls on outsourcing GCL (RISK0418): o Define a process to industrialise the LOD2 control reviews on outsourcing. o Perform the defined LoD2 controls plan, share the results with the related OROs and ensure that the related potential permanent control actions plans are recorded in 360 RiskOp. Facilitate and pilot outsourcing operational risk management framework: o Define a process to industrialise the periodic report analysing the outsourcing operational risk management including the data quality indicators improvements and the LoD2 controls results analysis, o Monitor indicators results, and cascade as appropriate to ORO Poles and Functions, o Define and produce operational reporting (link with RISK ORM COE ISPL reporting stream). The COCEP Outsourcing Risk Officer reports to the Group Head of ICT Controls Testing, and locally to the Head of RISK ORM India CoE. He/she actively collaborates with RISK ORM Framework and Technology & Transversal risks teams and works with the operational risk officers (ORO), outsourcing coordinators, operational permanent controllers (OPC), and subject matter experts (SME). Scope covered and organisation. The scope applies to all entities for which RISK ORM acts as a second line of defence. In addition to the elements of this document, the outsourcing framework, generic control libraries (GCL) and the operational role of the OROs, are notably described in the procedures, "Second line of defences roles and responsibilities on the operational risk management framework (RISK0401), LoD2 control activities on the LoD1 control framework (RISK 0414), Group Policy pertaining to Outsourcing Risk Management Framework (RISK0417), Generic Control Library relating to outsourcing risks (RISK0418) and ORO Role and Responsibilities in the outsourcing process (ORM0005). Lastly, the legal and regulatory requirements of third-party risk management are notably, EBA guidelines on Outsourcing Arrangements, EU DORA, UK PS7/21, UK SS2/21, Solvency II, US FDIC-OCC guidance on third party relationship risk management. Contributing Responsibilities Collaboration at the India CoE level with Head of India CoE, including but not limited to the CoE level reporting requirements Effectively contribute to the CoE, RISK India Hub and ISPL on Group mandates, Objectives and priorities Help and contribute to build the CoE a positive place to work Technical & Behavioral Competencies SKILLS, EXPERIENCE AND COMPETENCIES To meet the requirements of this position, the COCEP Outsourcing Risk Officer will be expected to have a good fluency in risk analysis and monitoring, acquired through professional experience in a team in charge of operational processes or executing operational risk activities in the first or second line of defence. Moreover, general knowledge of LoD2 control management, third-party risk management, analysis and monitoring will be sought given the importance of technology in Group's business processes. We expect the COCEP Outsourcing Risk Officer to have good relationship skills to efficiently work in a group / a team / a community, qualities of communication to be able to bring his/her interlocutors to decision-making and relay key messages, the ability to mobilise his/her direct and indirect network, and a good sense of responsibility and commitment. Last, a good analytical skills, a solid critical mind, the capacity to synthesize / simplify, to communicate orally and in writing, to animate meetings and committees, to challenge the existing and propose solutions (change management), to be pragmatic in analysis and action, to work in collaborative mode in a changing environment with respect of the deadlines, to be rigorous, will allow the newcomers in the COCEP team to take on his/her new appointment in the best conditions. Skills Preferred Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements. Is self-aware, anticipates problems, adapts and meets them head on. Strong stakeholder management, relationship building, influencing, facilitating and presenting skills. Is solutions focused measures their output on whether issues, problems or challenges are resolved as a criteria for success. Conduct: Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure. Specific Qualifications (if required) University degree (technical), and/or certification on Risk Management Skills Referential Behavioural Skills : (Please select up to 4 skills) Attention to detail / rigor Ability to deliver / Results driven Ability to synthetize / simplify Ability to collaborate / Teamwork Transversal Skills: Ability to anticipate business / strategic evolution Ability to develop and adapt a process Ability to set up relevant performance indicators Analytical Ability Ability to develop and leverage networks Education Level: Bachelor Degree or equivalent Experience Level At least 3 years Other/Specific Qualifications (if required) Professional qualifications/trainings relevant to technology and/or Outsourcing Risk, Risk Management ,Information Security, Operational Risk, Cloud Security)

This role will be responsible for supporting the Third-Party Technology Risk Management team in identifying and evaluating potential/ recognized risks related to Information Security, Business Continuity and Physical Security. The 3rd Party Security Risk Assessor, reporting to the Manager, Third Party Risk Management team that performs security assessments of vendors, service providers and 3rd party companies that manage systems or information for BNP Paribas Responsibilities Direct Responsibilities As a Third-Party Technology Risk Assessor, you will perform third-party information and cyber security assessment to identify, monitor, remediate, and manage third party risks across the third-party lifecycle. Risk Assessor role requires good risk experience technology expertise (areas of information and cyber security, business continuity, incident management, compliance, and human resource security) in accurately scoring the inherent risk profile of 3rd parties, making sure the risk assessments are completed on time with quality. In addition, the role requires the ability to prioritize and drive workload. Evaluating control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to review of: ISO 27001, SIG (Shared Assessments), TruSight, SOC / equivalent reports, as well as knowledge of controls related to Privacy, Compliance, Business Resiliency, Cyber and other risk domains. Work with Line of business partners, by navigating them through the different stages of the risk assessment life cycle and making sure that they are being compliant to the organization requirements. Communicate assessment findings and recommendations to internal stakeholders, including senior management, legal, and compliance teams as applicable. Monitor and track the identified findings as part of the assessment lifecycle. Contributing Responsibilities Actively participate in identifying process gap and should be ready to own and update/ document relevant TPTRM policies and procedures Support Internal and external TPTRM audit requirements Compile and generate Weekly/Monthly/Quarterly dashboard on KPI Technical Behavioral Competencies Ideally in financial services with minimum of 5+ years of experience in TPRM or Risk management background. Bachelor's degree with professional certification in Information, Cyber, Network and Cloud Security. Experience with industry recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT, SOC 2 etc. Experience in one or more risk disciplines an advantage i.e., Information Security, Business Continuity, Data Privacy etc. Experience in Governance, Risk Compliance (GRC) tools an advantage. Experience in providing stakeholders with specialist risk knowledge and monitoring its execution. Strong self-motivated multi-tasker who can prioritize competing tasks and stakeholders. Ability to work independently in a fast adapting and agile work environment. Proactive and deliverable focused, with a dedication to delivering against hard deadlines. Excellent analysis skills with keen eye for detail. Strong capabilities in Microsoft Excel, PowerPoint, and Word. Familiarity with vendor management, procurement, and contract negotiation. Ability to communicate effectively with both technical and non-technical stakeholders. Strong analytical and problem-solving skills. Specific Qualifications (if required) Skills Referential Behavioural Skills : (Please select up to 4 skills) Ability to collaborate / Teamwork Communication skills - oral written Attention to detail / rigor Creativity Innovation / Problem solving Transversal Skills: Ability to develop and adapt a process Ability to understand, explain and support change Ability to develop others improve their skills Education Level: Bachelor Degree or equivalent Experience Level At least 5 years

The role holder will be part of a small team responsible for the implementation, management and innovation of 2nd line of defense risk management within the Information and Communication Technology (ICT) space, focusing on Operational Resilience at the Group. Responsibilities will include second line of defense oversight for Operational Resilience Domains such as Business Continuity/DR, IT Resilience, Cyber Resilience (including Cyber Fraud), Third Party Resilience and Crisis Management. The role holder will work with colleagues in Group RISK ORM Operational Resilience team, in support of and in close co-operation with RISK ORM ICT in Regions, as well as 1st line of defense ICT, business and offshoring teams and stakeholders. The candidate shall be an all-round specialist in Information and Communication Technologies, which include IT Processes (Architecture, Network, Systems, Application), Governance, Cyber Security and Operational Resilience related subjects. The candidate shall play a leading role in the successful completion of assigned assessments from start to finish and shall be competent to strengthen team spirit, improve team skills on different ICT subjects and ensure the quality, relevance and traceability of all identified gap. As a subject matter expert on ICT, the successful candidate shall stimulate and bring knowledge and innovation to the RISK ORM ICT Operational Resilience, in supporting of RISK ORM ICT Regional teams, helping to elevate the knowledge base and skills of the team. Responsibilities Governance Oversight Provide IT Cyber risk management (especially related to Operational Resilience) consulting to the business, technical and operations groups Provide direction, support and oversight with respect to management of security and technology risks of core systems and applications, and its resiliency Drive effective implementation and communication of Operational Risk Management (especially Operational Resilience related) policies and guidelines Risk management environment Identification Assessment: Ensure that the identification and assessment of operational risks are effectively done across the organisation by correlating input from Audit Findings, Internal Loss Data Collection Analysis, External Data Collection Analysis, Risk Control Self Assessments, Business Process Mapping, KPIs KRIs, Scenario Analysis, Quantified Measurement Comparative Analysis Monitoring Reporting: Implement a process to regularly monitor operational risk profiles and material exposure to losses and provide appropriate reporting mechanisms to the board, senior management and the business lines. Data capture and operational risk reporting should be continuously enhanced and provide a feedback loop to enhance risk management policies, procedures and practices. Control Mitigation: Improve the effectiveness of the Internal Controls programme by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities. Assess operational risk response strategies. Validate risk transfer options. Risk Disclosure: Provide updates on regulatory and financial disclosure while complying with external and regulatory communications standards and disclosing the operational risk management framework of the bank in a manner that complies with the formal disclosure policy approved by the board of directors. Defines approach for determining what operational risk disclosures are made and the internal controls over the disclosure process. Implement a process to assess the appropriateness of the disclosure, including the verification and frequency. Operational Resilience Manage the delivery, testing and management of Operational Resilience risk policies, standards and associated controls Perform gap assessment of Operational Resilience regulations, standards and guidelines of assigned territories and ensure compliance through 1st Line of Defence Manage assurance/oversight of Operational Resilience directly owned controls and in-directly owned Resilience controls and ensure these controls are tested for operational effectiveness Provide active advisory, partnership, challenge or approval to applicable risk owners to ensure appropriate prioritization and resolution Perform relevant 2nd Line Of defence thematic or issue based deep dives Support the business in identifying (through control testing) Resilience gaps in process, controls and also in remediating these Contribute to the design, development and specification of new/redesigned processes, systems, information, risk controls, testing regimes, documentation and supporting materials Crisis Management: Ensure 2nd line of defence risk oversight of Crisis Management program Contribute to the development of the crisis management framework; including: policies, standards, aide memoires, SOPs, playbooks, escalation protocols, etc. Support the delivery of independent crisis exercises and test incident and crisis response capability. Develop and implement process for validating effectiveness of the crisis management program. Participate in After Action Reviews. Build and establish networks and relations with other key internal stakeholders Third Technology Risk: Provide 2nd line of defence risk oversight of Third Party Cyber Tech Risk program Conduct independent technology and cyber risk assessment of Outsourcing risks 2nd LoD Thematic review of critical suppliers from a Cyber Tech Risk perspective Assist Global Head in developing Group wide 2nd LoD framework and policies regarding Third Party Tech Risk programs Contributing Responsibilities Governance Oversight Contribute to the establishment of an IT Cyber Risk Management program for the bank within the three lines of defence model in alignment with the Group Risk Management Framework Assist with establishing and oversight of the Operational Risk Management infrastructure and ensure practices are consistent with regulatory expectations and industry sound practices Risk management environment Operational Resiliency: Support the regional oversight of Group/Regional operational resiliency program to ensure the ability of the bank to operate on an ongoing basis and limit the losses in the event of severe business disruption. Coordinate with the first and third lines of defence to test these plans to ensure coverage and adequacy. Technical Behavioral Competencies SKILLS, EXPERIENCE AND COMPETENCIES Skills Required: 15 years or more experience or practical understanding in IT, IT Security or other ICT domains required The successful candidate will have a proven track record in managing risk and technology in large/global organizations with robust knowledge of technology, risks and controls, IT and security architecture, operational resilience, and third party technology risk management. Prior ICT risk experience (IT, DR/BCM, Cyber security, Third Party, etc.) and exposure to Financial Services industry is a requirement. Experience with risk management tools and information systems is beneficial. Generic Requested Skills Excellent stakeholder management skills Demonstrates a high level of commitment and self-motivation Able to manage workload and set realistic and achievable targets Eye for detail and ability to process high quantity of documents and correlate them Highly organized and able to multi-task Able to express views clearly and fluently both orally and in writing, considering the audience and avoiding technical jargon when necessary and appropriate Able to work under pressure in international environment Able to interface and coordinate work efficiently and effectively with senior business and technology partners Excellent communication and influencing skills, including ability to articulate complex issues and incorporate feedback Good team player, Strong stakeholder management, relationship building, influencing, facilitating and presenting skills Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements Is self-aware, anticipates problems, adapts and meets them head on. Is solutions focused measures their output on whether issues, problems or challenges are resolved as a criteria for success Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework Technical Skills Experience in business process re-engineering, experience with functional and enterprise technical architecture, good understanding of large-scale technology infrastructure Understanding of emerging technologies e.g. IoT, Cloud, etc. Understanding of ISO 2700X series of standards and guidelines Significant experience in the field of Technology Risk Management, Operational Resilience, Cyber, Information Security and Crisis Management. Strong Risk mindset with understanding of applicable Technology Risk and Resilience regulatory requirements Proficiency in IT Service Management, Service Continuity domains Experience within a regulated environment such as financial services industry Conduct: Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks Consider the implications of actions on colleagues, partners and clients before making decisions and escalate issues to manager when unsure Specific Qualifications (if required) Graduate or Post-graduate qualification in ICT domains, risk management or control function Skills Referential Behavioural Skills : (Please select up to 4 skills) Attention to detail / rigor Decision Making Communication skills - oral written Ability to collaborate / Teamwork Transversal Skills: Ability to anticipate business / strategic evolution Ability to inspire others generate people's commitment Ability to develop others improve their skills Analytical Ability Ability to develop and leverage networks Education Level: Bachelor Degree or equivalent Experience Level At least 15 years Other/Specific Qualifications (if required) Project Management Skills The successful candidate will have one or more of the following professional qualifications: -

Position - ITGC Desired candidate Profile is Direct Employment (No Third Party Payroll or CTH) Requirements (including experience, skills and additional qualifications) Technical skills requirements Preferably CA/MBA/M.Sc/B.E/B.Tech (Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc. with 1-6 year experience. Knowledge of Information system audit covering areas like ITGC, Application controls, etc. Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. Certifications: CISA Additional requirements Demonstrated track record with a blue chip consulting organization and/or a blue chip organization Strong academic record including a degree (percentage more than 70% throughout) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Role Description We are seeking a highly experienced and strategic leader to join our FCR&C division as Vice President Financial Crime Risk and Control - Technology Risk Strategy & Controls . This role is critical in shaping the risk and control landscape across our technology platforms, with a strong emphasis on Python-based automation , audit readiness , and strategic risk governance . The ideal candidate will bring a blend of technical acumen , regulatory insight , and banking domain expertise to drive innovation and resilience in a complex, fast-paced environment. What well offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Strategic Risk Leadership Define and lead the technology risk strategy for Financial Crime Risk and Compliance (FCR&C) division, aligning with enterprise risk appetite and regulatory expectations. Advise senior Leadership on emerging technology risks, regulatory developments (e.g., Basel III, EMIR, GwG, ECB), and control enhancements. Drive strategic initiatives to embed risk intelligence into digital transformation and innovation programs. Technology Enablement & Automation Lead the development of Python-based tools and analytics to automate risk assessments, control testing, and audit support. Oversee the integration of advanced analytics and AI/ML into risk monitoring and reporting frameworks. Collaborate with engineering and data teams to ensure secure, scalable, and compliant technology solutions. Audit, Controls & Regulatory Compliance Own the design and execution of IT control frameworks across trading platforms, payment systems, and client onboarding technologies. Partner with internal audit, DCO and compliance to ensure readiness for regulatory reviews and external audits. Monitor and assess control effectiveness across front-to-back banking processes, including trade lifecycle, credit risk, and operational risk. Review internal processes to confirm all financial crime risks have been appropriately identified and documented. Confirm relevant controls or risk mitigants are in place to manage all financial crime risks within internal processes. Perform design and/or operating effectiveness testing on controls and mitigants. Conduct annual assessment of controls within FCR&C to demonstrate they are operating effectively. Identify, analyse and review operational readiness for any change-related activities. Define the requirements e.g. for the standardisation of processes/policies, translating the required changes for an operational environment and overview effective implementation. Assess risks that are responsible for the mitigating and protecting the Banks reputation. Stakeholder Engagement & Governance Present testing results, risk insights, control metrics, and strategic recommendations to Leadership team Build strong partnerships with front office, operations, DCO, compliance, and technology teams to foster a risk-aware culture. Lead governance forums and working groups focused on technology risk and control transformation. Your skills and experience Qualifications: Bachelor’s or Master’s degree in Computer Science, Information Systems, Finance, or a related field. 14+ years of experience in technology risk, audit, or compliance within investment or corporate banking. Strong proficiency in Python and experience leading automation or analytics initiatives in a regulated environment. Deep understanding of banking products, trading systems, and regulatory frameworks (e.g., SOX, Basel, MiFID II, DORA). Proven leadership in cross-functional teams and executive-level stakeholder management. Experience with testing the design and operating effectiveness of controls and remediating any identified control gaps. Analytical skills and attention to detail, with the ability to think laterally around issues, proposing solutions where required. Effective communication, organisation, prioritisation and interpersonal skills Ability to work to high standards and under strong time constraints. Preferred Certifications: Python/Data Science certifications MBA or executive leadership training (preferred) CISA, CRISC, or equivalent (desirable) How we’ll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs

Number of Openings 1 ECMS ID in sourcing stage TS-ID-15567 Assignment Duration 6 Months Total Yrs. of Experience 7+ years Relevant Yrs. of experience 5 +years Detailed JD (Roles and Responsibilities) TRAC-Controls Specialist Technology Risk and Controls assessment 5+ years of hands-on experience with controls management and related lifecycle, including design, implementation, validation and operational effectiveness testing. Third party risk and control assessment experience Experience managing stakeholders across a variety of seniorities and technical understanding, with the ability to explain and educate stakeholders on IT risk and controls and related topics Ability to work under time pressured conditions against deadlines whilst achieving or exceeding KPIs measuring completion of testing and assessments work Business level fluency in spoken and written English Domain TRAC-Controls Specialist Max Vendor Rate in Per Day (Currency in relevance to work location) 12000 INR Work Location given in ECMS ID Bangalore/Pune WFO/WFH/Hybrid WFO Hybrid BG Check (Before OR After onboarding) As per Infosys Policy Is there any working in shifts from standard Daylight (to avoid confusions post onboarding) YES/ NO NO

Req ID: 330195 NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Python Engineer to join our team in Bangalore, Karn taka (IN-KA), India (IN). Job Duties: As a Senior Python Engineer, you will be a member of the C3 Data Warehouse team with a focus on building our next-gen data platform used for sourcing and storing data from different technology systems across the firm into a centralized data platform that empowers various reporting and analytics solutions for the Technology Risk functions within Morgan Stanley. In this role you will be primarily responsible for contributing to the development of a unified data pipeline framework written in Python utilizing technologies such as Airflow, DBT, Spark and Snowflake. You will also be responsible for contributing to the integration of this framework with existing internal platforms for data quality, data cataloging, data discovery, incident logging, and metric generation. You will be working closely with data warehousing leads, data analysts, ETL developers, infrastructure engineers, and data analytics teams to facilitate the implementation of this data platform and data pipeline framework. To develop various components in Python of our unified data pipeline framework. To contribute towards the establishment of best practices for the optimal and efficient usage of Snowflake. To assist with the testing and deployment of our data pipeline framework utilizing standard testing frameworks and CI/CD tooling. To monitor the performance of queries and data loads and perform tuning as necessary. To provide assistance and guidance during the QA & UAT phases to quickly confirm the validity of potential issues and to determine the root cause and best resolution of verified issues. Minimum Skills Required: At least 5 years of experience in data development and solutions in highly complex data environments with large data volumes. At least 5 years of experience developing data pipelines and data warehousing solutions using Python and libraries such as Pandas, NumPy, PySpark, etc. At least 3 years of experience developing solutions in a hybrid data environment (on-Prem and Cloud) Exposure to Power BI / Snowflake

Req ID: 330194 NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Senior Python Engineer to join our team in Bangalore, Karn taka (IN-KA), India (IN). Job Duties: As a Senior Python Engineer, you will be a member of the C3 Data Warehouse team with a focus on building our next-gen data platform used for sourcing and storing data from different technology systems across the firm into a centralized data platform that empowers various reporting and analytics solutions for the Technology Risk functions within Morgan Stanley. In this role you will be primarily responsible for contributing to the development of a unified data pipeline framework written in Python utilizing technologies such as Airflow, DBT, Spark and Snowflake. You will also be responsible for contributing to the integration of this framework with existing internal platforms for data quality, data cataloging, data discovery, incident logging, and metric generation. You will be working closely with data warehousing leads, data analysts, ETL developers, infrastructure engineers, and data analytics teams to facilitate the implementation of this data platform and data pipeline framework. To develop various components in Python of our unified data pipeline framework. To contribute towards the establishment of best practices for the optimal and efficient usage of Snowflake. To assist with the testing and deployment of our data pipeline framework utilizing standard testing frameworks and CI/CD tooling. To monitor the performance of queries and data loads and perform tuning as necessary. To provide assistance and guidance during the QA & UAT phases to quickly confirm the validity of potential issues and to determine the root cause and best resolution of verified issues. Minimum Skills Required: At least 5 years of experience in data development and solutions in highly complex data environments with large data volumes. At least 5 years of experience developing data pipelines and data warehousing solutions using Python and libraries such as Pandas, NumPy, PySpark, etc. At least 3 years of experience developing solutions in a hybrid data environment (on-Prem and Cloud) Exposure to Power BI / Snowflake

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of Cyber Security Analyst /Consultant Specialist . In this role, you will: Identify opportunities and deliver consistent and interconnected risk and control environment reporting and governance Protect the bank via proactive regulatory risk reduction actions. Drive consistent regulatory reporting across regions, businesses, and global functions. Collaborate closely with global functions, businesses, and regional stakeholders to integrate risk and control insights into strategic technology planning and decision-making processes. Assist teams to enhance technology control frameworks, ensuring they are inclusive and adaptable aligned with industry regulations and standards. Provide advice, guidance, and assessment of application of policies, control standards, and procedures. Advocate the desired behavioural changes across the community required to mature the understanding and management of technology risk controls. Requirements To be successful in this role, you should meet the following requirements: Excellent understanding of especially Cybersecurity Controls. Strong communication skills to be able influence and challenge stakeholder Analytical and problem-solving skills, with the ability to navigate technology landscapes. Excellent understanding of key reporting metrics. Power BI,Excel , Collaboration tooling (Confluence, Jira) Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

About the Role: Grade Level (for internal use): 09 S&P Global Corporate About the Role: Cyber Risk Analyst - This role helps reduce the cyber risk posed by third parties and protects S&P Global brands against possible attacks against our information assets by threat actors via backdoor created by our vendors. Primary responsibilities will include assessing Cybersecurity, Business Continuity controls for S&P third parties by conducting control risk assessments, risk recertifications, and continuously monitoring the vendors engaged by S&P. The Team: As part of Vendor Risk Management, the Vendor Cyber Risk Management team manages the Supply Chain Cyber risks by performing risk assessments of third-party engagements to identify and reduce the risks posed by third parties. This is an extremely important role, considering the fact that large number of data breaches happen due to third parties. It involves working with internal stake holders as well as third parties to achieve the result Responsibilities and Impact: Working in Vendor Risk Management offers the opportunity to continuously enhance processes to meet the evolving requirements of various regulators. This challenging environment provides ample opportunities to expand your knowledge and expertise. In addition to risk assessments, recertification, and continuous monitoring, you will participate in various projects, allowing you to showcase and further develop your skills and experience. Conduct thorough Cybersecurity, Business Continuity, Artificial Intelligence, Cloud Service Prover and Privacy assessments for Vendors, evaluating their information security policies, procedures, and controls. Effectively collaborate with internal teams to identify critical vendors and assess their potential impact on the organization's cyber risk profile. Communicate risk assessment findings and recommendations to key stakeholders, including senior management, legal, and compliance teams. Work closely with vendors to address identified security gaps and ensure they meet the organization's cybersecurity requirements. Review the vendors on the continuous monitoring program and assisting in driving the periodically review the vendors. Monitor and stay abreast of evolving cybersecurity threats and industry trends to enhance the effectiveness of the risk assessment process. Lead and support enhancement projects within Vendor Risk Management to meet various business and regulatory requirements. Assist the team members in balancing the load and managing Ad-hoc projects. What Were Looking For: Basic Required Qualifications: Bachelors degree in computer science or engineering or equivalent. Minimum 3 years of experience in Information Security or Technology Risk Management Any prior exposure to vendor risk management and/ or privacy laws and regulations is a plus. Demonstrable understanding of the concepts of technology controls and information security controls. Exposure to cloud technologies and cloud security is highly desired; the familiarity with pubic cloud technologies such as Amazon Web Services (AWS) or Microsoft Azure or Google Cloud is highly preferred. Excellent communication skills - a must. The resource should have the ability to communicate with cross-functional teams and vendors, both written and oral communication is critical. Additional Preferred Qualifications: This position is required to work in UK Shift; flexibility is a must, especially when it comes to vendor and internal meetings held during US business hours. Strong organizational skills with the ability to multitask and prioritize while maintaining close attention to detail. Ability to build strategic partnerships with internal stakeholders. Must be a critical thinker with strong qualitative skills. Information Security/Risk Management certification would be an advantage. Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf -----------------------------------------------------------

Role Description The 1st line Tech Risk and controls function at Deutsche sits within the Group Technology Infrastructure (GTI) for Deutsche Bank Group. GTI has the largest footprint within the Technology, Data and Innovation division and is joined by other business-aligned CIO IT divisions. The Tech Risk and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner. As part of the team, you will join the Banks journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction. Specifically, you will bring expertise to Control definition and assessments capability across IT Infrastructure, SDLC and Architecture domains supporting a proactive risk management function. It will therefore also include providing change risk advisory services for transformational change programs undertaken by or impacting GTI. You will liaise with other risk and control functions, on a management level to assure the integration of risk initiatives and projects. You will also support Regulatory Adherence and Policy Management function within TDI Risk Management. Its purpose is to provide oversight and supervision of new & changed material regulation impacting TDI, including full traceability to derived DB-specific Policies, Procedures, Key Operating Documents and Supporting Documents. Your key responsibilities Risk & Control Management Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present findings and proposals for risk mitigation measures. Support the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments. Work closely with teams in and out of the division to understand risks impacting the group. Align internal Deutsche Bank policies/procedures against industry recognized framework to strengthen the control framework and its implementation for both within the Bank and our 3rd party vendor relationships Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums Regulatory Adherence and Policy Management Coordination of regulatory adherence assessments across sub-divisions within TDI and management and review of Policies, Procedures, Key Operating Documents, Supporting Documents within TDI. Engage with stakeholders across TDI and other (e.g. 2nd line of defence) divisions in reviewing, assessing, and documenting the impact of regulations and planning remedial actions. Steer and support the publication of a consistent set of global and local Policies, Procedures, Key Operating Documents and Supporting Documents relating to Information Technology from laws, rules, and regulations. Risk remediation and Change Risk Advisory Support the Head of TDI GTI Risk Management in assessing risks related to strategic changes within the GTI Organization Proactively monitor risk landscape shift within the industry to identify transformation project opportunities to insulate Deutsche Bank from any potential risk exposure e.g., Production design life cycle, application and infrastructure architecture and its resilience Stakeholder Management Identify, Partner and Collaborate Work with relevant stakeholders to identify and assess controls gaps related to technology risk - measure and mitigate them in a timely manner Align with COO Division Control Office (DCO) team and NFRM (2nd LoD) ensuring successful and consistent implementation of the established control framework. Promote and support proactive IT risk culture at the Bank. Your skills and experience Desired experience Minimum 5 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework or IT Audit in a global organization. Experience in a regulatory oversight, assurance, or policy management function within technology. Or have suitable compliance or audit background within infrastructure (and preferably IT & Information Security). Extensive experience regarding development, training and implementation of IT Policies, Procedures, Key Operating Documents and Supporting Documents. Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 Other professional qualifications and certifications in Technology risk management Desired behaviors A strong team player comfortable in a cross-cultural and diverse operating environment Result oriented and ability to deliver under tight timelines Ability to successfully resolve conflicts in a globally matrix driven organization Excellent communication and collaboration skills Desire to learn about new and emerging technologies and continuous upskilling Must be comfortable with navigating ambiguity to extract meaningful risk insights.

We are looking for a subject matter expert as an in-house IT specialist for a long-term position. A successful candidate fulfills her two functions within the company. First, you need to coordinate IT-related infrastructure and development.

Job Title Head of IT&IS Risk and Controls Corporate Bank (CB), Investment Bank (IB) Location: Mumbai, India Corporate Title: Director Role Description The first line Tech Risk function for business divisions (Corporate Bank (CB), Investment Bank (IB) and Operations (Ops) at Deutsche Bank sits within the Divisional Control Office (DCO) embedded in the Business. CB and IB front-to-back have the largest footprint within the banking divisions, and you will be part of a dynamic team, consistently in demand for providing insights and managing Information Technology (IT) and Information Systems (IS) risks on behalf of the business. You will join the Banks journey and contribute towards our strategic goal of managing risk within appetite whilst enabling adoption of emerging and new technologies for business growth. You will report directly to the Head of Technology Risk for CB and IB, oversee initiatives in India and deputize at management forums as necessary. Your key responsibilities Manage a team of 35+ members across all people related subjects including hiring, identifying, and developing talent across fungible team, staff retention, cross training, cultivating change and risk conscious mindset. Drive understanding and representation of IT& IS risks with business line heads across CB and IB front-to-back divisions and work closely with Head of Tech Risk Governance to successful implement initiatives in India Manage global stakeholders and prioritization of delivery of DCO BOW from the teams located in Mumbai, Pune and Bangalore Lead innovation, efficiency initiatives & automation through use of Data Analytics or AI models to enhance maturity in Technology risk management and empower decision making. Be a strategic partner with Leadership including DCO and business aligned CIO divisions to drive the control-based risk exposure and management discussions Ensure management transparency by way of timely reporting and represent the IT/IS risk types, and remediation plans against appetite at the various divisional Non-financial Risk Council forums Manage all aspects of Front Office Technology risk, working closely with Risk leads in the Technology divisions including tracking of Self-Identified Issues, Audit Findings Work closely with peers leading other pillars in the team (such as Divisional Chief Information Security Office) to establish an effective risk management 1st line function in the Business Partner with 2nd LoD, NFRM (Non-Financial Risk Management) to ensure alignment towards Group wide minimum control standards and risk appetite framework Promote and support proactive IT risk culture at the Bank Your skills and experience Previous experience in similar Technology risk roles in a front office IB/ CB division or IT audit (internal/external) in a cross-cultural and diverse operating environment with knowledge of business products In-depth knowledge of industry-wide risk landscape and global regulatory expectations, and leading engagement prep Strong understanding of Industry best practices in Technology Risk Frameworks such as National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT) and fundamentals of Artificial Intelligence/Machine Learning (AI/ML) and Cloud based services Excellent communication, presentation and collaboration skills, with result-oriented mindset How well support you Training and development to help you excel in your career Coaching and support from experts in the team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs ml

Skill required: Tech for Operations - Agile Project Management Designation: Program & Project Mgmt Associate Manager Qualifications: BTech Years of Experience: 10 to 14 years What would you do "You will be part of the Technology for Operations team that acts as a trusted advisor and partner to Accenture Operations. The team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. We work closely with the sales, offering and delivery teams to identify and build innovative solutions.The Tech For Operations (TFO) team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. Works closely with the sales, offering and delivery teams to identify and build innovative solutions. Major sub deals include AHO(Application Hosting Operations), ISMT (Infrastructure Management), Intelligent AutomationAn iterative, incremental method of managing the design and build activities of engineering, information technology and other business areas that aim to provide new product or service development in a highly flexible and interactive manner. It requires individuals and interactions from the relevant business to respond to change, customer collaboration, and management openness to non-hierarchical forms of leadership. " What are we looking for "Ability to establish strong client relationshipAbility to handle disputesAbility to manage multiple stakeholdersAbility to meet deadlinesAbility to perform under pressure" Roles and Responsibilities: "Coordinate with client Tech Lead to align Accenture and client workplans for dependencies and milestonesResponsible for overseeing the overall implementation and is the owner of the master project planCoordinate with client Tech Lead to gain and track client signoffs for technology projects deliverablesWork with client Tech Lead to schedule and run regular overall project status meetings and RAID log review callsResponsible for overall technology risk and issue resolution management from AccentureManage the overall technology Stabilization/Hypercare activities/status with the client stakeholdersHandle client escalations to assign appreciate resources and inform client and Accenture stakeholders of progress/statusInteract with client tech and business resources to execute any joint activitiesCoordinates all Accenture internal cross technology activities related to projectManages the PMs/Leads for each individual technology component of the solution.Sign off on Deployment ReadinessManage Final Go/No-Go DecisionManage defect and Change Request escalationsReview and approve the selected solution or action proposal from RCAMay participate in regular periodic status calls with account leadership and Steering CommitteeResponsible for overall technology financials, including providing appropriate financial inputs into Accenture financial management systemsResponsible to submit overall project status updates into MyWizard.Manages the creation and estimate for technology CRs. May also be involved in the CR process definition with the client and account leadershipStrong project management skills, specifically proven experience on BPS MobilizationsSkills in deployment and/or project management of Blackline, Tradeshift, Trintech or Celonis. Well-developed risk analysis and mitigation skillsPeople management demonstrated ability to build and lead virtual teamsProactive issue/conflict identification and resolution abilityStrong problem-solving skillsProven client facing skillsCandidate must be willing to work modified shifts to support global clients in other regions (e.g., North America). Shift allowances may be available in accordance with organization policies and practices. Strong understanding of F&A domain is requiredTechno-functional experience in Finance & Accounting domain is required (any domain R2R / P2P / O2C)" Qualification BTech

: Job TitleInformation Security Risk Specialist , AVP LocationMumbai, India Role Description An Information Technology & Security Risk Specialist to join the 2nd LoD Information Security & Technology Risk Team. The team is global, this role is within the Mumbai team (currently 1 person) which is being built out to support the global team. Should have a proven depth of knowledge and keen interest of Information Security and Technology and their application in large financial institutions. Working with other team members the role will input subject matter expertise and drive innovative approaches in applying risk management in an evolving threat environment. The team has a global footprint in Frankfurt, Singapore, London, Mumbai and USA. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Provide data and analytics reporting to support the team in monitoring the Information Security and Technology Risk Appetite, breaches and remediation. Where required support the implementation of automated data and analytics reporting process. Support the team delivery of Non-Financial Risk Management (NFRM) priorities such as risk & control assessments, scenario analysis, risk appetite. Monitor and challenge 1LOD Risk and Control Assessments (including results of 1LOD control testing/assurance). Perform 2LOD control assurance through targeted reviews of areas of concern. Gain an understanding and be able to articulate key Information Security and Technology regulatory requirements across APAC/MEA and their impact and implementation into the Information Security and Technology Risk Framework. Your skills and experience University degree (Computer Science, Business Administration or equivalent). Majors in Information Security and / or Risk Management are a plus. Experience (4+ years) in Information Security or Information Technology with experience in the Finance industry and/or a major Technology or Consultancy company preferred. Some level of technical understanding and training either as a data analyst, developer, business analyst or project manager. Knowledge of Information Security and Technology industry regulatory standards and/or Risk Frameworks (e.g. EBA Guidelines ISO / 27000 Series, COBIT 2019, DORA) are a plus. Relevant professional certifications e.g. CISSP, CISA, CISM, CRISC, ITIL, ISO27001 Lead Auditor or similar are a plus. Experience of working in large global teams yet comfortable working independently without day-to-day oversight and steer. Strong communication skills (English required). How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Reportsto GroupVP/ ChiefDeliveryOfficer, Dotted line to CSandSAVertical Heads ReBIT functions as a think tank for RBI for Information Technology and associated Security adoption for theplanning, executionand strategicroles of RBI in Central Banking. The Cyber Security (CS) Vertical provides the next Gen services and protection in CyberSecurity,Engineering and GovernanceforRBI. TheSystemAudit (SA) vertical is responsible forproviding technicalaudit supportto RBI ssupervision function. TheProject Management functionis responsible for building the platform, Enterprise applications and offer Enterprises services for various functions/ departmentofRBI. In order to offer relevant services and nextgeneration products and solutions in the areas of Cyber Security which are needed for CS and SA vertical core Research in various advancements in Cyber security is needed. Based on the varioustools,solutionsand applications need tobe developed whicharestateofthe art, proactive, smart and AI/ML enabled. The ESRD Business Unit is formed for this purpose and VP is responsible for spearheading this function, strategizing and execution of all functions in this Business Unit. The ESRD BU will have sub COEs of Security Research in multiple domain areas with association with CS/SA COEs and formulations of AI/ML models in association with Data Science COE. TheESRDBU also willhavea Core development teamfor developing and enhancing the solutions and products based on RBI Enterprise Platform. They will be augmented by various expert resources from various COEs/BUs of Project Management (PM) vertical. This role works closely with the teams of RBI in Department of Supervision (DOS), Department of Payment and Settlement Systems (DPSS), Department of IT (DIT) and Department of Risk Management as well as other Depts on a need basis. Mandatory qualifications Graduate degreein information systems,engineering, technology, computer science, or a related field. Masters degree in technology/management preferred Extensive experiencein technology function or in technology Research, Development. Relevant experience in financial services desirable. Strong understanding of application development, databases, networking, technology infrastructure and cyber security technologies. Handson experience in software development preferred Advanced knowledge of Technology Risk Management and cybersecurity Controls, including: Business Continuity Management Privacy and Data Protection Application Security (e.g., user entitlements, authentication, accountability) System Architecture and Design (e.g., availability, performance, scalability, data integrity) Technology Operations (e.g., change and release management, data backup and retention, capacity management) Technology Governance (e.g., technology risk management, metrics/ KRIs, cybersecurity rules and regulations) Interest in broad exposure in banking domain areas - banking operations, payment systems, investment management, sales, trading, operations, risk management, finance, legal, and compliance activities in the banking industry Proficient understanding of current regulatory and industry events Experience in Building solutions and products in Cyber security and AI/ML based Enterprise products Relevant professional certifications are a plus Research Papers, Patents will be definite advantage Desired Skills 22-24 Years of relevant industry experience, ofwhichatleast 5years asCTO/ Head of Engineering / Head of R&D. A history of proven delivery of results. Excellent communication (verbal, written, listening) and interpersonal skills Ability todevelopeffective working relationships with peersand stakeholders Should bea teamplayer with provenleadership qualities Intellectualand researchcuriosity andhealthy skepticism Abilityto synthesize and articulate complex ideas Critical thinking andproblem-solving abilities Strong project management, organizational, and presentation skills Commitmentandstrongwork ethic Domain IT/ITES, Banking captiveunits, Banking / financialservices , CyberSecurity Consulting/Auditing organizations Establishing ESRD asacore Business Unitwithin REBIT Gain respect within RBIand REBIT as Core and high performing Research unit and Building Cyber security-based solutions and Products for the functions of CS, SA and PM which will enable RBI for more effective Central Banking Building ahigh performing team, establishing processand delivery models Key Focus Areas will be NexGen Audit Toolsandapplications basedonAI/ML Modelling Autonomous and human-less/ agenticAI/MLmodels for Audit SIEM enhanced log analysis withML models ThreatHunting models / Proactive threat detections Enhancing threat attack detection with cyber kill chain patterns Critical infrastructure attack surface models NexGen Cybersecurity Mesh solutions and products Quantum based encryptions Data classification and privacy solutions Advanced endpoint/ perimeter security