Job Description Work with External Auditors as required, including facilitating interactions and documentation requests. Assist with compliance framework assessments including, but not limited to NYDFS, PCI DSS, SOC, SOX, GLBA, CIS, MTL and HIPAA. Coordinate external penetration test(s). Coordinate remediation of observations noted from Audit(s) or Gap Analyses. Conduct Internal Audits each quarter. Conduct New Product Audits. Review and edit policies as necessary, but no less than annually. Develop technical security training programs for application users, site security personnel, IT and HR staff globally. Coordinates audit activities with customers workload and schedule. Maintains the Internal Audit manual and leads updates to audit templates. Conducting investigations on irregularities and errors seen during the Audit. Conduct Table Top exercises including, but not limited to Business Continuity/Disaster Recovery and Incident Response. Update Risk Assessment(s) no less than annually. Complete internal vulnerability scans. Complete new hire training, including but not limited to KnowBe4 and BAI. Work with vendors, banks, partners as required to meet their compliance needs, including but not limited to, Questionnaires, RFPs, and Report Requests. Provide consultation and advisement to the business and project leads around compliance initiatives. Performance of other duties and responsibilities as assigned Comply with and enforce company policies and procedures Provide regular and predictable attendance considering any rights to leaves provided by law or company policy Perform all essential job functions without posing a direct threat of harm to yourself or others Effective written and verbal communication with subordinates, peers and supervisor Preferred candidate profile Demonstrate an ability to work under pressure to meet deliverables accurately and on time Excellent communication, interpersonal, organizational, time management and leadership skills Collaborate effectively with other teams within the Security and Compliance department, IT and the Organization Must be able to resolve problems on a daily basis, handle conflict and make effective decisions under pressure. Determination, Dependability, Integrity, Professionalism

Senior Internal Auditor Job Description You were made to do this work: designing new technologies, diving into data, optimizing digital experiences, and constantly developing better, faster ways to get results. You want to be part of a performance culture dedicated to building technology for a purpose that matters. You want to work in an environment that promotes sustainability, inclusion, wellbeing, and career development. In this role, you ll help us deliver better care for billions of people around the world. It starts with YOU. In this role, you will: The Senior Internal Auditor role is expected to perform a full range of audits and investigations, including financial, SOX compliance and operational audits of Kimberly-Clark Corporation. The Senior Internal Auditor will review and determine the reliability of internal controls, assist with various departmental projects and ensure compliance with Corporate and Legal guidelines. The Senior Internal Auditor is a proactive, positive and solutions-oriented business professional with strong potential to grow and take on more challenging assignments and responsibilities in the future. Responsibilities: Execution of audit projects covering different workstreams and engagements with minimal supervision/guidance as individual contributor or Auditor in Charge (AIC) Participate in or lead a coordinated engagement risk assessment process of in-scope countries and business processes Work closely with Information Technology auditors and/or data analytics team to ensure an integrated business process / information system audit approach Assess risks and controls and design evaluation of business activity with minimal guidance Contribute to the formulation of audit plans, scoping documents and audit programs using a risk-based audit methodology Assist in the development of formal written reports and present audit results to management, including recommendations Provide staff and business partners timely guidance and feedback on effective internal control practices, to strengthen specific knowledge / skill areas needed to accomplish a task, solve a problem or develop professionally Supervise and mentor Advanced and Associate auditors. Review documentation, work papers, findings and recommendations for audits performed under his/her direction and provides constructive feedback Cultivate positive relations with business leaders and auditees, balancing diplomacy with assertiveness Enhance current audit methodologies and recommend improvements to the audit process Leverages continuous monitoring and auditing procedures to enhance and streamline projects and standardize specific audit procedures if possible from one project to another About Us Huggies . Kleenex . Cottonelle . Scott . Kotex . Poise . Depend . Kimberly-Clark Professional . You already know our legendary brands and so does the rest of the world. In fact, millions of people use Kimberly-Clark products every day. We know these amazing Kimberly-Clark products wouldn t exist without talented professionals, like you. At Kimberly-Clark, you ll be part of the best team committed to driving innovation, growth and impact. We re founded on more than 150 years of market leadership, and we re always looking for new and better ways to perform - so there s your open door of opportunity. It s all here for you at Kimberly-Clark. Led by Purpose. Driven by You. About You You perform at the highest level possible, and you appreciate a performance culture fueled by authentic caring. You want to be part of a company actively dedicated to sustainability, inclusion, wellbeing, and career development. You love what you do, especially when the work you do makes a difference. At Kimberly-Clark, we re constantly exploring new ideas on how, when, and where we can best achieve results. When you join our team, you ll experience Flex That Works: flexible (hybrid) work arrangements that empower you to have purposeful time in the office and partner with your leader to make flexibility work for both you and the business. In one of our technical roles, you ll focus on winning with consumers and the market, while putting safety, mutual respect, and human dignity at the center. To succeed in this role, you will need the following qualifications: College degree with major/minor in Accounting, Finance or related field 5+ years of public accounting and/or private industry audit experience with knowledge of accounting, finance and internal control areas Self-motivated with ability to work independently and multitask to complete assignments within time constraints. Demonstrates initiative, innovation and drive for results. Ability to prioritize and meet deadlines. Have excellent follow-up and follow-through skills Ability to apply analytical and interpretive skills to problem solving Professional certification (CIA, CISA, CPA or equivalent) or working towards certification is a plus Demonstrated understanding and application of various techniques to identify the root cause of a problem Experience as a proactive and solutions-oriented business professional with the ability to interface with all levels of management across business units and functions. Seeks out, develops collaborative working relationships to facilitate the accomplishment of work goals Handles difficult situations with diplomacy and tact and uses indirect influence to build consensus and support Exhibits adaptability, positive attitude, high energy and flexibility in approach and work style to changing demands and circumstances Excellent project and time management skills with strong attention to detail and accuracy Communicates professionally in all forms, with ability to effectively present to peers and management Strong oral and written communication skills Ability to travel up to 10% Preferred capabilities: Working knowledge of SAP and AuditBoard Management Software Experience with data analytics related tools (e.g., ACL, PowerBI, etc.) Prior manufacturing and/or consumer products industry experience Language skills (English is a must) - additional languages are a plus To Be Considered Click the Apply button and complete the online application process. A member of our recruiting team will review your application and follow up if you seem like a great fit for this role. In the meantime, please check out the careers website . And finally, the fine print . Employment is subject to verification of pre-screening tests, which may include drug screening, background check, and DMV check. #LI-Hybrid Primary Location Pune Kharadi Hub Additional Locations Worker Type Employee Worker Sub-Type Regular Time Type Full time

MSCI is searching for a skilled IT specialist with a keen interest in IT internal controls to support the IT SOX function. This is a high-impact role as part of the Technology & Data Business Technology team improving and implementing IT general controls (e.g., user access and change management) and application controls (e.g., auto-calculations and validations) , within the scope of MSCI s SOX program , through partnership with key technology stakeholders to strengthen our existing program. Your Key Responsibilities Support the design and implementation of the technology internal control framework , to build robust IT general and application controls for business reliance , to ensure complete and accurate financial reporting Collaboratively partner and build relationships with control owners, internal audit, and external audit throughout annual SOX planning , scoping , control execution , testing, and issue management Assist control owners through the SOX program lifecycle including regular risk assessments, control design, control implementation, walkthroughs, and evidence collection Directly support the IT team s assess ment and improve ment of business as usual (BAU) processes/controls related to user access provisioning/deprovisioning , user access recertification , privileged access , service account management , and change management to ensure robust procedures are documented, processes follow procedure s consistently , and help redesign and improve processes inconsistently performed Collaborate with internal audit throughout IT and operational audits, including key stakeholder identification, testing, and management action plan identification SOX control deficienc y and operational audit issue management , including remediation support Perform management testing of SOX controls to ensure controls are designed and operating effectively and issues are proactively identified prior to audit testing Ensure control owner compliance with policies for critical processes by regularly assess ing adherence with MSCI s procedures and standards P roactively support ongoing stakeholder initiatives to assist in SOX audit readiness Assist i n team member education on best practices for proper control execution, process design, and audit evidence S upport special projects, including mergers and acquisition integrations and technology transformation projects Your skills and experience that will help you excel Bachelor s degree in Management Information Systems or other relevant field (certifications including CISA a plus) 1 3 years of experience as a n information technology professional (technology audit experience a plus) Preferred knowledge of Sarbanes-Oxley compliance, IT application and general controls, and issue managem ent Robust knowledge of user access, change management, software development, system architecture, databases, and operating systems Experience with Power Platform, ServiceNow, Salesforce, SAP and/or Workday a plus Advanced verbal and written communication skills Strong presentation and negotiation skills E ffective relationship building with technology partners to accomplish critical goals Team player and desire to work succ essfull y in a diverse and global organization Strong problem solving and analytic al skills, and thrive with unstructured tasks and initiatives About MSCI What we offer you Transparent compensation schemes and comprehensive employee benefits, tailored to your location, ensuring your financial security, health, and overall wellbeing. Flexible working arrangements, advanced technology, and collaborative workspaces. A culture of high performance and innovation where we experiment with new ideas and take responsibility for achieving results. A global network of talented colleagues, who inspire, support, and share their expertise to innovate and deliver for our clients. Global Orientation program to kickstart your journey, followed by access to our Learning@MSCI platform, LinkedIn Learning Pro and tailored learning opportunities for ongoing skills development. Multi-directional career paths that offer professional growth and development through new challenges, internal mobility and expanded roles. We actively nurture an environment that builds a sense of inclusion belonging and connection, including eight Employee Resource Groups. All Abilities, Asian Support Network, Black Leadership Network, Climate Action Network, Hola! MSCI, Pride & Allies, Women in Tech, and Women s Leadership Forum.

Life Unlimited. At Smith+Nephew, we design and manufacture technology that takes the limits off living. Were on the lookout for hard-working individual who is ready to make an impact in medical equipment industry. If youre eager to be part of a dynamic environment that fosters growth and collaboration, look no further. Explore our latest job opening for IT SOX Specialist role and embark on a journey where your talents are valued and your potential is limitless. Lets craft the future together! What will you be doing? Your will contribute and focus primarily on being responsible for the IT SOX program at Smith+Nephew. Strong collaboration and undertake training on Smith+Nephew IT SOX Policy Procedures and Processes. Supported by the senior team members. Perform reviews of IT control design. Perform testing of IT controls. Support Control Owners through external audit meetings and audit activities Support in the remediation of audit deficiencies. This role will be expanded to include additional responsibilities and opportunities to grow your experience. Required to review vendor SOC reports (training provide if this is new) What will you need to be successful? Education: Bachelors or equivalent experience or Master s degree in IT. Any qualifications in IT audit would be useful for example Certified Information Systems Auditor (CISA). Experience: Minimum 3+ years of experience - Sarbanes Oxley IT General Controls work: reviewing and testing control, supporting external audits. The position requires the ability to :- Work in an office or from home (as required) with a high degree of PC work and meeting attendance. Assist SOX Program training, Performing Control Design Reviews and Performing Management Testing. Supporting Control Owners and Supporting other SOX Team members. Superb communication, collaboration, and relationship building and collaborator engagement skills. You Unlimited. We believe in crafting the greatest good for society. Our strongest investments are in our people and the patients we serve. Inclusion, Diversity and Equity- Committed to Welcoming, Celebrating and Thriving on Diversity, Learn more about Employee Inclusion Groups on our website ( https://www.smith-nephew.com/ ). Other reasons why you will love it here! Your Future: Major Medical coverage + Policy exclusions and insurance non-medical limit. Educational Assistance. Work/Life Balance: Flexible Personal/Vacation Time Off, Privilege Leave, Floater Leave. Your Wellbeing: Parents / Parents in Law s Insurance (Employee Contribution of 8,000/- annually), Employee Assistance Program, Parental Leave. Flexibility : Hybrid Work Model (For most professional roles) Training: Hands-On, Team-Customized, Mentorship Extra Perks: Free Cab Transport facility for all employees, One Time Meal provided to all employees as per shift. Night Shift Allowances.

At C.H. Robinson, we re looking for an Internal Auditor . In this role, you will support the Sarbanes-Oxley (SOX) program by planning and executing SOX control testing and evaluating the effectiveness of internal controls, risk management, and governance practices. If you re eager to learn, enjoy solving complex challenges, and want to be part of a team that values insight and integrity, we d love to hear from you. At C.H. Robinson, we believe in the power of in-person collaboration to drive innovation and success. In this role, you ll work on-site two days a week, fostering creativity and impactful results, with the flexibility to work remotely for three days. This hybrid model offers the ideal balance of teamwork and autonomy. Duties and Responsibilities The responsibilities of this position include, but are not limited to: Maintain and prepare detailed and accurate Sarbanes-Oxley (SOX) documentation, including narratives, control descriptions, testing results, management responses, and remediation plans Evaluate the design and effectiveness of internal controls, including both business process and IT general controls (ITGC), as well as SOC 1 controls, through walkthroughs and compliance testing Assess adherence to policies and procedures using continuous auditing techniques Participate in audits across operational, technological, financial, and compliance areas with independence and professionalism Prepare accurate datasets using Microsoft SQL and other master data management tools; perform basic data analytics to identify trends and issues Support special projects such as fraud investigations, executive-level initiatives, conflict of interest reviews, and segregation of duties assessments Perform other duties or responsibilities as assigned based on team or regional needs Qualifications Required: Chartered Accountant or Bachelor s degree in Accounting, Finance, or a related field from an accredited institution Minimum 2-3 years of auditing or relevant risk management experience Experience in SOX control testing under US GAAP or other relevant controls testing Effective and flexible communication, business writing, presentation, and facilitation skills Preferred: Public accounting experience Interest in technology risks and IT auditing Certification or interest in pursuing Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or related credentials Experience with applications such as Oracle and SQL Server Strong verbal and written communication, business writing, presentation, and facilitation skills Excellent analytical, problem-solving, and decision-making abilities Skilled in managing multiple tasks simultaneously; highly organized and able to work independently Committed to fostering a diverse and inclusive work environment Your Health, Wealth, and Self Your total wellbeing is the foundation of our business, and our benefits support your financial, family and personal goals. We provide the top-tier benefits that matter to you most, including: Group Mediclaim Policy (GMC) Group Personal Accident (GPA) policy Covid-19 related coverage and reimbursement Employee State Insurance Corporation (ESIC) Group Term Life (GTL) Insurance Plan for employees Employee Stock Purchase Plan (ESPP) Investment Declaration & Flexi Benefit Plan Variable Pay based on position Flexible work arrangements Paid Privilege, Casual and Sick Leaves Paid Maternity & Paternity Leaves Paid Compassionate Leaves Paid Public Holidays Paid time off to vote Reward & Recognition Program Wedding Allowance Special Mobility Assistance Employee Wellness Initiatives Plus a broad range of career development, networking, and team-building opportunities Equal Opportunity Employer C.H. Robinson is proud to be an Equal Opportunity Employer. We are committed to a workplace and performance culture that reflects the strengths of our worldwide marketplace. We value unique experiences and diverse backgrounds of our people within our company, our business relationships, and our communities. We re committed to providing an inclusive environment, free from harassment and discrimination, where all employees feel welcomed, valued and respected.

To Manage Information Security activities and ITSM processes related to Airport IT Operations. To ensure Security, Quality and Compliance of Systems, Services , Processes . To ensure IT Process Alignment with Business and Stakeholder Requirements To manage Information Security activities and Information Technology Services processes governance relating to IT Operations to ensure confidentiality, integrity and availability of systems, services and associated information are in tune with business and stakeholders needs and adhering to regulatory & statutory requirements ORGANISATION CHART Accountabilities Key Performance Indicators Strategy and Governance Reducing gap between current state and desired state to acceptable risks. Roll out corporate Initiatives as per corporate guidelines Propose, Review and Recommend cost-effective solutions Design and review Security Architecture Design and review Security Performance metricsReview Policy effectiveness No of Reviews No of Architectural Changes Information Risk Management Asset Classification Business Impact Assesments Threat and Vulnerability evalautions Risk Assesment and Risk Management Evaluate information security controls and countermeasures Integrate risk, threat and vulnerability identification and management into information management life cycle Vulnerabilities ManagementFormulate and Review Risk Acceptance Criteria No of Risks Identified/Mitigated No of Critical Incidents Information Security Program Development and management Identify and evaluate information security technologies, emerging trends Align information security architectures with changing business needs Develop information security standards, procedures and guidelines implement and communicate information security policies, standards, procedures and guidelines Design controls and review controls effectiveness Information security requirements are embedded into contracts and third-party management processes Design, implement and report security metrics for testing the effectiveness and applicability of information security controls No of deviations from Policy % compliance KEY ACCOUNTABILITIES Accountabilities Key Performance Indicators Strategy and Governance, Reducing gap between current state and desired state to acceptable risks., Roll out corporate Initiatives as per corporate guidelines, Propose, Review and Recommend cost-effective solutions, Design and review Security Architecture Design and review Security Performance metrics Review Policy effectiveness No of Reviews, No of Architectural Changes Information Risk Management, Asset Classification, Business Impact Assessments, Threat and Vulnerability evaluations, Risk Assessment and Risk Management, Evaluate information security controls and countermeasures, Integrate risk, threat and vulnerability identification and management into information management life cycle, Vulnerabilities Management Formulate and Review Risk Acceptance Criteria, No of Risks Identified/Mitigated, No of Critical Incidents Information Security Program Development and management, Identify and evaluate information security technologies, emerging trends, Align information security architectures with changing business needs, Develop information security standards, procedures and guidelines implement and communicate information security policies, standards, procedures and guidelines ,Design controls and review controls effectiveness, Information security requirements are embedded into contracts and third-party management processes Design, implement and report security metrics for testing the effectiveness and applicability of information security controls. No of deviations from Policy,% compliance Information Security Incident Management, Manage Security operations center, Escalate unresolved issues, Schedule and Conduct Vulnerability, Penetration and Configuration tests and report findings and track findings to closure, Evaluate incident and problem related security incidents,, Security Log alerts review, Co-ordinate for forensics and analysis with vendor SLA, % Critical Incidents, Impact on CIA IT Service Delivery and Support, Implement Plan, do check and act management System, Design of ITIL compliant Process and Procedures, Rollout of ITIL compliant Process and Procedures, Design of Metrics and KPIs, Design of SLAs, Support IT services in floating RFPs and Proposals, Review Effectiveness of Metrics and KPIs, Awareness and Training, Customer Satisfaction Surveys, IT Services Complaints Management, Vendor and Supplier Performance Feedback, Configuration Audits, Change Manager / Service Delivery Manager (Governance),Asset Management ,Service Improvement Management No of Service Improvements, %Backlogs(Problem / Change) , Adherence to BCP IS / IT Audit Process Management, ISO 20000/270001: ,Schedule Internal and External Audits, Internal auditor /management representative, Review audit findings, Conduct Management Review meetings, Corrective and preventive actions, Improve management systems, Compliance to respective Standards,, No of NCs,) KEY ACCOUNTABILITIES - Additional Details EXTERNAL INTERACTIONS External - Roles you need to interact with outside the organization to enable success in your day to day work Concessionaires/Regulatory Agencies /Airlines: Information Security Approvals for new service requests. Non-disclosure Agreements MDI Acceptance and awareness on Information Security Policy Regulatory and Legal Compliance Data privacy and Protections Incidents/Breaches Quality assurance Vendors Information Security Policy Compliance Physical and Environmental controls in use of facilities Review of Incidents/ Breaches Regulatory and Legal compliance Contracts and Procurement Info security guidelines Upgrades / Releases/Patches Security Bulletins Awareness and Training Vulnerability and Security Assessment tailored to business needs SLA Reviews Audits Event and log correlation Quality Assurance Implementation Partners: (Dubai Technology Partners, TCL, TTSL, BSNL, Pathfinder, IBM, KRONOS). Review for security policy compliance with Data and Privacy regulations Quality Assurance Implementation Partners: (Dubai Technology Partners, TCL, TTSL, BSNL, Pathfinder, IBM, KRONOS). Review for security policy compliance with Data and Privacy regulations Quality Assurance OEMs (UFIS, RESA, IER, SAFEGATE, BOSE, SIEMENS COMMUNICATION, SITA) : Performance Review SLA review Incidents and Problem review Legal and Regulatory compliance Security Policy compliance Quality Assurance INTERNAL INTERACTIONS Internal - Roles you need to interact with inside the organization to enable success in your day to day work Business units Aligning Business Requirements with security policy Awareness Programs Compliance and Regulatory Requirements Contractual requirements Human Resources Pre entry, entry and exit Physical and Environmental Requirements Business Continuity Tests Access Controls Quality Assurance Joint Venture Partners (HMACPL, HDFRL, NOVOTEL, FUEL FARM) : Security policy alignment with business requirements Security Awareness Regulatory and Legal compliance SLA Reviews Quality Assurance GHIAL employees Policy awareness Policies compliance Trainings Incident Reporting and Management Quality Assurance DIAL IT & Corporate IT: Share best practices CISO: Ensure corporate requirements are rolled out to business unit-GHIAL Review technological and business unit security requirements Quality Assurance FINANCIAL DIMENSIONS OPEX AOP SIEM Log monitoring and Compliance Cost optimization and Revenue maximizations assurance activities OTHER DIMENSIONS Team size: 1 Customers : 130 End users : 1000+ (staff across HIAL, GADL & Other companies inside the campus using IT services) EDUCATION QUALIFICATIONS Required B.E (Computers / Electronics /IT) Required Postgraduate in computer/ IT Required CRISC (Certified in Risk and Information Systems Control) / or CISA/ or CISM Desirable MBA RELEVANT EXPERIENCE Minimum 9-11 Years in IT with at least 8 Years in Information security, quality and assurance functions COMPETENCIES Personal Effectiveness Social Awareness Entrepreneurship Problem Solving & Analytical Thinking Planning & Decision Making Capability Building Strategic Orientation Stakeholder Focus Networking Execution & Results Teamwork & Interpersonal influence

Highest Qualification: Any Full Time Graduate Note: Hands on experience in ISO 27001 Implementation is mandatory for this role Experienced in managing cyber security services like Cyber Risk Compliance consulting. Experience in setting up end to end Cyber Security frameworks, Compliance Standard implementation, including knowledge in testing (VAPT, Web mobiles appsec, secure code review) Should be adept at conducting gap analysis, risk assessments, Impact assessments, governance and strategy development, Have worked with organizations to develop and implement various industry security standards like, IS0 27001, ISO 20000, PCI DSS, SOC2, GDPR, Privacy standards etc... Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Specific Duties and Responsibilities Include: To manage cyber security projects across EMEA region for cyber security services like Cyber security testing cyber consulting Maintaining margins Business development like having presales discussions with various teams Assist in Business development of various security standards Must Have Skills: Excellent communication and presentation skills. Able to effectively interact with various clients/sales teams and manage clients Good to have Skills / Certification: ISO27001:2013 Lead Auditor CISSP, CISA, CISM, ISO22301, OSCP, CEH, SANS, Cloud certifications, Privacy certifications like CIPP/E, CIPM Qualification: BE/ BTech, MCA, MBA with specialization in Information Security

FISERV Location: Thane What does a successful Internal Audit- IT professional do at FISERV? • Efficiently conduct the audit projects as per The Institute of Internal Auditors standards and in accordance with Fiserv global Internal Audit framework and methodologies. What will you do: • Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) • Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. • Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas • Planning, conducting walkthroughs, drafting process understanding and relevant controls. • Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls • Documenting and Reviewing Test of Designs and Test of Effectiveness controls. • Perform analytical procedures/analysis to test the effectiveness of controls. • Document audit procedures and cross reference working papers. • Create management representation letter comments and recommendations and draft audit reports for management review. • Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., • Validations of audit issues. • Conducting special reviews. What will you need to know: • Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] • Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. • Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. • Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. • Good client interfacing skills, drafting skills, communication, and interpersonal skills. • Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.) What would be great to have: • Desired certifications: CISA / CISSP / CISM / CCNA certified professionals

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. As an IT Security Risk Manager, you would support information security policies, standards, and procedures to secure and protect data. Work directly with user departments to implement procedures and systems for the protection, conservation, and accountability of proprietary, personal, or privileged electronic data. Primary Responsibilities Perform audits to identify control gaps and implement corrective action plans Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Monitor compliance with corrective action plans, and address non-compliance issues appropriately Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools) Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards Facilitate/lead security incident investigation Analyse business requirements and ensure that solutions meet established security policies and controls Maintain metrics and report them. Maintain current knowledge on information security topics and their applicability program requirements Communicate professionally with stakeholders/end users through multiple communication Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Bachelor's degree or higher level of education 4+ years of Information security experience Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Proven auditing skills and the ability to manage risk assessments / projects independently Proven excellent communication skills both verbal and written Proven good presentation skills particularly ability to present technology elements in manner personnel can follow and act Preferred Qualification CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.

JOB PURPOSE To Manage Information Security activities and ITSM processes related to Airport IT Operations. To ensure Security, Quality and Compliance of Systems, Services , Processes . To ensure IT Process Alignment with Business and Stakeholder Requirements To manage Information Security activities and Information Technology Services processes governance relating to IT Operations to ensure confidentiality, integrity and availability of systems, services and associated information are in tune with business and stakeholders needs and adhering to regulatory & statutory requirements ORGANISATION CHART Accountabilities Key Performance Indicators Strategy and Governance Reducing gap between current state and desired state to acceptable risks. Roll out corporate Initiatives as per corporate guidelines Propose, Review and Recommend cost-effective solutions Design and review Security Architecture Design and review Security Performance metricsReview Policy effectiveness No of Reviews No of Architectural Changes Information Risk Management Asset Classification Business Impact Assesments Threat and Vulnerability evalautions Risk Assesment and Risk Management Evaluate information security controls and countermeasures Integrate risk, threat and vulnerability identification and management into information management life cycle Vulnerabilities ManagementFormulate and Review Risk Acceptance Criteria No of Risks Identified/Mitigated No of Critical Incidents Information Security Program Development and management Identify and evaluate information security technologies, emerging trends Align information security architectures with changing business needs Develop information security standards, procedures and guidelines implement and communicate information security policies, standards, procedures and guidelines Design controls and review controls effectiveness Information security requirements are embedded into contracts and third-party management processes Design, implement and report security metrics for testing the effectiveness and applicability of information security controls No of deviations from Policy % compliance KEY ACCOUNTABILITIES Accountabilities Key Performance Indicators Strategy and Governance, Reducing gap between current state and desired state to acceptable risks. , Roll out corporate Initiatives as per corporate guidelines, Propose, Review and Recommend cost-effective solutions, Design and review Security Architecture Design and review Security Performance metrics Review Policy effectiveness No of Reviews, No of Architectural Changes Information Risk Management, Asset Classification, Business Impact Assessments, Threat and Vulnerability evaluations, Risk Assessment and Risk Management, Evaluate information security controls and countermeasures, Integrate risk, threat and vulnerability identification and management into information management life cycle, Vulnerabilities Management Formulate and Review Risk Acceptance Criteria, No of Risks Identified/Mitigated, No of Critical Incidents Information Security Program Development and management, Identify and evaluate information security technologies, emerging trends, Align information security architectures with changing business needs, Develop information security standards, procedures and guidelines implement and communicate information security policies, standards, procedures and guidelines , Design controls and review controls effectiveness, Information security requirements are embedded into contracts and third-party management processes Design, implement and report security metrics for testing the effectiveness and applicability of information security controls. No of deviations from Policy, % compliance Information Security Incident Management, Manage Security operations center, Escalate unresolved issues, Schedule and Conduct Vulnerability, Penetration and Configuration tests and report findings and track findings to closure, Evaluate incident and problem related security incidents, , Security Log alerts review, Co-ordinate for forensics and analysis with vendor SLA, % Critical Incidents, Impact on CIA IT Service Delivery and Support, Implement Plan, do check and act management System, Design of ITIL compliant Process and Procedures, Rollout of ITIL compliant Process and Procedures, Design of Metrics and KPIs, Design of SLAs, Support IT services in floating RFPs and Proposals, Review Effectiveness of Metrics and KPIs, Awareness and Training, Customer Satisfaction Surveys, IT Services Complaints Management, Vendor and Supplier Performance Feedback, Configuration Audits, Change Manager / Service Delivery Manager (Governance), Asset Management , Service Improvement Management No of Service Improvements, %Backlogs(Problem/Change), Adherence to BCP IS / IT Audit Process Management, ISO 20000/270001: , Schedule Internal and External Audits, Internal auditor /management representative, Review audit findings, Conduct Management Review meetings, Corrective and preventive actions, Improve management systems, Compliance to respective Standards, , No of NCs, ) KEY ACCOUNTABILITIES - Additional Details EXTERNAL INTERACTIONS External - Roles you need to interact with outside the organization to enable success in your day to day work Concessionaires/Regulatory Agencies /Airlines: Information Security Approvals for new service requests. Non-disclosure Agreements MDI Acceptance and awareness on Information Security Policy Regulatory and Legal Compliance Data privacy and Protections Incidents/Breaches Quality assurance Vendors Information Security Policy Compliance Physical and Environmental controls in use of facilities Review of Incidents/ Breaches Regulatory and Legal compliance Contracts and Procurement Info security guidelines Upgrades / Releases/Patches Security Bulletins Awareness and Training Vulnerability and Security Assessment tailored to business needs SLA Reviews Audits Event and log correlation Quality Assurance Implementation Partners: (Dubai Technology Partners, TCL, TTSL, BSNL, Pathfinder, IBM, KRONOS). Review for security policy compliance with Data and Privacy regulations Quality Assurance Implementation Partners: (Dubai Technology Partners, TCL, TTSL, BSNL, Pathfinder, IBM, KRONOS). Review for security policy compliance with Data and Privacy regulations Quality Assurance OEMs (UFIS, RESA, IER, SAFEGATE, BOSE, SIEMENS COMMUNICATION, SITA) : Performance Review SLA review Incidents and Problem review Legal and Regulatory compliance Security Policy compliance Quality Assurance INTERNAL INTERACTIONS Internal - Roles you need to interact with inside the organization to enable success in your day to day work Business units Aligning Business Requirements with security policy Awareness Programs Compliance and Regulatory Requirements Contractual requirements Human Resources Pre entry, entry and exit Physical and Environmental Requirements Business Continuity Tests Access Controls Quality Assurance Joint Venture Partners (HMACPL, HDFRL, NOVOTEL, FUEL FARM) : Security policy alignment with business requirements Security Awareness Regulatory and Legal compliance SLA Reviews Quality Assurance GHIAL employees Policy awareness Policies compliance Trainings Incident Reporting and Management Quality Assurance DIAL IT & Corporate IT: Share best practices CISO: Ensure corporate requirements are rolled out to business unit-GHIAL Review technological and business unit security requirements Quality Assurance FINANCIAL DIMENSIONS OPEX AOP SIEM Log monitoring and Compliance Cost optimization and Revenue maximizations assurance activities OTHER DIMENSIONS Team size: 1 Customers : 130 End users : 1000+ (staff across HIAL, GADL & Other companies inside the campus using IT services) EDUCATION QUALIFICATIONS Required B. E (Computers / Electronics /IT) Required Postgraduate in computer/ IT Required CRISC (Certified in Risk and Information Systems Control) / or CISA/ or CISM Desirable MBA RELEVANT EXPERIENCE Minimum 9-11 Years in IT with at least 8 Years in Information security, quality and assurance functions COMPETENCIES Personal Effectiveness Social Awareness Entrepreneurship Problem Solving & Analytical Thinking Planning & Decision Making Capability Building Strategic Orientation Stakeholder Focus Networking Execution & Results Teamwork & Interpersonal influence

Job Description : Approve, within the given mandate, all tier 2-4 Vendor assessments. Advice Global TPCRM and Global DPO on tier 1 Vendor assessments. Collect and evaluate latest Vendor Assurance documents (ISO 27001 certificates and SOC2 statements, tier 1-2) and store them. Escalate high risks to Global TPCRM and Global DPO Launch relevant Vendor assessments (internal and external) Support business departments (Global and OPCOs) and Vendors filling in Vendor assessments Reports: Monthly reporting on Key Performance Indicators (KPI) Reports on Vendor risks, threats or findings Exp : 3+ years Expertise with Vendor Risk Management, GRC, and ISO 27001. Shift timing : 1.00 PM-10 PM IST Hybrid mode of work Location : Hyderabad Notice Period : Immediate- 30 days only.

The Role: The Senior Information Security Engineer is for responsible for implementing industry best security practices, will design, implement, maintain, and document the security measures to protect the organization against cyber threats and attend all ISO audits and requirements. Your Responsibilities: Ensuring that an ISMS system is established, implemented, and maintained in accordance with the ISO 27001:2013 and/or ISO 27001:2022. Lead all ISO and customer security audits/meetings and compliance activity. Contributing to Request for Proposal (RFPs) and supporting IT in CAPA management and Change Controls. Conducting regular internal security audits (Quarterly basis) to assess the effectiveness of security controls and identify areas for improvement. IT tickets handling related to security related incidents. Security Incident Reporting - Generating and presenting regular reports on the organization's security posture(weekly/quarterly/annual), including incidents, vulnerabilities, and risk mitigation efforts. Organization wide Security Awareness - Contributing to and developing security awareness by way of email leaflet/posters on monthly basis and training materials to improve security posture among the organization's staff. Security Policies and Procedures - Developing and implementing security policies, standards, and procedures to safeguard the organization's information assets. Review process documentation to ensure adequacy and consistency is maintained. Risk Assessment - Contribute to the team on regular assessments to identify potential security risks and vulnerabilities in the organization's IT infrastructure. Vulnerability Management - Monitoring and managing vulnerabilities in the organization's systems, including applying patches and updates in a timely manner. Running and automation of vulnerability scans and responsible for closure. Penetration Testing - Gathering penetration test requirements and performing internal pen tests on a scheduled basis. Should be adaptable for 24x7x365 availability for new security related projects/tasks. Preferred Qualifications, Training and Experience: Engineering degree in Computer Science, Information Technology, or a related field. Certifications such as CISSP, CISA/CISM, CEH and ISO 27001 demonstrating expertise in information security management and practices. Minimum of 10 years’ experience in information security roles, with a focus on security architecture, ISO Audits, incident response, and risk management. In-depth knowledge of security technologies such as firewalls, intrusion detection/prevention systems, encryption, and endpoint security solutions. Proficiency in security monitoring tools and techniques for detecting and responding to security incidents in real-time.

Governance: Develop, review, and update information security policies, procedures, and frameworks to align with industry best practices and regulatory requirements. Risk Management: Conduct comprehensive risk assessments, including identifying

We are looking for a highly skilled and experienced Risk Consulting Senior Associate 1 to join our team in Bengaluru. The ideal candidate will have 3-5 years of experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Roles and Responsibility Develop an understanding of RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review control's design and operating effectiveness. Conduct IT internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to advise clients. Ensure documentation complies with quality standards and collaborate effectively with RSM consulting professionals, supervisors, and senior management. Manage multiple concurrent engagements and provide timely, high-quality client service that meets or exceeds expectations. Utilize problem-solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to best advise our clients. Exercise professional skepticism, judgment, and adhere to the code of ethics while on engagements. Ensure service excellence through prompt responses to internal and external clients. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing an integrated service delivery. Ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 3-5 years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Intermediate knowledge of financials, operations, and technology and its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Strong multi-tasking and project management skills. Excellent verbal and written communication (English) as this is a client-facing role and requires frequent communications with RSM International clients.

RTX Internal Audit team provides independent and objective assurance services designed to ensure appropriate financial, operational and compliance controls exist and function effectively at Raytheon Technologies. Internal Audit helps RTX accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the efficiency and effectiveness of risk management, governance, and financial and operational controls in a manner consistent with the Institute of Internal Auditors professional practices framework including the Standards for the Professional Practice of Internal Auditing. The Digital Technology Audit Specialist position is an exciting and challenging opportunity for a dynamic audit professional who seeks to build on their existing audit and accounting experience through in-depth exposure to a fast-paced international business. The Internal Audit function is developmental in nature and employees are assisted in furthering career goals through training development, strategic networking opportunities and eventual placement into critical business segment roles, after a tenure within the group. This group is seen as a premiere entry point into the business segments within the company. As a Digital Technology Audit Specialist, you will perform reviews of critical business systems and technologies, evaluating effectiveness of internal controls and identifying potential process improvement opportunities. Key Responsibilities As a staff auditor on the team, participate in completing risk-based audits on assigned engagements Assess risk of key business processes resulting in the preparation of audit plans and specific audit programs Create process maps of significant digital technology, financial, business, and operational processes in order to identify potential internal control weaknesses and recommend opportunities for improvement Prepare clear, concise audit reports Present audit conclusions and recommendations to senior management Develop new automated testing procedures using internal tools such as Tanium, ServiceNow, and PowerBi Continuous self-improvement including the addition of technical skills, as needed, based on department needs (eg, Cloud Computing, IoT and AI/ML) Demonstrate a commitment to diversity and act as a champion for change within the department and in partnership with other functions/businesses. Travel to company locations as necessary (in the potential range of 10% to 40% internationally) Education Bachelors Degree Advanced degrees preferred, but not required Basic Qualifications Minimum 4+ years of experience in cybersecurity, IT, project management, engineering, or another operational field Preferred Qualifications Attained or working towards advanced degree. Certified Internal Auditor (CIA), Certified Internal System Auditor (CISA). Certified Information System Security Professional (CISSP), Certified Ethical Hacker (CEH), or desire/ability to obtain certification. Experience with public accounting, internal audit, government accounting, or project management work with exposure to a manufacturing environment. Knowledge of SOX, CMMC, NIST, ISO and/or COSO control frameworks Additional Skills and Abilities Navigate relationships to build and contribute to effective and committed teams including respecting others and their ideas, ability to work in cross-functional networks and enable transparency, understanding and cohesion among group members Analyze and turn robust streams of data into actionable insights for stakeholders to consider (including performing continuous auditing through testing of complete data sets, testing audit evidence in real time focusing on anomalies in a population, and using predictive analytics or analytic capabilities to predict events/maximize opportunities) Advanced written and verbal communication skills with ability to communicate in a clear and concise manner across all levels of the organization including remote Business Unit partners Strong attention to detail, ability to work under pressure Strong interpersonal skills with the ability to facilitate diverse teams toward operational efficiencies within a fast paced, global environment Knowledge/experience in project management, strong analytical, problem solving, planning and organizational skills Strong mind-set focusing on identifying inefficiencies and driving process improvements. CORE training and certification preferred. Outstanding formal and informal presentation skills Comfortable using with Microsoft O365 Knowledge of information systems audit tools

Visa is looking for a candidate to join its Cybersecurity 3rd Party Technology Risk Management (3PTRM) team as an Associate Cybersecurity Analyst, which works with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet Visa security requirements and mitigate any risks that are associated with engagement of third parties. The Analyst will work closely with Supplier Relationship Owners (SROs) and other Cybersecurity teams such as penetration testers, security architects, etc to assess and monitor third parties that do business with Visa. The role requires the candidate to have strong analytical, communication, and organizational skills, as we'll as a solid understanding of cybersecurity concepts and best practices. Essential Functions: Perform risk/security assessments of Suppliers and Third-Party relationships to identify, validate and remediate risks Cybersecurity Risks. This may include performing interviews, document design assessments and walkthroughs of cybersecurity controls. Support ongoing monitoring of Suppliers and Third Party to review compliance against compliance and regulatory requirements. Participate and conduct onsite assessments of Third Parties against Visa s security framework and industry security standards. Support risk/security assessments for special projects involving Third Parties. Support PCI-related activities relevant to third parties to ensure compliance with PCI requirements. Exhibit pragmatism in formulating process remediation and implementation strategies, defining work tracks, and submitting assessment findings and recommendations. Proactively follow-up with Suppliers to ensure prompt remedial actions for assessment findings. Basic Qualifications: Bachelors degree, OR 3+ years of relevant work experience Preferred Qualifications: 2 or more years of work experience. Bachelor s degree in Computer Science, Information Systems, Engineering, or related field, or equivalent work experience. Minimum of 1 years of experience in cybersecurity, IT audit, or IT risk management. Experience in cybersecurity, IT audit, risk management, compliance, or related fields. Knowledge of cybersecurity frameworks and standards such as NIST, ISO, PCI, etc. Strong written and verbal communication skills, and ability to communicate effectively with technical and non-technical audiences. Ability to work independently and collaboratively in a fast-paced environment. Certifications such as CISSP, CISA, CISM, CRISC, or equivalent are preferred.

MSCI is searching for a skilled IT specialist with a keen interest in IT internal controls to support the IT SOX function. This is a high-impact role as part of the Technology Data Business Technology team improving and implementing IT general controls (e.g., user access and change management) and application controls (e.g., auto-calculations and validations) , within the scope of MSCI s SOX program , through partnership with key technology stakeholders to strengthen our existing program. Your Key Responsibilities Support the design and implementation of the technology internal control framework , to build robust IT general and application controls for business reliance , to ensure complete and accurate financial reporting Collaboratively partner and build relationships with control owners, internal audit, and external audit throughout annual SOX planning , scoping , control execution , testing, and issue management Assist control owners through the SOX program lifecycle including regular risk assessments, control design, control implementation, walkthroughs, and evidence collection Directly support the IT team s assess ment and improve ment of business as usual (BAU) processes/controls related to user access provisioning/deprovisioning , user access recertification , privileged access , service account management , and change management to ensure robust procedures are documented, processes follow procedure s consistently , and help redesign and improve processes inconsistently performed Collaborate with internal audit throughout IT and operational audits, including key stakeholder identification, testing, and management action plan identification SOX control deficienc y and operational audit issue management , including remediation support Perform management testing of SOX controls to ensure controls are designed and operating effectively and issues are proactively identified prior to audit testing Ensure control owner compliance with policies for critical processes by regularly assess ing adherence with MSCI s procedures and standards P roactively support ongoing stakeholder initiatives to assist in SOX audit readiness Assist i n team member education on best practices for proper control execution, process design, and audit evidence S upport special projects, including mergers and acquisition integrations and technology transformation projects Your skills and experience that will help you excel Bachelor s degree in Management Information Systems or other relevant field (certifications including CISA a plus) 1 3 years of experience as a n information technology professional (technology audit experience a plus) Preferred knowledge of Sarbanes-Oxley compliance, IT application and general controls, and issue managem ent Robust knowledge of user access, change management, software development, system architecture, databases, and operating systems Experience with Power Platform, ServiceNow, Salesforce, SAP and/or Workday a plus Advanced verbal and written communication skills Strong presentation and negotiation skills E ffective relationship building with technology partners to accomplish critical goals Team player and desire to work succ essfull y in a diverse and global organization Strong problem solving and analytic al skills, and thrive with unstructured tasks and initiatives About MSCI What we offer you Transparent compensation schemes and comprehensive employee benefits, tailored to your location, ensuring your financial security, health, and overall wellbeing. Flexible working arrangements, advanced technology, and collaborative workspaces. A culture of high performance and innovation where we experiment with new ideas and take responsibility for achieving results. A global network of talented colleagues, who inspire, support, and share their expertise to innovate and deliver for for ongoing skills development. Multi-directional career paths that offer professional growth and development through new challenges, internal mobility and expanded roles. We actively nurture an environment that builds a sense of inclusion belonging and connection, including eight Employee Resource Groups. All Abilities, Asian Support Network, Black Leadership Network, Climate Action Network, Hola! MSCI, Pride Allies, Women in Tech, and Women s Leadership Forum. . MSCI Inc. is an equal opportunity employer. It is the policy of the firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, gender, gender identity, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy (including unlawful discrimination on the basis of a legally protected parental leave), veteran status, or any other characteristic protected by law. MSCI is also committed to working with and providing reasonable accommodations to individuals with disabilities. If you are an individual with a disability and would like to request a reasonable accommodation for . Please note, this e-mail is intended only for individuals who are requesting a reasonable workplace accommodation; it is not intended for other inquiries. To all recruitment agencies . Note on recruitment scams

We are looking for a highly motivated and detail-oriented individual with 0 to 3 years of experience to join our team as a Risk Consulting Associate in the IT SOX domain. The ideal candidate will have excellent analytical skills, strong knowledge of financial services, and a passion for delivering high-quality results. Roles and Responsibility Develop an understanding of RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review control design and operating effectiveness. Conduct internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions. Ensure documentation complies with quality standards. Collaborate with RSM consulting professionals, supervisors, and senior management in the U.S. daily. Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients. Provide timely, high-quality client service, coordinating the development and execution of the consulting work plan and client deliverables. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing integrated service delivery. Ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 0-3 years of relevant experience in Information Technology/Security Controls, SSAE18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Intermediate knowledge of financials, operations, and technology and its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Strong multi-tasking and project management skills. Excellent verbal and written communication (English) as this is a client-facing role requiring frequent communications with RSM International clients.

We are looking for a skilled professional with 8 to 13 years of experience to join our team as an Associate Manager/Manager - RC TRC IT SOX Consulting in Bengaluru. The ideal candidate will have a strong background in Information Technology/Security Controls and experience in Risk Consulting. Roles and Responsibility Develop an understanding of the RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review, document, evaluate control's design and operating effectiveness. Conduct internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to advise clients. Collaborate with the team to provide integrated service delivery and ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 8+ years of relevant experience in Information Technology/Security Controls. Intermediate knowledge of financials, operations, and technology, along with its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills, including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Excellent verbal and written communication skills, as this role requires frequent client interactions. Ability to manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients. Provide timely, high-quality client service that meets or exceeds expectations, including coordinating the development and execution of the consulting work plan and client deliverables. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing an integrated service delivery. Ensure professional development through ongoing education.

Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster RecoveryPerform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk Control Matrix Perform business process walkthrough and controls testing for IT Audits Performing planning and executing audits, including - SOX, Internal Audits, External AuditsConducting controls assessment in manual/ automated environmentPrepare/Review of Policies, Procedures, SOPsMaintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables Demonstrate a thorough understanding of complex information systems and apply it to client situations Use extensive knowledge of the clients business/industry to identify technological developments and evaluate impacts on the work to be performed Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project s progress Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status

Security Risk and Compliance Expert will be instrumental in shaping the global Information Security Management System (ISMS) within our Group Security team. This role involves engaging with various Business Groups and Corporate Functions to identify and manage information security risks, ensuring compliance and enhancing our security posture. Facilitate risk assessments, develop training, and contribute to the continuous improvement of security policies and tools. Enhance the overall security and compliance of services provided to our customers. You have: Master's or bachelor's degree in computer science, security engineering, or equivalent 5+ years of experience in information security in a multinational organization. Solid understanding of information security processes and technologies Practical knowledge of ISO/IEC 27001:2022 standard implementation Excellent documentation and communication skills It would be nice if you also had: Knowledge of security standards like CSA CCM, NIST CSF, NIS2, and SOC2 Experience delivering information security training Familiarity with RSA Archer and Microsoft Power BI or other GRC tools Certifications in information security (e.g., CRISC, CISSP and ISO 27001 LI/LA) Implement and operate the global Information Security Management System (ISMS) to enhance overall security and compliance Conduct risk assessments with global stakeholders to evaluate and report information security risks Develop and maintain the information security risk register, tracking mitigation progress and presenting reports to stakeholders Provide recommendations for security risk mitigation strategies tailored to different business groups Create, update, and maintain ISMS documentation and a repository of reports and audit records Facilitate training sessions to educate employees on ISMS practices and promote a strong security culture Collaborate with cross-functional teams to identify evolving security trends and compliance requirements Contribute to the continuous improvement of Nokia ISMS and related tools, utilizing KPIs to measure effectiveness

Domain Certifications CISSP, CISA, CRISC, ISO 27001 Responsibilities Own and lead the governance program at account level for a large Financial services account with 700 + head count and multi country locations having high security Offshore Delivery Centres & Work from home teams Develop, implement and monitor Account level Information security governance program; meeting client compliance requirements proactively Perform contract reviews, cyber security risk assessments and drive compliance programs to meet contractual and organizational cyber security requirements within the client offshore delivery centres. Experience in Application security and code reviews which can be leveraged to guide and work with delivery teams on covering the cyber security risks associated with Application security, development and maintenance projects. Work closely with different teams internally like IT, business, HR, facilities, cyber security which operate at Organization level to translate client requirements and assess residual risk if required Give directions and monitor the compliance and operations activities within the account through dedicated team and work closely with account team on ensuring the compliance within account team Develop account level procedures, metrics and review programs to maintain and enhance the governance model within the account Be a single point of contact for client interactions during third party audits and liaise within the organization Prepare the account for certification and internal audit requirements based on industry standards like PCI DSS and ISO 27001 requirements Focus and objective driven to demonstrate ongoing improvements; identify early indicators of non compliance and able to draw mitigation actions Hold technical skills to participate in technical discussions for delivery centre setup, connectivity models Excellent communication skills and have demonstrated effective CXO level reviews

Job Title : IT Audit Compliance Lead Department : Information Technology , No of Vacancy : 1 Location : Thrissur , Kerala Experience required : 8- 13 years Responsibilities : • To drive and supervise IT related audits with internal and external stake holders ensuring successful end to end audit cycle. • Supervise and guide audit team at IT Dept and ensure they meet assigned tasks in prompt and efficient manner. • Managing and coordinating major audits such as RBI CSITE IT Audit, IS Audit (external & Internal), Statutory audit, vendor audits etc. • Coordinating with external auditors on the audits conducted in IT Department and providing responses to audit queries / remarks and providing added evidence requested by auditors. • Conducting discussion on draft audit reports for finalization of the same with the auditors . • Escalating delays in closure/response with SI and other internal or external stake holders. • Participation of various discussions on audit interviews and also on determining closing timelines and methods. • Participating in various committees like IT Steering Committee, ISGC, ACE, on need basis. • Timely provision of ATRs for Committees. • Sending Audit dash boards to top management. • Preparation of vertical related notes to ED and various Committees. • Participating in Regulatory change management meeting with SI for following up of audit related regulatory changes. • Work with IT Leads and Process Owners to step up compliance on audit observations and closing the same. • Responsible for establishing, maintaining, coordinating, and overseeing Audit, compliance with policies and procedures regarding the confidentiality, integrity, and security of information assets. Key Competencies : • Intermediate level knowledge on IT & InfoSec aspects. • Strong knowledge on MS Office package • Data Analysis and Data interpretation skills • Good communication and presentation skills Qualification Required : MCA / B Tech in IT with all round IT exposure of 7+ years Note: InfoSec/ IT-Audit related certifications like DISA, CISA preferred

Core Responsibilities Managing multiple shifts of Security Operations Centre Managers performing security event monitoring and incident identification for 247 Security Operations Centre Provide tactical and strategic direction for the Security Operations Centre staff, program development & maturity roadmap To validate the Incidents reported by SOC operators. To escalate timely when the SLA for alerting is not met. To identify the incidents if there are any missed by SOC operators To interact with external parties to resolve the queries relating to the raised incidents. To manage the SIEM, incidents knowledge base. To generate the daily reports, weekly reports and monthly reports on time. To maintain the timely delivery of reports. To maintain the updated and latest log baselines. The security analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier2information security specialist, and/or customer as appropriate to perform further investigation and resolution. Recommend enhancements to SOC security process, procedures and policies. Participate in security incident management and vulnerability management processes. Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats Communicate effectively with customers, teammates, and management Provide input on tuning and optimization of security systems Follow ITIL practices regarding incident, problem and change management Document and maintain customer build documents, security procedures and processes. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Other responsibilities and additional duties as assigned by the security management team Qualifications Ideal candidates will have as much of the following High-level understanding of TCP/IP protocol and OSI Seven Layer Model. Knowledge of security best practices and concepts. Knowledge of Windows and/or Unix-based systems/architectures and related security. Intermediate level of knowledge of LAN/WAN technologies. Must have a solid understanding of information technology and information security. Certification in at least one industry-leading SIEM product. Preferred Information Security professional designations such as CISSP, CISM, CISA 3-5 years previous Security Operations Centre Experience in conducting security investigations Detail oriented with strong organizational and analytical skills Strong written communication skills and presentation skills Self-starter, critical and strategic thinker, negotiator and consensus builder Good knowledge of IT including multiple operating systems and system administration skills (Windows, Linux) Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products Strong understanding of security incident management, malware management and vulnerability management processes Security monitoring experience with any SIEM technologies and intrusion detection technologies Experience with web content filtering technology -policy engineering and troubleshooting Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP A Bachelors Degree / Diploma in a relevant area of study with a preference for Information Security, Computer Science or Computer Engineering Excellent English written and verbal skills. Shift work required After-hours availability required

ROLE & RESPONSIBILTY: Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments. REQUIREMENTS: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices. Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review. Conceptual knowledge of OT Security/ISA 62443 standard is preferable.