886 Cisa Jobs - Page 12

Information Security Compliance Manager Location: Embassy Tech Village, Bangalore, India Experience: 5 - 7 Years Work Mode: Full-time, Work from Office About the Role: As an Information Security Compliance Manager at Swiggy, you will be a key driver in ensuring that our security, privacy, and regulatory compliance posture remains robust and aligned with industry standards. This role requires a hands-on candidate who can deliver compliance frameworks, manage compliance reviews and risk assessments, and collaborate across teams to embed security best practices in everyday business operations. You will work closely with internal stakeholders and external auditors to safeguard our environment and keep Swiggy compliant with applicable regulations and standards. What You ll Do: Compliance Leadership & Program Management Lead and manage the organization s information security and privacy compliance programs, including data protection, regulatory risk management, and compliance testing. Own remediation efforts, providing clear guidance and tracking to ensure timely closure of compliance gaps. Continuously assess and improve existing compliance policies, controls, and processes. Compliance Reporting & Risk Assessments Plan, coordinate, and execute internal compliance reviews and risk assessments aligned with ISO 27001, ISO 27701, PCI-DSS, and other relevant frameworks. Develop and maintain framework and tools that enable effective measurement of compliance maturity. Conduct security risk assessments and compliance checks across IT systems and business processes. Governance & Reporting Collect, analyze, and deliver detailed compliance reports to senior management and relevant stakeholders. Investigate and document compliance issues, security incidents, and audit findings. Facilitate cross-functional communication to ensure compliance risks are understood and mitigated. Training & Awareness Design and deliver information security and privacy training sessions for new employees and ongoing awareness campaigns for existing staff. Develop materials that clearly articulate compliance requirements and promote a culture of security. Operational Controls & Reviews Conduct periodic reviews of critical systems including Active Directory, HRMS, privileged access, firewall rules, and patch management controls. Collaborate with IT and business teams to ensure compliance-related controls are implemented and effective. Org Certifications & Audits Collaborate with external auditors and stakeholders to maintain org certifications and facilitate external audits What We re Looking For: Qualifications & Experience: Graduate with 5 to 7 years in information security compliance, governance, risk management, or related roles. Hands-on experience with compliance standards and frameworks including ISO 27001, ISO 27701, PCI-DSS, and data privacy regulations. Proven track record of managing audit processes, compliance testing, and remediation programs. Experience collaborating across technical and business functions to embed compliance in organizational culture. Technical & Professional Skills: Strong knowledge of security frameworks and best practices (NIST, ISO, PCI-DSS, GDPR, etc.). Ability to interpret and apply regulatory requirements and industry standards. Excellent communication skills to present complex compliance topics clearly to diverse audiences. Strong project management skills with the ability to prioritize and drive multiple initiatives. Demonstrated leadership and negotiation skills to influence stakeholders and build consensus. Preferred Certifications: ISO 27001 Lead Auditor or Lead Implementer ISO 27701 Lead Auditor or Lead Implementer Certified Information Security Auditor (CISA) Certified Information Security Manager (CISM) CompTIA Security+ Nice to Have: Knowledge of ITIL processes, PCI-DSS specifics, and Personal Data Protection regulations. Familiarity with cloud security compliance (AWS, Azure, GCP). Experience with governance, risk, and compliance (GRC) tools and exposure to using AI. Visit our tech blogs to learn more about some the challenges we deal with: .

Role: Associate Lead Third Party Risk Management (TPRM) About the Company: Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won t just imagine the future-you ll create it. About the Job: The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments: Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reporting: Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring: Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication: Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development: Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up-to-date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness: Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level: 12+ years. Location: Hyderabad / Bengaluru Required skills: 10 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA Additional information (if any): Need to be flexible to provide coverage in US morning hours. Location: IND:KA:Bengaluru / Innovator Building, Itpb, Whitefield Rd - Adm: Intl Tech Park, Innovator Bldg Job ID R-74196 Date posted 07/09/2025

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Compliance Management Good to have skills : Security Architecture DesignMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Seeking an experienced Security Architect/ Security Compliance Professional to lead and support the design, implementation, and maintenance of security governance, risk, and compliance (GRC) frameworks. This role ensures that the organization complies with industry standards and regulations such as ISO/IEC 27001, PCIDSS, NIST CSF, SOC 2, TISAX, and others. The candidate will work cross-functionally to manage audits, assess risks, and drive continuous improvement in the security posture of the organization. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security managed operations, ensuring that all security measures align with organizational standards and compliance requirements. You will also engage in continuous improvement initiatives to enhance the security posture of the organization. Roles & Responsibilities:Expected to perform independently and become an SME or manage a team of GRC professional. Required active participation/contribution in client discussions. Contribute in providing solutions to compliance related complex situations Conduct regular assessments of security framework based or cloud security controls to ensure compliance with established standards. Collaborate with cross-functional teams to identify and mitigate potential security risks. Professional & Technical Skills: Proficient in Information Security, Cyber Security and Governance, Risk, and Compliance (GRC).Has significant exposure to evolving landscape of security compliance requirementsLead and manage security compliance initiatives across the organization.Manage/ Conduct gap assessments and implement controls in alignment with compliance standards (e.g., ISO 27001, PCIDSS, NIST, SOC 2, GDPR and other relevant frameworks).Coordinate and support internal and external security audits, including evidence collection and remediation planning.Partner with business, IT, and legal teams to ensure compliance requirements are understood and implemented.Develop and maintain security policies, procedures, and documentation in line with regulatory needs.Monitor compliance status and prepare reports and metrics for leadership.Educate teams on compliance requirements and drive a culture of security awareness.Relevant certifications :ISO27001LA/LI, ISO3100 or CISA, CISM, CRISC, or equivalent. Additional Information:The candidate should have 6-8 years of relevant experience in Information Security Governance, Risk and Compliance (GRC).A 15 years of full time education is required.This position is based at our Gurgaon/ Bangalore and Other Accenture locations Qualification 15 years full time education

We are currently looking for an ambitious and dynamic IT SOX/Internal Auditor to join our Global SOX Team based in Bangalore. The main purpose of the role is to assess the adequacy of IT controls design and complete the test of effectiveness covering all aspects of Visa s in-scope key financial systems and applications. It is expected that this position will include responsibility for the understanding of complex IT areas in accordance with plan. The Analyst should expect to assume supporting role in the completion of the SOX 404 testing stage for several IT controls under the direction of managers. Skills Strong problem-solving skills, with demonstrated ability to identify and resolve issues and risks, including root cause analysis. Ability to anticipate and identify opportunities to establish standards and controls, as well as develop and recommend solutions. Effective communication, interpersonal and influencing skills and ability to drive effective change at all levels of the organization. Detailed, conscientious and highly responsible team player. Responsibilities Review and assess adequacy of walkthrough documentation, perform test of effectiveness through review of supporting documents, meeting control owners and report control issues identified. Attend and support IT controls meetings with control owners, external auditors and SOX team members. Document test results in Visa s work papers template ready for review by SOX team members and external auditors. Interacts with management to assess control exceptions. Keep control owners and SOX team informed of exceptions and assist the IT teams with the development of Management Action Plans to mitigate issues, and evaluate adequacy of managements actions. Possess good written and oral communication skills, demonstrate these skills during meeting with control owners and IT teams. To be a key member of the SOX team and contribute to the planning and execution of the annual SOX program for IT controls. Provide best practice expertise to management and the SOX team on the COSO and IT SOX internal control frameworks. Handling day-to-day relationships with the external auditors on control matters and related issues. Professional 3 - 5 years of experience in SOX, internal audit, or risk with focus on IT controls (ITGC/ITAC) Experience in financial services or payments industry preferred . Big 4 experience preferred Qualification

About The Role Skill required: Control Testing - Agile testing Designation: Regulatory Compliance Analyst Qualifications: Any Graduation Years of Experience: 3 to 5 years About Accenture Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. Visit us at www.accenture.com What would you do Help clients transform their compliance function from reactive to proactive through an intelligent compliance operating model powered by data, intelligent technologies and talentLooking for someone with SOX testing experience.Conduct testing tasks within Agile models and integration processes and manage development sprints. Automated/IT control testing experience is required What are we looking for Commitment to qualityWritten and verbal communicationRisk managementAbility to work well in a teamAbility to meet deadlinesAutomated/IT control testing experience is must Roles and Responsibilities: In this role you are required to do analysis and solving of lower-complexity problems Your day to day interaction is with peers within Accenture before updating supervisors In this role you may have limited exposure with clients and/or Accenture management You will be given moderate level instruction on daily work tasks and detailed instructions on new assignments The decisions you make impact your own work and may impact the work of others You will be an individual contributor as a part of a team, with a focused scope of work Please note that this role may require you to work in rotational shifts Qualification Any Graduation

Designs, develops, modifies, adapts and implements short- and long-term solutions to information technology (IT) needs through new and existing applications, systems architecture, network systems and applications infrastructure. Reviews system requirements and business processes; codes, tests, debugs and implements software solutions. Under general supervision, implements and troubleshoots various information systems security software, following policies and procedures. Under general supervision, tests and validates solutions to remediate exploitable conditions on devices such as Web servers, mail servers, routers, firewalls and intrusion detection systems following established policies and procedures. Under general supervision, evaluates, codes and implements software fixes (patches) to address system vulnerabilities such as malicious code (e.g. viruses), system exploitation using SQL injection, cross-site scripting, buffer overflows, parameter tampering, hidden field manipulation, cookie poisoning, and Web services manipulation. Under general supervision, conducts security assessments of systems, networks and applications using penetration tests and ethical hacking tools and risk assessment/mediation methodologies to evaluate vulnerabilities. Prepares status reports on security matters to develop security risk analysis scenarios and response procedures. Has technical knowledge of security issues, techniques and implications across all existing computer platforms. Develops security solutions for routine to moderately assignments. Education Required: Degree qualified in Computers Science, Information Systems or other related discipline, or equivalent work experience. Experience Required: At least 3 years Special Qualifications: Is working towards any of the following Certifications and/or Professionalization status: CCIE (certified CISCO Internet Engineer), MCSE certification; GIAC Certified Windows Security Administrator (GCWN); GSEC, GCFW, GCIA, GCIH, GISO, GSNA, GCFA, GSLC; CISA, CISSP certifications; CIPP (Certified Information Privacy Professional).

A primary focus for this position will be to lead audit execution covering end-to-end processes of auditable entities within the IT and Cybersecurity Inspection Generale APAC team. Responsibilities This individual will work closely with audit assignment team members to complete each phase of the audit. This will entail: assessing the sufficiency and suitability of controls to mitigate risks; and testing the operating effectiveness and sustainability of controls; and documenting walk-throughs of in-scope processes; and documenting the investigations conducted and their results; and drafting findings and associated recommendations to address identified gaps in the control environment; and documenting the final report. This individual will have regular interactions with team members, process / control owners, and management of business units. Based on experience, this role will entail contributing to IT audits. Duties: Demonstrates a strong ability to audit procedures and controls accurately, timely, and with minimal supervision. Executes audit work in accordance with BNPP Inspection Generale policies and procedures. Testing the control design and operating effectiveness of in-scope IT controls Contributes to the completion of continuous monitoring activities for assigned auditable entities and escalates matters that may impact the timing of the next audit assignments. Prepares and updates risk assessments for assigned auditable entities for supervisory review. Validates the sufficiency and suitability of business corrective actions to address audit recommendations. May be asked to direct the work of more junior staff members on the audit assignments. Performs other duties as assigned. Technical & Behavioral Competencies Deep knowledge of IT audit Requires deep knowledge of banking functions typically obtained through advanced education combined with experience. Exhibits effective written and verbal communication skills with all levels of management (in English) Not less than 10 years of experience in IT external auditing / internal auditing / in the financial services industry. Curiosity, rigor, and precision. Outstanding analytical skills High level of initiative, commitment, and drive Ability to work effectively under pressure and within short deadlines Promotes a constructive, cooperative, and participative teamwork environment Specific Qualifications (if required) Possess a Bachelors / Masters Degree in Information Technology/ Management Information System / Computer Science and related discipline; Professional Qualification/Certification: in IT Audit - CISA (Certified Information System Audit) required other IT certification: Cybersecurity (e.g CISSP, CISM, CCSP/CCSK, CEH), IT Service Management (ITIL foundation). Skills Referential Behavioural Skills : Communication skills - oral & written Ability to collaborate / Teamwork Attention to detail / rigor Active listening Adaptability Transversal Skills: Analytical Ability Ability to manage a project Ability to manage / facilitate a meeting, seminar, committee, training Ability to understand, explain and support change Ability to anticipate business / strategic evolution Education Level: Master Degree or equivalent Experience Level At least 10 years

This role will be responsible for supporting the Third-Party Technology Risk Management team in identifying and evaluating potential/ recognized risks related to Information Security, Business Continuity and Physical Security. The 3rd Party Security Risk Assessor, reporting to the Manager, Third Party Risk Management team that performs security assessments of vendors, service providers and 3rd party companies that manage systems or information for BNP Paribas Responsibilities Direct Responsibilities As a Third-Party Technology Risk Assessor, you will perform third-party information and cyber security assessment to identify, monitor, remediate, and manage third party risks across the third-party lifecycle. Risk Assessor role requires good risk experience technology expertise (areas of information and cyber security, business continuity, incident management, compliance, and human resource security) in accurately scoring the inherent risk profile of 3rd parties, making sure the risk assessments are completed on time with quality. In addition, the role requires the ability to prioritize and drive workload. Evaluating control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to review of: ISO 27001, SIG (Shared Assessments), TruSight, SOC / equivalent reports, as well as knowledge of controls related to Privacy, Compliance, Business Resiliency, Cyber and other risk domains. Work with Line of business partners, by navigating them through the different stages of the risk assessment life cycle and making sure that they are being compliant to the organization requirements. Communicate assessment findings and recommendations to internal stakeholders, including senior management, legal, and compliance teams as applicable. Monitor and track the identified findings as part of the assessment lifecycle. Contributing Responsibilities Actively participate in identifying process gap and should be ready to own and update/ document relevant TPTRM policies and procedures Support Internal and external TPTRM audit requirements Compile and generate Weekly/Monthly/Quarterly dashboard on KPI Technical Behavioral Competencies Ideally in financial services with minimum of 5+ years of experience in TPRM or Risk management background. Bachelor's degree with professional certification in Information, Cyber, Network and Cloud Security. Experience with industry recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT, SOC 2 etc. Experience in one or more risk disciplines an advantage i.e., Information Security, Business Continuity, Data Privacy etc. Experience in Governance, Risk Compliance (GRC) tools an advantage. Experience in providing stakeholders with specialist risk knowledge and monitoring its execution. Strong self-motivated multi-tasker who can prioritize competing tasks and stakeholders. Ability to work independently in a fast adapting and agile work environment. Proactive and deliverable focused, with a dedication to delivering against hard deadlines. Excellent analysis skills with keen eye for detail. Strong capabilities in Microsoft Excel, PowerPoint, and Word. Familiarity with vendor management, procurement, and contract negotiation. Ability to communicate effectively with both technical and non-technical stakeholders. Strong analytical and problem-solving skills. Specific Qualifications (if required) Skills Referential Behavioural Skills : (Please select up to 4 skills) Ability to collaborate / Teamwork Communication skills - oral written Attention to detail / rigor Creativity Innovation / Problem solving Transversal Skills: Ability to develop and adapt a process Ability to understand, explain and support change Ability to develop others improve their skills Education Level: Bachelor Degree or equivalent Experience Level At least 5 years

Job Description IT & Cybersecurity PMO - Regional IT (Greater India) Job Title: IT & Cybersecurity PMO, Greater India Location: Greater India Zone (Gurgaon, Mumbai, Bangalore) Reporting To: Zone IT Director Cybersecurity PMO - Regional IT Team (Greater India) This role is part of the Regional IT team for Greater India, reporting to the Zone IT Director. The Cybersecurity PMO will serve as a key liaison between Zone operations (Schneider Electric and Lauritz Knudsen) and global cybersecurity governance and digital risk leaders across front office and back office functions, including manufacturing and supply chain. Key Responsibilities Act as the primary liaison between Zone operations and global cybersecurity and digital risk governance teams. Lead and coordinate multiple cybersecurity and data risk initiatives across the region. Manage and support cybersecurity-related audits, including site security audits and ISO 27001 certification readiness. Ensure alignment with global cybersecurity policies and standards. Track and report progress of cybersecurity programs and risk mitigation plans. Facilitate communication and collaboration between business units and cybersecurity teams. Support awareness and training initiatives related to cybersecurity and digital risk. Qualifications & Certifications Bachelor s or Master s degree in Information Technology, Cybersecurity, or related field. Project Management certifications such as PMP, Prince2, or Agile methodologies preferred. Cybersecurity certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Auditor preferred. Required Skills Strong project management skills with experience in coordinating cross-functional initiatives. Excellent stakeholder management and communication skills. Awareness and experience in network security, application security, digital security, and data protection. Ability to manage multiple projects and priorities in a dynamic environment. Experience in audit coordination and compliance processes. Strong analytical and problem-solving skills. Ability to work independently and collaboratively with global teams. Qualifications Qualifications & Certifications Bachelor s or Master s degree in Information Technology, Cybersecurity, or related field. Project Management certifications such as PMP, Prince2, or Agile methodologies preferred. Cybersecurity certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Auditor preferred. Required Skills Strong project management skills with experience in coordinating cross-functional initiatives. Excellent stakeholder management and communication skills. Awareness and experience in network security, application security, digital security, and data protection. Ability to manage multiple projects and priorities in a dynamic environment. Experience in audit coordination and compliance processes. Strong analytical and problem-solving skills. Ability to work independently and collaboratively with global teams Schedule: Full-time Req: 009HSR

Summary: Are you energised by a high-profile Risk management & Controls role that allows you to shape risk and controls programs and challenge organisational thinking to make informed business decisionsIf so, this Technology Risk and Governance role could be an exciting opportunity to explore. Within the Global Finance organisation, Finance Risk Management & Controls (FRMC), the Finance 2nd line team, is key to determining the level of risk which is acceptable to the organisation while developing business and operational opportunities. This global role leverages deep expertise in IT risks and controls to manage and oversee the Finance IT control environment. The Director is charged with ensuring robust governance, monitoring, and continuous improvement of IT risks impacting financial controls, including SOX compliance, transformation, and the integration of innovative solutions such as RPA and data analytics. This role requires seamless collaboration with the Digital & Technology (D&T) organisation, Finance, and external audit teams to deliver strategic objectives, mitigate risks, and drive operational excellence. Role Responsibilities: Oversight: Partner with the D&T leadership team and Sox Ops team to ensure combined oversight of the quality of IT Sox testing in order to meet the Finance requirements. Lead on IT Application Controls, BOTS, interface controls, and key reports used in controls to ensure compliance with established frameworks and regulatory requirements. Accountable for the relevant SOX Board papers preparation including status update on SOX testing results and progress of remediation activities. Scoping: Lead the scoping for Finance on the technology relevant for SOX purposes, ensuring that all relevant IT systems and processes are thoroughly evaluated for risk and control implications. Leadership in Change & Transformation: Provide leadership and support to change and transformation projects that address technology risks and business risks, including M&A activities, to ensure Finance 2nd line objectives are met. Governance of RPA in Finance: Establish and oversee governance protocols for robotic process automation (RPA) embedded in Finance, including new implementations and changes to existing RPAs. Collaboration & Partnership: Interface with the Digital & Technology organisation and partner and influence the D&T leadership team and GRC team to monitor IT risks relevant to the Finance control environment, driving collaboration and accountability. IT Governance Representation: Act as an integral member of IT governance forums, influencing decision-making and ensuring Finance s voice is represented. SOX Maturity Programme: Support the execution of the D&T SOX Maturity Programme, representing the Finance organization and ensuring Finance leadership is overseeing the delivery of required actions and milestones. SAP S4 Hana Implementation: Provide oversight and support for the design and implementation of SAP S4 Hana, ensuring SOX IT control design aligns with Finance requirements. Key IT Controls: Oversee the execution of key IT controls, such as Finance SOD monitoring controls, to safeguard the Finance control framework. Risk Lens in Business Walkthroughs: Support business walkthroughs with an IT risk and control perspective, enabling informed decisions and risk mitigation. Continuous Improvement: Lead continuous improvement initiatives in the control framework, leveraging enabling technologies and continuous control monitoring to enhance processes and reduce risks. Data Analytics Strategy: Design and oversee the data analytics strategy for the FRMC team, supporting initiatives that enhance data-driven decision-making and risk assessment. Qualifications and Skills 15+ years experience Experience at Big 4 (Deloitte, EY, KPMG, PWC) SAP and Cloud infrastructure experience Understanding of information security technologies Experience of internal and/or external regulatory, Sarbanes-Oxley environment and technology industry standards Experience and understanding of financial reporting risks and controls Required Licenses/Certifications: CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CA/CPA (Chartered Accountant/Certified Public Accountant) or equivalent Care to join us. Find out what life at Haleon is really like www.haleon.com/careers/ .

Key Role Deliverables: Facilitating ISO and SOC 2 corporate-wide examinations Assisting special compliance and audit related projects as assigned Assisting internal VAPT audits and sharing the reports with the management Planning and conducting testing to confirm continuous efficiency and effectiveness of information system controls Understanding the business and IT infrastructure including applications and servers through interactions and walkthrough Managing and measuring the IT Security Framework and developing and maintaining a technology risk assessment program for business applications and processes Collecting information and reviewing information systems policies, standards and procedures to verify that they address the organization's internal and external requirements and to identify information systems control deficiencies Performing a root cause analysis of the various risks/ incidents identified and development of solutions to mitigate the risks and the flow of data and information and performing a threat and risk analysis of each process Assisting with development and implementation of corporate compliance procedures and controls Keeping the department updated with the latest technological changes and cybersecurity advancements Reviewing of Business Impact Analysis, Risk Assessment, Current State Network assessment and Recovery Strategy Analysis Prerequisites: Attention to detail Good understanding of IT and network security Experience of working in cyber security risk management preferred Excellent time management skills preferred Ability to work well under pressure with tight deadlines while delivering high quality and output Experience 0-2 years Education BE/ B.Tech or equivalent specialization in IT are preferred One or more of the following information security certifications or advanced degree in information security/cybersecurity: CISSP/SSCP/CISM/CRSC/CISA/HISP or equivalent CEH V11 or other equivalent Ethical Hacker degree is preferable

Staff Cybersecurity Engineering As a Staff cybersecurity engineer with Convera, we are looking for the primary administrator of an automated GRC platform to support the Convera cybersecurity program and all the IT stakeholders. You will also support efforts using this system for responding to regulator questions, independent audit, and customer assurance. You will be responsible for: Represent the Convera cybersecurity team in the India region with respect to compliance and cybersecurity activities. * Ensure controls are followed continually and without material audit findings or qualifications. Respond and assist with urgent new cybersecurity requirements, security incidents, outages, and customer grievances. Participate and report on multi-regional projects to identify and track appropriate corrective measures to resolve issues as they arise. Develop and manage project plans and budget/resource estimates as needed. Participate in Vendor / Supply Chain Risk Management to ensure availability * Perform vendor due diligence Cyber risk reviews to ensure supply chain compliance Assist in Vendor Onboarding/Contract Negotiations related to cybersecurity Perform cyber resiliency assessments to detect and identify weaknesses in the security posture of the organization's resiliency and recovery strategies Assist with vendor due diligence risk reviews and questionnaires to ensure supply chain compliance. Assist in working with Convera vendors, contactors, and third parties to confirm compliance to Convera policies, service level agreements, and acceptable usage policies. Find, report, and help remediate cybersecurity risks and compliance gaps to Convera and Convera-contracted services by working with IT teams, business teams, and other stakeholders. * Oversee regular vulnerability assessments, internal technical reviews, and penetration testing of cloud environments and applications Partner with IT teams to develop and implement remediation strategies for identified security issues Develop metrics and reports to track vulnerability management program effectiveness Evaluate and recommend security tools and technologies Provide security guidance to technical teams Facilitate, coordinate, and obtain vulnerability reporting requirements from multiple stakeholders. Assist on Risk Assessments * Document, analyze, and report control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities. Partner with IT teams to develop and implement remediation strategies for identified security issues Assist in investigating internal and external information security risk and exceptions assessments Partner with SecOps & Enterprise Tech on new business solutions & architecture Help assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks. Inform the proper stakeholders of important concerns and hazards. Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements. Operate with a high degree of independence regarding cybersecurity project and program activities. * Manage multi-regional projects to identify and track appropriate corrective measures to resolve issues as they arise. Respond and assist with urgent new requirements, security incidents, outages, and customer grievances. Develop and manage project plans and budget/resource estimates as needed. Assist in security incident response and forensic investigations when needed Assist in internal and external audit efforts. Support new security and privacy compliance changes from all over the world. About You CompTIA Security+, (ISC)2 SSCP, GSEC, AWS Certified Cloud Practitioner, Azure Security Engineer Associate, Certificate of Cloud Security Knowledge or other industry recognized technical, or security certification(s). CISSP, CISA, CISM, or other industry recognized security certification(s) are preferred. Hands on experience with vulnerability scanning tools and penetration testing methodologies Skilled at analyzing complex problems, impact analysis, and enabling informed decision making. Excellent interpersonal, communication, and presentation skills, including a strong customer service orientation. Up to date with technology and compliance risks facing dynamic organizations, with an excellent understanding of the regulatory environment and the challenges to meet a rapidly evolving landscape. Expertise in planning and delivering a wide range of projects including embedding risk and governance frameworks, introducing new policies and processes, and implementing IT systems. Successful at stakeholder engagement and experienced at operating at both strategic and tactical levels. Can quickly identify key operational risks, material impacts, risk indicators and controls within the business area. Experience with working on IT systems in a global 24x7 operation with varying levels of uptime and security requirements. Have a strongly motivated to work independently, desire to learn and grow in a fast-paced, complex environment. Develop and manage project plans and budget/resource estimates as needed. A fast learner, able to manage details and complex needs. Are up to date with technology and compliance risks facing dynamic organizations, with an excellent understanding of the regulatory environment and the challenges to meet a rapidly evolving landscape. Have strong and honest communication skills as well as confident communicating verbally and in writing. Have a basic understanding of the finance industry, risk management, and cloud technology. Familiar working with industry-standard regulatory requirements (SOC1/2, PCI, GDPR, etc.) and technical standards (CIS, NIST, STIG, etc.) Excellent interpersonal, communication, and presentation skills, including a strong customer service orientation and confident in communicating verbally and in writing with respect to local cultures and languages. About Convera Our teams care deeply about the value we bring to our customers which makes Convera a rewarding place to work. This is an exciting time for our organization as we build our team with growth-minded, results-oriented people who are looking to move fast in an innovative environment. As a truly global company with employees in over 20 countries, we are passionate about diversity; we seek and celebrate people from different backgrounds, lifestyles, and unique points of view. We want to work with the best people and ensure we foster a culture of inclusion and belonging. We offer an abundance of competitive perks and benefits including: Competitive salary Opportunity to earn an annual bonus. Great career growth and development opportunities in a global organization A flexible approach to work #LI-KP1,

Lead in assessing cybersecurity posture and maturity for client based on requirements and pain areas. Recommending cybersecurity strategy and architecture based on client's pain areas and risk assessments. Lead in performing information security risk assessment, tracking and monitoring the risk remediation. Collaborate with internal department of client in addressing and remediating various identified information security risk. Present complex cybersecurity solutions to clients in a clear, concise, and engaging manner, translating technical jargon into understandable benefits. Design and propose customized security solutions that address the client's unique challenge. Define and document security metrics and dashboard to measure and monitor cybersecurity KRI and KPIs. Develop, Implement, and maintain control requirement basis standards such as ISO 27001, HIPAA, HITRUST. Review and update current information security policies and procedures. Create and oversee the implementation of new security and compliance policies and procedures. Profile Description: Strong expertise in cybersecurity principles and best practices Thorough understanding of various security standards, framework, and certifications/attestations e.g., ISO 27001, HIPAA, HITRUST. Thorough understanding of various IT and Information security risk assessment framework/standards In-depth knowledge of various security tools and technologies In-depth understanding of various firewall and vulnerability assessment solutions Top-notch communication skills, both written and verbal, to deliver presentations and consult with diverse client. Excellent analytical and problem-solving skills. Ability to develop security standards and guidelines based on best practices and industry standards for existing and new technologies. Security certifications (e.g., CISSP, CISA) would be added advantage. Stay up to date on the latest cyber threats and vulnerabilities. Familiarity with common tech stacks Understanding of various virtualization tools like PowerBI, Tableau and tool like PowerShell, Python would be added advantage. Engineering in Computer Science, or relevant field We are Mindsprint! A leading-edge technology and business services firm that provides impact driven solutions to businesses, enabling them to outpace speed of change. For over three decades we have been accelerating technology transformation for the Olam Group and their large base of global clients. Working with leading technologies and empowered with the freedom to create new solutions and better existing ones, we have been inspiring businesses with pioneering initiatives. Awards bagged in the recent years: Best Shared Services in India Award by Shared Services Forum 2019 Asias No.1 Shared Services in Process Improvement and Value Creation by Shared Services and Outsourcing Network Forum 2019 International Innovation Award for Best Services and Solutions 2019 Kincentric Best Employer India 2020 Creative Talent Management Impact Award SSON Impact Awards 2021 The Economic Times Best Workplaces for Women 2021 & 2022 #SSFExcellenceAward for Delivering Business Impact through Innovative People Practices 2022

Job Area: Finance & Accounting Group, Finance & Accounting Group > IT Internal Audit Qualcomm Overview: Qualcomm is a company of inventors that unlocked 5G ushering in an age of rapid acceleration in connectivity and new possibilities that will transform industries, create jobs, and enrich lives. But this is just the beginning. It takes inventive minds with diverse skills, backgrounds, and cultures to transform 5Gs potential into world-changing technologies and products. This is the Invention Age - and this is where you come in. General Summary: Unique opportunity to join Qualcomm’s Corporate Internal Audit & Advisory Services department within the SOX Program Management Office (PMO) organization to support the IT SOX 404 and 302 Compliance efforts. The department’s activities and services focus on assisting the Audit Committee of the Qualcomm Board of Directors and Management in the evaluation and improvement of processes that identify and manage risks related to achieving Qualcomm’s business objectives. Key responsibilities include: Lead the IT SOX 404 risk assessment and scoping exercise, execute the process and control walkthroughs, assess the design of controls, develop and enhance comprehensive test plans, and perform independent testing Perform deficiency root cause analyses and assist management with the development of remediation plans Offer effective supervision to, and review the work of other auditors, including the company’s co-sourcing audit partners Collaborate with Qualcomm management to identify financial risks, assess business impacts, and present potential solutions (leading practices) As a key member of the SOX PMO, the successful candidate will be a primary interface between IT management and the external auditors to provide guidance, support, training, and project management Collaborate with the external auditors in the planning and execution of SOX 404 requirements and ensure all deadlines are met with high quality deliverables Participate and assists in ad-hoc projects such as system implementations when needed Three to seven years of recent relevant professional experience in IT SOX compliance for a fast-paced global company or a public accounting firm (“Big 4” or mid-tier). Prior SOX PMO experience preferred. Independent and adaptable team player with strong project management skills to comfortably lead and conduct multiple significant projects and tasks with quality, accuracy, and attention to detail. Strong critical thinking with sound judgment and decision-making skills. Self-motivated, positive, and professional attitude. Exceptional prioritization, organization, and time-management skills to consistently meet deadlines with quality deliverables in a fast-paced environment. Strong interpersonal skills (including oral and written communications) with the ability to lead all related interactions with various levels of the organization including middle and senior management. Excellent understanding of internal controls, frameworks (COSO, COBIT), fundamental audit methodology, SOX 302 and 404 requirements. Strong ability to understand IT and business process risks and related controls Experienced with leading practices for business processes, financial accounting, and reporting risks to ensure compliance with GAAP and external reporting requirements Delivers high-quality work products (form and substance) including the ability to prepare written documents (e.g., work papers, PowerPoint presentations, audit reports, etc.) that clearly lay out key messages Professional Certifications (e.g., CPA, CISA, CIA preferred) ERP experience with Oracle EBS a plus Semiconductor business experience or familiarity Fluent English; multi-lingual capability is a plus Strong communication (oral and written) and presentation skills Fast learner with strong, organization, analytical, critical thinking, and problem-solving skills Ability to work in flexible and non-hierarchical team environment Willingness to get things done and take responsibility Ability to recognize and apply a sense of urgency, when necessary Positive attitude, professional maturity, good work ethic Ability to work independently, handle multiple projects simultaneously, and multi-task to meet deadlines with high-quality deliverables Bachelor's degree in Accounting, Business Administration, Management Information Systems, or related field. Applicants Qualcomm is an equal opportunity employer. If you are an individual with a disability and need an accommodation during the application/hiring process, rest assured that Qualcomm is committed to providing an accessible process. You may e-mail myhr.support@qualcomm.com or call Qualcomm's toll-free number found here . Upon request, Qualcomm will provide reasonable accommodations to support individuals with disabilities to be able participate in the hiring process. Qualcomm is also committed to making our workplace accessible for individuals with disabilities. Qualcomm expects its employees to abide by all applicable policies and procedures, including but not limited to security and other requirements regarding protection of Company confidential information and other confidential and/or proprietary information, to the extent those requirements are permissible under applicable law. To all Staffing and Recruiting Agencies: Please do not forward resumes to our jobs alias, Qualcomm employees or any other company location. Qualcomm is not responsible for any fees related to unsolicited resumes/applications. If you would like more information about this role, please contact Qualcomm Careers.

About Aurigo Aurigo is the world s leading provider of enterprise SaaS for capital program and project portfolio management. The geographical markets we serve are the United States and Canada. We deliver cloud-based software solutions to organizations that make and manage large infrastructure investments. Our target markets are public sector (state and local government). Our flagship Suite Aurigo Masterworks is helping plan and deliver over $400B of capital infrastructure across the US and Canada. Description: Responsibilities: Be a thought leader in security engineering and operations delivery - driving automation, analytics, and advanced threat analysis. Oversee technical delivery of security requirements, assessing and continually improving output and ensuring processes are developed and adhered to drive operational excellence. Manage and lead the security function and a small team of security analysts, ensuring prompt, efficient, and accurate resolution of identity and access matters. Implement automated security testing tools (SAST, DAST, IAST) and their deployment within continuous integration systems Author functional and technical documentation. Communicate on a deeply technical level with product engineering, project management and operations teams to improve and optimize products, improve infrastructure, and evolve services. Participate in Weekly/Bi-weekly/ Monthly/Quarterly business reviews Remain current on new technologies, methods and procedures including, but not limited to, coding practices such as Test-Driven Development, Continuous Integration, and Continuous Deployment. Lead Incident Response when the situation demands and drive it to closure with RCA and implementing controls to ensure similar incident does not occur in future Implement hardening and secure framework such as CIS, NIST 800-53 r5, OWASP, SANS etc. Perform vulnerability assessment & penetration testing on Web and Mobile applications. Attend design reviews and actively lead the discussions from a security standpoint Analyze possible security incident related to application security such as sensitive data exposure via web API and lead resolution and root cause analysis. Ensure that security requirements are identified early on and are being baked into all projects Work with different functions to implement best security practices across all areas in the software development lifecycle Prepare and present executive presentations on security posture as required Risk management Emerging threats assessment and deployment of countermeasures Requirements: B. E / B. Tech / MCA CISSP/CISA or equivalent certifications Experience in implementing multiple security layers to protect web and mobile applications using tools & services like WAF, DNSSEC, IDS, IPS, XDR, FIM, Exfiltration protection and similar solutions Experience with AWS GuardDuty, Inspector, secrets manager, IAM and AWS best security practices preferred. Experience in hardening software using CIS benchmarks SAST, DAST & SCA experience One among FedRAMP or ISO27001 implementation experience is required Thorough knowledge of NIST Cyber Security Framework required Implementation experience with SOC 2 Type II preferred Experience on Risk Management Competencies

Overview Seasoned Engineering Manager needed to lead IndiaGold s tech team shape vision, scale systems, drive innovation in asset-backed fintech. Company details IndiaGold is a deep-tech fintech platform enabling regulated entities to offer asset-backed products like digital gold loans with zero-touch, paperless onboarding, and automated purity checks. Website: https://indiagold.co.in Requirements 8+ years in software engineering 3+ years in senior tech leadership roles (Engineering Manager, Head/VP Engineering) Strong experience in system design and scaling backend-heavy, data-driven systems Expert in cloud infrastructure (AWS/GCP) and modern architectures Proficient in Node.js, Java, Spring Boot, Kotlin, React, MySQL Proven ability to build and manage high-performance engineering teams Experience in fast-paced startup environments Strong sense of ownership, bias for action, results-driven leadership (Good to have) Fintech or lending experience, especially asset backed lending (Good to have) Familiarity with compliance, data privacy, fintech audits (PCI-DSS, CISA), NBFC/banking systems Responsibilities Lead tech vision and architecture across web, mobile, backend, and DevOps Ensure system stability, scalability, security in regulated fintech Hire, mentor, and grow engineering talent; instill quality, ownership, velocity Define best practices for coding, testing, deployment, operations Collaborate with Product, Design, Data to deliver features fast and at scale Manage delivery timelines, engineering quality across squads Design secure, high-performance systems for large-scale financial data and transactions Align tech stack for future NBFC regulatory and compliance needs Drive long-term tech roadmap and evaluate emerging tech Partner with founders, Product, Business, Ops on technical priorities Lead audits and certifications (PCI-DSS, CISA) and manage third-party vendor relationships Job Details Location: Hybrid (2 days/week onsite) at 64, Sector 44, Gurugram, Haryana 122002, India Interview process Low-Level Design (LLD) High-Level Design (HLD) Business/Product Round 30-min Co-founder Round Important Note ClanX is a recruitment partner, helping IndiaGold hire the Engineering Manager role

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, youll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. How will you make an impact in this role? Eligible candidate will be responsible for managing Third Party Risk for American Express. The ideal candidate will possess knowledge of industry technology standards & information security best practices. Role will require adequate due diligence in conducting technical security assessments and post-assessment findings remediation discussions. Candidate should embody professional stakeholder management skills, as the role will require regular discussions with various various Stakeholders from internal business units, technology partners, assessor partners etc. Knowledge of ServiceNow or any other IS risk management tools will be a plus. Recommended Experience: 5+ years of relevant experience in Information Security/ Cyber Security risk management. Minimum Qualifications The candidate should preferably hold a Bachelor or Masters Degree in Information Security, Information Technology, Information Systems, Computer Science or other related fields. Preferred Qualifications CISSP, Security+, CRISC, CISA certifications highly encouraged. We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

Saviynt is looking for Principal Architect - Identity Management to design, deploy, configure and implement its leading Identity Governance (IGA) solution based on customer requirements. As an expert in deploying Identity Governance solutions, the primary responsibility will be to lead Saviynt solution deployments to meet customer requirements. WHAT YOU WILL BE DOING Provide thought leadership to customers for IGA in general and Saviynt in specific Provide industry wide best solution for the customer s use cases meeting functional as well as non functional requirements Provide consulting and advisory skills, capable of addressing customer expectations Architect and deploy Saviynt Identity Governance solution to meet customer requirements Design, deploy, implement, and integrate Saviynt with critical applications and infrastructure Follow approved life cycle methodologies, create documentation for design and testing Interact/coordinate with customers as required Provide technical oversight and direction to mid-level and junior Engineers Train and Groom top talent to be experts in Saviynt technology and IAM in general Assist operations team as required, coordinate with the product engineering team to advocate for the new features in the product Resolve technical issues through debugging, research, and investigation. Technical pre-sales support for direct and partner sales teams Provide technical expertise and real-life experience in creating solutions, designs, proof of concept, and implementation Conduct research and use knowledge of competitive solutions to effectively address and dispel customer objections Ensures delivery of high-quality product on time and within budget WHAT YOU BRING Bachelor s/equivalent in Engineering 15+ years of industry experience in design, development, customization, configuration, deployment of any Identity Management and Governance products Thorough domain knowledge on User Lifecycle Management, Provisioning and Reconciliation, Auditing, Reporting, and user activity Monitoring, Access Certification, SOD, Cloud Security Direct customer interaction and management skills Strong technical presentation and communication skills, both verbal and written Knowledge of Java/J2EE, SQL, Web Services (REST/SOAP), Directories, etc. Strong consulting and advisory experience Good problem solving and analytical skills Experience with RFP responses and proposals Good To Have: Cybersecurity certifications (CISSP, CISA, CISM, CompTIA Security+ and CEH etc.) Saviynt or any equivalent IGA product certification If required for this role, you will: - Complete security & privacy literacy and awareness training during onboarding and annually thereafter - Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):

Responsibilities Operate day-to-day Information Security Governance, Risk, and Compliance (GRC) activities across the organization. Support alignment and implementation of security standards including ISO 27001, PCI, NIST, and TISAX. Assist in the execution of Information Security Risk Management policies and procedures. Collaborate on internal and external audit activities, and track remediation efforts to closure. Support documentation, reporting, and evidence gathering for compliance and regulatory assessments. Contribute to the continuous improvement of governance processes, control effectiveness, and risk posture. Coordinate with business units and IT teams to ensure governance standards are understood and adhered to. Qualifications 3-5 years of experience in information security governance, risk, compliance, or audit. Working knowledge of ISO 27001, PCI-DSS, NIST, TISAX, or other major regulatory frameworks. Experience with policy implementation, risk assessment methodologies, and audit coordination. Ability to evaluate and articulate compliance requirements to technical and non-technical teams. Strong documentation, analytical, and reporting skills with attention to detail. Excellent interpersonal and communication skills to work cross-functionally. Preferred

We Offer Join us as an application audit manager within our cutting-edge controllership function, whereyou will have opportunities to contribute in building world class products that are audit ready. Thisrole also involves direct interaction with the PhonePes business teams, product teams,developers, where you will be encouraged to act as a trusted partner and use your independenceand influencing skills to support the improvement of the entitys risk and control environment. Your future colleagues Join a team where success is driven by our ability to identify emerging risks and presentcompelling arguments with breadth and depth. We collaborate across multiple skillsets (i.e.business, technology, change and data analysts) to build well-informed influencers with deepindustry knowledge and commercial expertise. A forward-thinking attitude has enabled us toadopt new technologies and ideas, helping minimize inefficiencies and maximize thinking time.The department values Diversity and Inclusion (D&I) and is committed to realizing the firms D&Iambition which is an integral part of our global cultural values. We Are Looking For - Must have 6+ Years of Relevant Experience of working on IT Internal / External Auditengagements - Control testing of IT Application Controls (ITAC) and Business processcontrols. - Good understanding of Business Process Reviews, Functional testing and Control gapanalysis. -Testing experience of Oracle Fusion controls and post implementation configurationreviews in different functional modules. - Ideally, you hold an undergraduate degree (BE/BTech/MTech) or CA/ACCA and one ormore IT audit certifications (e.g. CISA, CISSP, CIA) and have an interest in FinancialServices. - Solid understanding of risk and how controls can minimize those risks while beingcommercial. - Proven analytical skills and keen to collaborate with data specialists to shape audit testsand acquire relevant insights from data. - Good time management skills and precision in delivery. - Ability to present information in a succinct and concise way. - Strong social skills, a willingness to help others as well as addressing challengesencountered within audits in a proactive way. - Understands the value of diversity in the workplace and is dedicated to fostering aninclusive culture in all aspects of working life so that people from all backgrounds receiveequal treatment, realize their full potential, and can bring their full, authentic selves towork PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles) Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy Working at PhonePe is a rewarding experience! Great people, a work environment that thrives on creativity, the opportunity to take on roles beyond a defined job description are just some of the reasons you should work with us. Read more about PhonePe on our blog. Life at PhonePe PhonePe in the news

: Job TitleNFRM Information Security & Technology Risk Specialist LocationMumbai, India Corporate TitleAssociate Role Description An Information Technology & Security Risk Specialist to join the 2nd LoD Information Security & Technology Risk Team. The team is global, this role is within the Mumbai team (currently 1 person) which is being built out to support the global team. Should have a proven depth of knowledge and keen interest of Information Security and Technology and their application in large financial institutions. Working with other team members the role will input subject matter expertise and drive innovative approaches in applying risk management in an evolving threat environment. The team has a global footprint in Frankfurt, Singapore, London, Mumbai and USA. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Provide data and analytics reporting to support the team in monitoring the Information Security and Technology Risk Appetite, breaches and remediation. Where required support the implementation of automated data and analytics reporting process. Support the team delivery of Non-Financial Risk Management (NFRM) priorities such as risk & control assessments, scenario analysis, risk appetite. Monitor and challenge 1LOD Risk and Control Assessments (including results of 1LOD control testing/assurance). Perform 2LOD control assurance through targeted reviews of areas of concern. Gain an understanding and be able to articulate key Information Security and Technology regulatory requirements across APAC/MEA and their impact and implementation into the Information Security and Technology Risk Framework. Your skills and experience University degree (Computer Science, Business Administration or equivalent). Majors in Information Security and / or Risk Management are a plus. Experience (5+ years) in Information Security or Information Technology with experience in the Finance industry and/or a major Technology or Consultancy company preferred. Experience in IT Risk Frameworks such COBIT 2019 is ideal 3+ yrs Understanding and experience of technology from either a support, development or business analysis perspective Some level of technical understanding and training either as a data analyst, developer, business analyst or project manager are a plus. Knowledge of Information Security and Technology industry regulatory standards and/or Risk Frameworks (e.g. EBA Guidelines ISO / 27000 Series, COBIT 2019, DORA) are a plus. Experience of technology coding e.g python, java is a plus Understanding of IT controlsSDLC, managing technology obsolescence, disaster recovery is a plus Knowledge of Digital transformation, Private and Public Cloud, AI tooling a plus Relevant professional certifications e.g. CISSP, CISA, CISM, CRISC, ITIL, ISO27001 Lead Auditor or similar are a plus. Experience of working in large global teams yet comfortable working independently without day-to-day oversight and steer. Strong communication skills (English required). How well support you

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. American Express Internal Audit Group (IAG) has reinvented our audit process and is leading the financial services industry with our Audit NextGen, Data-Driven Continuous Auditing, and Auditor of the Future initiatives. Each uniquely support our Winning Aspiration to be a world class internal audit function that: Provides data-driven and technology-enabled assurance Delivers timely risk insights that are business-aware and forward-looking Supports our colleagues with experiences that prepare them to be enterprise leaders Collectively, IAG s strategic initiatives, combined with our greatest asset our people enable IAG to utilize advanced data analysis capabilities, provide greater and continuous assurance, and help ensure quality products and services are provided to American Express customers. IAG s innovative Data-Driven Continuous Auditing approach has led to patent-pending technology assets over our uniquely developed audit methodology and technology enablers. We are looking for those who share our mission and aspirations and are passionate about the use of data and technology in a collaborative, people-focused environment. About the Internal Audit Group at American Express Our Internal Audit Group is a worldwide function with 340+ team members and offices across nine countries within American Express. Our mission is to protect and enhance organizational value by providing independent, objective, risk-based assurance, advisory services and to influence the way the company manages risk. We are committed to growing our audit staff significantly as we continue to expand and enhance the Internal Audit Group. Our assurance and risk professionals have diverse backgrounds including internal controls, consumer compliance, technology, operational risk, financial accounting, data analytics, and banking operations. Our audit teams align to key risk areas and business units to ensure IAG can provide comprehensive and risk-based audit coverage. In addition, IAG has a Professional Practices group responsible for managing audit operations, quality, and standards; regulatory relations; reporting; training and professional development; and key internal capabilities and technologies. About the Role: Our Internal Audit Group (IAG) is seeking an eager Audit Manager to be part of the IAG s Asia Pacific (APAC) team in India. In this role, the ideal candidate will be responsible for assisting on multiple APAC audits and other global/ regional portfolios across IAG. This is an exceptional opportunity for you to showcase and further expand your audit skills, and knowledge! About the Team: IAG s APAC team in India primarily works on the APAC regional audits and assist other global/ regional portfolios across . IAG is heavily focused on utilizing a data driven auditing approach across all audit portfolios. The Key Responsibilities of the role include: Participate as a key team member on APAC audit projects responsible for assisting with annual planning and owning core audit tasks, more complex areas and challenging workloads on successive assignments Collaborate with audit teams to understand the data behind key processes, risk and controls to develop analytic control tests and analyze and interpret their results Proficient use of automated work papers, analytics and other department and company tools Monitor a portfolio of audit analytics, assess results, & use data to tell the business story, and work with audit and business colleagues to validate findings Evaluate results, synthesize audit findings across the project, draft audit reports and ensure effective and efficient execution of audits in conformance with professional and department standards, budgets, and timelines Present audit objectives, scope, and results to senior management, clearly articulating the potential impact of control gaps in a highly professional and proficient manner Assist audit leaders and other team members in accomplishing team objectives and producing results. Execute multiple simultaneous audit projects of all sizes and complexity across multiple business areas including integrated audits that consider financial, operational, compliance and technology risk. Effectively coach, teach, mentor and develop junior colleagues and co-sourced resources across all aspects of their role, the audit and analytic lifecycle, and audit methodology Effectively manage scheduling, utilization and performance management for the assigned team members Maintain internal audit competency through ongoing professional development Minimum Qualifications 7+ years of relevant audit experience within the financial Services Industry BA, BS, or equivalent degree in accounting or finance related field Knowledge and experience in the application of control theory and professional auditing practices including the audit lifecycle Understanding of regulatory, accounting, and financial industry best practices relevant to the business, including technology and data implications Ability to break-down a complex problem into components, solve them using data analysis, process knowledge and risk/control knowledge, and communicate results and control recommendations with transparency and integrity Strong written and verbal communication skills that deliver quality, actionable and beneficial feedback to management on potential control issues and solutions to close gaps. Effectively works independently, within a team and across teams in a fast-paced environment to drive business results, utilizing related project management skills, employing creative thinking, and the ability to work on competing priorities Preferred Qualifications Experience with technology control testing including interface inputs, reports, application security, business continuity and third parties Experience with using data analytic tools, data visualization, key risk indicators (KRIs), key performance indicators (KPIs), and scorecards / dashboards Background in information systems, data analytics or information technology Professional Certification (CIA, CPA, CISA or equivalent) Experience from big accounting firms or global internal audit functions

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. The SOX Governance and Advisory team within Controllership (1LOD) plays a critical role in supporting the enterprise by developing and executing a risk-based plan to assess and enhance the company s internal controls over financial reporting. The team utilizes a robust governance framework and testing program to manage financial reporting risk in compliance with the company s 2LOD objectives and requirements of the Sarbanes Oxley Act. This is an Analyst position in the SOX Governance and Advisory team, responsible for supporting the Sarbanes-Oxley (SOX) compliance program across American Express in addition to compliance with the Company s Operational Risk Management framework for the Finance organization. Reporting to the Manager of SOX Assurance, the successful candidate will be responsible for testing, monitoring and optimization of internal controls over financial and regulatory reporting including associated Information Technology (IT) systems. The individual should possess excellent communication, presentation and stakeholder management skills. Primary responsibilities include : Validate design and operating effectiveness of SOX controls through testing, across all Business Units (BUs) to support Control Owners / Process Owners in quarterly SOX certification process IT control testing including interface inputs, key reports, applications, business continuity and third parties Collaborate with key stakeholders including Business Process teams, BU Control Management, Operational Risk Management, Internal Audit, etc. for quarterly SOX testing and reporting Perform year-end control testing to support our external auditors, PwC, for their annual SOX audit Partner closely with internal stakeholders and external auditors to resolve testing related observations / queries Drive enhancements in control environment by identifying the improvement opportunities to SOX Controls High degree of organization, individual initiative, results and solution oriented, and personal accountability and resiliency. Exemplify strength in the American Express Leadership Model: set the agenda, bring others with you and do it the right way, and put enterprise thinking first. Preferred Qualifications Qualified Professional (Chartered Accountant / MBA Finance from a premier institute) with 4+ years of relevant experience in SOX compliance, Internal Audit, etc. typically from a Big 4 firm. Certified Information Systems Auditor (CISA) qualification preferred. Knowledge of the Sarbanes Oxley Act (including Sections 302 & 404) and in-depth understanding of COSO Framework, Risk Assessment and Internal Controls Over Financial Reporting (ICFR) Understanding of the testing methodology, controls / test procedures interpretation and to conclude on testing results Excellent communication skills, both written and verbal, with the ability to clearly and concisely articulate issues in a timely and effective manner. Demonstrated strong abilities in key Financial Reporting skills, including financial reporting risk management/ program, risk assessment, internal audit coordination, and external fraud risk management/ program. We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally: Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities

As the world works and lives faster, FIS is leading the way. Our fintech solutions touch nearly every market, company and person on the planet. Our colleagues are empowered to learn, grow, and make an impact-in their careers and communities. Our teams are inclusive and diverse, working and celebrating together. If you want to grow personally and professionally, we d like to know: Are you FIS? About the role: The Staff is an entry level or lightly experienced auditor focused on testing audit project related controls. As trusted advisors to management, FIS Internal Audit provides independent audits of operational, financial, IT, and regulatory compliance processes in the fast-paced fintech industry. Collectively, we are a team of inclusive, diverse, and performance driven self-starters. To support our associates, we provide a clear career path and reward performance by promoting from within. We offer a mentorship program, internal training, plus a budget for external training, hundreds of free online classes, and certification opportunities. What you will be doing: Support the audit teams during financial, operational, regulatory, and/or Sarbanes-Oxley (SOX) audit projects. Support special investigations where requested. Evaluate and validate financial, operational, and regulatory processes, risks, and controls at the audit engagement level. Execute work programs and document workpapers and other audit materials that meet all relevant professional practice and FIS Internal Audit methodology requirements Contribute to well-written and meaningful reports summarizing audit results. Actively seek out performance feedback and coaching and take ownership of personal professional development plan. What you will need: Earned a bachelor s degree in accounting, finance, technology, or other related discipline. Hold a professional certification (e.g. CIA, CISA, CPA, CFE, CISM, CISSP), or have the desire and determination to pursue such. Industry or professional services firm experience a plus. Ability and willingness to travel (up to 5%, depending on location). Excellent communication skills (oral and written). What we offer you: At FIS, you can learn, grow and make an impact in your career. This role exposes you to a variety of lines of business and corporate functions at FIS. As you grow your network at FIS, you will have ample opportunity for upward movement within the department or laterally in other areas of the enterprise. In addition, you receive exceptional benefits including: Flexible and creative work environment with a hybrid working arrangement Diverse and collaborative atmosphere Professional and personal development resources Opportunities to give back Work - life balance Competitive salary and benefits Bonus if you have: Experience in highly regulated environments Professional services experience acquired from a Big 4 environment or highly regarded consulting firm

Job Summary GRC Consultant Responsibilities Job Summary We are seeking an experienced IT GRC Manager to lead our Governance Risk and Compliance initiatives The candidate will be responsible for developing and implementing IT GRC strategies ensuring compliance with regulatory requirements and managing risk across the organization This role requires a deep understanding of IT governance frameworks risk management practices and compliance standards Key Responsibilities Governance Develop and maintain IT governance frameworks policies and procedures Ensure alignment of IT strategies with business objectives Oversee the implementation of IT governance initiatives and monitor their effectiveness Risk Management Identify assess and manage IT risks across the organization Develop and implement risk mitigation strategies Conduct regular risk assessments in according with NIST standard and audits to ensure compliance with internal and external standards Compliance Ensure compliance with relevant regulatory requirements eg GDPR HIPAA SOX Develop and maintain compliance documentation and reports Coordinate with internal and external auditors to facilitate compliance audits Leadership Lead and mentor a team of IT GRC professionals Collaborate with crossfunctional teams to promote a culture of risk awareness and compliance Provide regular updates to senior management on IT GRC activities and initiatives Qualifications Strong knowledge of IT governance frameworks eg COBIT ITIL Experience with regulatory compliance standards eg GDPR HIPAA SOX Excellent analytical problemsolving and communication skills Relevant certifications eg CISA CRISC CISM are a plus Skills Strong leadership and team management skills Ability to work collaboratively with crossfunctional teams Proficiency in risk assessment and management tools Excellent organizational and project management skills Strong attention to detail and ability to manage multiple priorities