Role & responsibilities :- Perform assessments of the in-scope facilities against relevant standards such as ISO 27001, ISO 22301, SOC 1, SOC 2. Collaborate closely with various stakeholders to support the entire certification lifecycle. Engage with relevant stakeholders to manage compliance requirements through awareness initiatives and regular interactions, ensuring users understand and comply with necessary procedures to maintain security. Identify gaps and non-compliances, and work with relevant stakeholders to ensure timely resolution Promote a risk-aware culture throughout the organization. Assist in scoping and develop a calendarized schedule of activities for regular monitoring. Perform risk assessments based on HCLTechs methodology and collaborate with stakeholders to develop remediation plans for identified risks. Adhere to a defined escalation matrix to manage identified risks. Coordinate and facilitate to third parties for external audits. Stay informed about the latest information security trends and threat landscapes to take proactive measures during assessments. Keep management informed of critical issues that may impact customers, suppliers, or the company. Introduce efficiencies to enhance existing programs. Participate in other projects as required. Desired Experience and skills Bachelor’s Degree - BE/B Tech/B.Sc/Master degree in any domain, preferably in Information Technology or Computer sciences. Security Certifications like CISA/CRISC/Security+ Relevant experience of minimum 7-8 years in the field of ISO 27001 & SSAE 18 /assessment and Risk management (risk assessment and remediation) Strong analytical, problem solving, organizational, documentation; time management skills. Candidate assists with management of stakeholder needs and expectations while providing consistent and regular communications with support from management Candidate is able to effectively balance multiple tasks through careful prioritization Candidate is able to work collaboratively with others to produce a quality work product Proven ability to communicate with multiple stakeholders Proven ability to manage output from multiple teams Excellent spoken and written English Good Report Writing and Analytical Skills Proficient in MS Office Good in Data Analytics, MIS, Inferences and self-scrutiny for continuous improvement Preferred candidate profile :- CISM OR CISA CERTIFICATION PCI DSS ISO 27001 CERTIFICATION

Role & responsibilities :- Perform assessments of the in-scope facilities against relevant standards such as ISO 27001, ISO 22301, SOC 1, SOC 2. Collaborate closely with various stakeholders to support the entire certification lifecycle. Engage with relevant stakeholders to manage compliance requirements through awareness initiatives and regular interactions, ensuring users understand and comply with necessary procedures to maintain security. Identify gaps and non-compliances, and work with relevant stakeholders to ensure timely resolution Promote a risk-aware culture throughout the organization. Assist in scoping and develop a calendarized schedule of activities for regular monitoring. Perform risk assessments based on HCLTechs methodology and collaborate with stakeholders to develop remediation plans for identified risks. Adhere to a defined escalation matrix to manage identified risks. Coordinate and facilitate to third parties for external audits. Stay informed about the latest information security trends and threat landscapes to take proactive measures during assessments. Keep management informed of critical issues that may impact customers, suppliers, or the company. Introduce efficiencies to enhance existing programs. Participate in other projects as required. Desired Experience and skills Bachelors Degree - BE/B Tech/B.Sc/Master degree in any domain, preferably in Information Technology or Computer sciences. Security Certifications like CISA/CRISC/Security+ Relevant experience of minimum 7-8 years in the field of ISO 27001 & SSAE 18 /assessment and Risk management (risk assessment and remediation) Strong analytical, problem solving, organizational, documentation; time management skills. Candidate assists with management of stakeholder needs and expectations while providing consistent and regular communications with support from management Candidate is able to effectively balance multiple tasks through careful prioritization Candidate is able to work collaboratively with others to produce a quality work product Proven ability to communicate with multiple stakeholders Proven ability to manage output from multiple teams Excellent spoken and written English Good Report Writing and Analytical Skills Proficient in MS Office Good in Data Analytics, MIS, Inferences and self-scrutiny for continuous improvement Preferred candidate profile :- CISA CISM ISO 27001 CERTIFICATION PCI DSS

Independently drive multiple IT projects including ERP (Microsoft D365) & CRM Stakeholder Engagement ERP/CRM Deployment Cloud Operations & Cost Optimization Tool Decommissioning & Process Transformation Operational Excellence Required Candidate profile 12–18 yrs of overall IT Exp with at least 5+ yrs in Project Management roles Expertise working with cloud technologies (preferably Microsoft Azure PMP certification highly preferred

ROLE AND RESPONSIBILITIES Develop, implement, and manage strategic, comprehensive enterprise information security and IT risk management program. Make a risk assessment of company systems, networks, and data to prevent it from being accessed (viewed by unauthorized personnel, data corrupted, or data lost) Define Risk Management framework and implement across the enterprise business functions. Security assessment, validation & clearance of developed /acquired applications for production launch. Assist with the overall business technology planning, providing a current knowledge and future vision of technology, cloud security and systems aligned to security framework. Managing the daily operation and conducting continuous assessment of current IT security practices and systems and identifying areas for improvement. Implement and maintain compliance of security requirements for new products/services. Devising strategies, solutions and implementing security solutions and minimizing the risk of cyber-attacks. Lead Implementation of security products and solution across organization Implement and comply with best Industrial standards on Security, IT Acts/ISO and other IT statutory requirements. Determines security violations and inefficiencies by conducting periodic audits. Conduct Investigations and forensics for any breaches dealing with those responsible and planning to avoid repeats of the same crisis. Lead the various internal and external IT/Security audits and ensure all compliances are met. Lead various Internal, External IT and security audits. Ensure compliances are met. Preparing Cybersecurity roadmap and assisting for all Cybersecurity compliances requirement. QUALIFICATIONS AND EDUCATION REQUIREMENT Bachelors degree in IT, Computer Science, or a related field. Good to have relevant industry certifications such as CISA, CISM, CISSP, ISO 27001, and others (as relevant) At least 8+ years of working experience in domains related to Information security and with a very strong security mindset. Experience in area of IT Security, IT Audits, Compliance and Risk Management in IT/FMCG Industry Excellent Knowledge of Cyber Security, risks, threats in infrastructure, network, Cloud, Application and Data Centre Technologies Experience of various security solutions such as Firewall / IDS/ IPS / NAC / Email Security/CASB / EDR / WAF / AV / DLP / ATP / PIM / PAM / DAM / SIEM etc. Good understanding of Security technologies for private and public cloud Thorough Knowledge of IT and Security processes implementation and compliances Knowledge of information and network security principles, with a major focus on information, network & application security risks and impact. Good understanding of security frameworks, standards such as ITCG Control, ISO 27001, NIST, CIS etc.

We are looking for a highly skilled and experienced Third-Party Risk as a Service (TPRaaS) - Staff to join our team in Bengaluru. The ideal candidate will have 1 to 4 years of experience in Third-Party Risk Management, with expertise in TPRM tools and technology solutions. ### Roles and Responsibility Participate in the delivery of Third-Party Risk Management (TPRM) engagements, including walkthroughs, testing, documentation, and other engagement-related activities. Provide delivery updates during vendor calls and client interactions. Follow policies and procedures to support the successful implementation of TPRM operating models. Assist in process walkthrough discussions to document end-to-end business processes and functional requirements. Contribute to assessing the application of legal and regulatory requirements to clients' TPRM practices. Identify process gaps and propose preventive/corrective actions. Demonstrate interest in developing knowledge of market trends, competitor activities, EY products, and service lines. Adhere strictly to fulfilling project activities to achieve exceptional client service. Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Conduct research and assist senior team members in preparing client presentations and information memorandums. Continuously strive towards exceeding client & team expectations and work on increasingly complex assignments. Support management in the preparation of proposals and business development materials. Bring an innovative mindset and analytical thinking capability to enhance service delivery. ### Job Requirements Bachelor's degree in IT/Computer Science, BSc.(IT), BE, MCA from a tier 1 or tier 2 college. 1 to 4 years of demonstrated experience in Risk Management, preferably in Third-Party engagement lifecycle (pre-contracting, contracting, and post-contracting). Basic understanding of the TPRM framework, Risk Management, Information Security practices, and Contract Risk Reviews. Good exposure to TPRM tools and technology solutions, such as GRC enablement solutions (Process Unity, Prevalent, Archer, ServiceNow). Basic knowledge of standards like ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc., and privacy regulations like GDPR, CCPA, etc. Basic knowledge of TCP/IP, OSI layer, networking, security concepts, Physical & Environmental Security, Asset Security, and Identity & Access Management. Good to have certifications: CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer. Exposure to tools like ProcessUnity, ServiceNow, Archer is desirable.

We are looking for a highly skilled and experienced Digital Risk Manager to join our team in Mumbai. The ideal candidate will have 3-5 years of experience in IT Audit, with a strong background in SAP business processes and excellent communication skills. ### Roles and Responsibility Understand client challenges and industry-related issues, offering solutions in IT risk management. Participate in go-to-market strategies, create proposals, and respond to RFPs and client orals. Identify opportunities for cross-selling to current clients and introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, and knowledge-sharing sessions. Jointly lead global account relationships with onshore teams, manage engagement deliveries, quality, and drive growth. Consistently deliver high-quality client services within expected timeframes and budget. Manage a team of Seniors and Staff (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment, actively counseling and mentoring junior consultants. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues, communicating this information to the engagement team and client management through written correspondence and verbal presentations. Foster relationships with client personnel to analyze, evaluate, and enhance information systems, developing and improving security at procedural and technology levels. Assist with cultivating and managing business development opportunities, understanding EY and its service lines to assess and present ways to serve clients. ### Job Requirements Bachelor’s or master’s degree and approximately 3-5 years of related work experience in IT Audit. Deep understanding of SAP business processes (e.g., purchase-to-pay, record-to-report, order-to-cash). Excellent communication, documentation, and report writing skills. Strong leadership and teaming skills, with the ability to train, coach, and mentor. A willingness to travel (India and abroad) for client needs. Preferred: SAP certification; additional Industry-related certifications such as CISA or CISM are a plus.

We are looking for a highly motivated and detail-oriented individual with 2 to 7 years of experience to join our team as a Portfolio Compliance Enablement Specialist in Bengaluru. The ideal candidate will have a strong foundation in Cyber Security, Information Security, or a related field. ### Roles and Responsibility Support projects aimed at improving EY's risk posture and adherence to Information Security policies. Assist in the development and execution of compliance strategies and remediation plans under the guidance of more experienced team members. Contribute to the delivery of processes and/or solutions, focusing on quality and effective risk management. Document and translate technical vulnerabilities into business risk terms for stakeholder communication. Participate in the use and improvement of compliance assessment toolkits under supervision. Support assessments for technology infrastructure, applications, and third-party dependencies.### Job Requirements At least 2 years of experience in Cyber Security, Information Security, or a related field. A degree in Cyber Security, Information Security, Computer Science, or a related discipline. Certifications such as Security+, Network+, or interest in pursuing relevant certifications like CRISC, CISSP, CISM, CISA. Basic knowledge of information security standards like ISO 27001/27002, NIST, PCI DSS. Understanding of regulatory requirements such as PCI, SOX, HIPAA, GDPR. Strong communication skills and technical writing skills, and the ability to work effectively within a team environment.

We are looking for a highly skilled and experienced Supervising Analyst to join our team in Bengaluru. The ideal candidate will have 3 to 8 years of experience in risk management, compliance, or a related field. ### Roles and Responsibility Serve as part of the GDS Account Data Risk - Independent Control Monitoring team, executing independent testing of controls related to Data Protection at the client account level. Execute control testing in line with EY’s global data protection framework. Consult and collaborate effectively across key data protection stakeholders on testing activities. Evaluate and summarize test results, proposing remediation activities. Document findings and observations to contribute to continuous learning and improvement. Participate in activities supporting a cohesive and balanced approach across Global Risk Management Data Protection and the client account. ### Job Requirements Bachelor's degree and approximately 3+ years of related work experience. Experience or background in quality, risk management, compliance, cybersecurity, or familiarity with data protection law. Strong understanding of metrics and reporting. Ability to work independently and collaboratively within a team environment. Excellent communication and problem-solving skills. IAPP certifications (CIPP/E, CIPP/US, CIPM) are preferred; CISA, CISM, CISSP, or equivalent certifications are also desirable.

We are looking for a skilled SAP GRC Consultant with 3 to 7 years of experience to join our team in Bengaluru. The ideal candidate will have a strong background in IT governance practices and excellent project management skills. ### Roles and Responsibility Lead SAP Risk and Controls projects, ensuring high-quality delivery and client satisfaction. Conduct SAP pre- and post-implementation reviews to identify and mitigate potential risks. Perform SAP audits, focusing on system integrity and data accuracy. Implement continuous controls monitoring to ensure ongoing compliance and risk management. Design and assess SAP S4 controls, identifying gaps and recommending improvements. Collaborate with cross-functional teams to integrate risk and control considerations into broader project objectives. Interact with business stakeholders to gather, understand, document, and analyze business requirements. Analyze reports and assessments to provide insights on whether a solution/technology being implemented is meeting business requirements. Evaluate business models, processes, and operations to develop a good understanding of business needs and requirements. ### Job Requirements Minimum 3-7 years of experience in SAP IT Audit with knowledge of IT governance practices. Strong experience in performing test of design and effectiveness for internal controls related to SOD, ITAC, ITDM, ICFR, and IFRS along with the ability to suggest best practice recommendations. Proven experience in SAP Risk and Controls projects. Strong understanding of SAP ECC & S4 HANA environments. Familiarity with key business processes (Order To Cash, Procure To Pay, Record To Report). Excellent project management and leadership skills. Ability to communicate complex ideas effectively, both verbally and in writing. Relevant professional certifications (e.g., CISA, CRISC, CIA) are desirable. Good to have exposure in SAP Basis testing & SAP ITGC testing will be preferable. Candidate with professional consulting experience in technology risk management ideally with a Big 4 or similar large consulting firm will be preferred. Possess good written and verbal communication skills. Demonstrate the ability to conduct and drive workshops with client stakeholders on understanding client’s process & system landscape. Work effectively as a team member and drive the delivery of IT audit documents independently. Demonstrate a sound technical understanding of IT Audits (ITGC & ITACs) for SAP environment.

We are looking for a highly skilled and experienced Consultant to join our team in Technology, Media & Entertainment (TME) - Assurance. The ideal candidate will have 2-7 years of experience in IT General Controls Testing/IT Application Controls Testing. ### Roles and Responsibility Design and implement effective IT general controls testing frameworks. Conduct thorough analysis of application controls testing results. Develop and maintain expertise in emerging technologies such as AI. Collaborate with cross-functional teams to provide services across multiple client departments. Deliver insightful and practical solutions to complex problems. Stay updated with industry trends and developments in TME. ### Job Requirements CA, CISA, BE/B.Tech, or MSC in Computer Science. Minimum 2 years of experience in IT General Controls Testing/IT Application Controls Testing. Strong understanding of DevOps/CI-CD principles. Experience with IFRS & US GAAP conversion. Excellent analytical and problem-solving skills. Ability to work collaboratively in a fast-paced environment.

We are looking for a skilled professional with 3 to 5 years of experience to join our team as a Manager - ERP Controls and Security (SAP) in Bengaluru. The ideal candidate will have a strong background in IT Risk and SAP business processes. ### Roles and Responsibility Understand client challenges and industry-related issues, offering solutions in IT Risk. Participate in go-to-market strategies, create proposals, and respond to RFPs and client orals. Identify opportunities for cross-selling to current clients and introduce colleagues from other service lines. Travel to client locations for meetings, conduct workshops, and knowledge-sharing sessions. Jointly lead global account relationships with onshore teams, manage engagement deliveries, quality, and drive growth. Consistently deliver high-quality client services within expected timeframes and budget. Manage a team of Seniors and Staff across geographies for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment and actively counsel/mentor junior consultants. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues, communicating this information to the engagement team and client management through written correspondence and verbal presentations. Foster relationships with client personnel to analyze, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities, understanding EY and its service lines to assess/present ways to serve clients. ### Job Requirements Bachelor's or Master's degree and approximately 3-5 years of related work experience. Deep understanding of SAP business processes, including purchase-to-pay, record-to-report, and order-to-cash. Experience in Internal controls within SAP ECC/S4 Applications and their integrations. Strong understanding of IT application controls, IT general controls, and interface controls. Excellent communication, documentation, and report writing skills. Excellent leadership and teamwork skills, with the ability to train, coach, and mentor. A willingness to travel (India and abroad) for client needs. Preferred: SAP certification; additional Industry-related certifications such as CISA or CISM are a plus.

We are looking for a skilled Security Analyst / Consultant with 1 to 2 years of experience to work on various Identity and Access Management projects in the Risk Consulting team. The ideal candidate will have a strong background in security, excellent communication skills, and the ability to work effectively in a team environment. ### Roles and Responsibility Engage in Identity & Access Management projects as an executioner of deliverables. Establish, maintain, and strengthen internal and external relationships. Identify potential business opportunities for EY and GTH within existing engagements and escalate them as appropriate. Anticipate and identify risks within engagements and share issues with senior team members. Collaborate with cross-functional teams to design and implement secure solutions. Develop and maintain documentation of security procedures and protocols. ### Job Requirements Advanced knowledge of LDAP and LDAP-based directories. Minimum 5 years of hands-on experience with PingDirectory Suite (PingDirectory, PingDirectory Proxy, and PingData Sync). Experience in implementing migration projects from Oracle LDAP/Radiant logic to PingDirectory. Strong knowledge of PingDirectory administrative configuration. Good understanding of Authentication and Authorization standards, particularly OAuth 2.0 and OIDC. Ability to develop consumption tools/widgets for applications to consume data from Ping Directory using Ping Directory API. Knowledge of SSL/TLS, PKI, certificates, and certificate authorities. Hands-on experience in setting up the Identity and Access Management environment in standalone and cluster environments. Development experience on Provisioning Workflows, triggers, Rules, and customizing the tool as per requirements. B.Tech./B.E. with sound technical skills. Strong command over verbal and written English language. Experience in HTML, CSS, and JavaScript. Strong interpersonal and presentation skills. Desirable to have certifications in the security domain, such as CISSP and CISA or any IAM product-specific certifications. AWS Cloud practitioner and Azure AZ-900 certification.

We are looking for a skilled professional with 3 to 6 years of experience to join our team as a Senior Consultant in the EY-Assurance-Technology Risk Team. The ideal candidate will have a strong background in IT environments, industry trends, and ERP and Risk Management technology. ### Roles and Responsibility Develop innovation solutions for clients to assess, build, and sustain risk management and governance programs. Support EY teams responsible for transforming risk functions and implementing leading practice technology solutions. Deliver high-quality assessments on Oracle Cloud/EBS/EPM/Risk Management Cloud (RMC) client implementation projects. Participate actively in an innovative and inclusive team-oriented work environment. Consistently deliver quality client services and drive high-quality work products within expected timeframes and on budget. Provide training and knowledge transfer to other team members on client delivery baselines and technological updates. Stay updated on current business and industry trends relevant to the client's business. Foster relationships with client personnel to analyze, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating business development opportunities by understanding EY and its service lines and assessing/presenting ways to serve clients. Demonstrate deep technical capabilities and professional knowledge, with the ability to quickly assimilate new knowledge. ### Job Requirements Bachelor’s or master’s degree and approximately 3-6 years of related work experience. Basic understanding of Oracle business processes (e.g., purchase-to-pay, record-to-report, order-to-cash). Experience in Internal controls within Oracle Applications and their integrations, along with a strong understanding of IT application or Business Process controls, IT general controls, and interface controls. Excellent teaming skills, including the ability to train, coach, and manage staff. A willingness to travel to meet client needs; willingness and ability to travel internationally. Good to have - Industry related certification required (e.g., CISA, CPA, CIA, CA); non-certified hires are required to become certified within 1 year from the date of hire.

We are looking for a skilled Security Analyst / Consultant with 1 to 2 years of experience to work on various Identity and Access Management projects in the Risk Consulting team. The ideal candidate will have a strong background in security domain, such as CISSP and CISA or any IAM product-specific certifications. ### Roles and Responsibility Engage in Identity & Access Management projects, including execution of deliverables. Establish, maintain, and strengthen internal and external relationships. Identify potential business opportunities for EY and GTH within existing engagements and escalate them as appropriate. Anticipate and identify risks within engagements and share issues with senior team members. Confer and consult with business, technology, and operations to build and manage solutions using PingDirectory, PingDirectory Proxy, and PingData Sync. Perform installation, configuration, and upgradation of Ping Directory instances. Ensure directory architecture, designs, plans, controls, and processes align with both security and business strategy and standards, and communicate and defend solution architecture positions. Support continuous improvement by investigating alternatives and technologies and presenting these for architectural review. Create network design, server configuration/sizing specifications, and deploy globally PingDirectory and PingDirectory Proxy to provide high-volume, low-latency directory solutions. Implement real-time synchronization, identity correlation, and directory storage using Ping/VDS Directory. Increase efficiency and maintainability incorporating scripting and automation whenever appropriate. ### Job Requirements Advanced knowledge of LDAP and LDAP-based directories. Minimum 5 years of hands-on experience with PingDirectory Suite (PingDirectory, PingDirectory Proxy, and PingData Sync). Experience in implementing migration projects from Oracle Ldap/Radiant logic to PingDirectory. Strong knowledge of PingDirectory administrative configuration. Good understanding of Authentication and Authorization standards and patterns, particularly OAuth 2.0 and OIDC. Ability to develop consumption tools/widgets for applications to consume data from Ping Directory using Ping Directory API. Knowledge of SSL/TLS, PKI, certificates, and certificate authorities. Hands-on experience with cloud providers – Azure or AWS or GCP. Experience in scripting languages like Python, PowerShell, and Bash. Knowledge of other Ping products – Ping Federate and Ping Access. B.Tech./B.E. with sound technical skills. Strong command over verbal and written English language. Experience in HTML, CSS, and JavaScript. Strong interpersonal and presentation skills. Desirable to have certifications in the security domain, such as CISSP and CISA or any IAM product-specific certifications. AWS Cloud practitioner and Azure AZ-900 certification.

We are looking for a highly skilled and experienced Senior Analyst to join our team in Mumbai. The ideal candidate will have 0-3 years of experience, responsible for conducting detailed IT audits to ensure compliance with controls and regulatory mandates. ### Roles and Responsibility Conduct comprehensive IT audits to address and ensure compliance with established controls and regulatory requirements. Identify and review IT General Controls (ITGCs) and IT Application Controls (ITACs) to safeguard organizational assets and ensure the accuracy of financial reporting. Execute SOX compliance activities, including risk assessments, controls testing, and remediation efforts. Prepare and assess Service Organization Control Reports (SOCR) to validate the effectiveness of IT controls objectives. Conduct IT process reviews through stakeholder interviews, data validations, and document analysis. Apply IT-related and internal control knowledge to deliver high-quality engagements. Review Change Management processes, ensuring changes are thoroughly reviewed, tested, and approved. Review Access Management procedures to ensure proper access levels and permissions, and evaluate Segregation of Duties (SOD) concerns to prevent unauthorized access and potential conflicts. Collaborate with cross-functional teams to identify control gaps and develop effective remediation plans. Stay abreast of industry trends, regulatory changes, and emerging technologies related to IT controls and compliance. Prepare and communicate audit findings, recommendations, and status updates to key stakeholders and management. ### Job Requirements Excellent analytical and problem-solving skills with attention to detail. Effective communication and interpersonal skills for collaborating with internal teams and external auditors. Relevant professional certifications such as CISA, CISSP, or equivalent are preferred. Ability to adapt to a fast-paced environment and manage multiple priorities. Strong understanding of IT controls and auditing principles. Experience working with various software applications and systems.

We are looking for a highly motivated and experienced Internal Auditor to join our team in Bengaluru. The ideal candidate will have 6-10 years of experience in internal audit, SOX compliance, or risk advisory, with a strong background in consulting or multinational environments. ### Roles and Responsibility Act as a Team Leader/Team Member on diverse portfolios of audits, sharing responsibility with the Audit Leader for planning and delivering audits. Assist the Team Leader in executing assigned audits, supervising work during various phases to ensure ongoing compliance with methodology and quality standards. Collaborate with management on audit issues to develop possible recommendations and present findings, proposing solutions that address root causes and impact the organization. Coach junior team members and colleagues in using EY and GIA methodologies and tools. Independently manage end-to-end projects, including scoping, planning, delivery, and reporting, working directly with on-shore stakeholders. Manage client expectations in high-pressure, changing environments while maintaining a calm and professional demeanor. Prioritize work based on priorities and needs of multiple internal and external stakeholders to deliver exceptional service. Demonstrate efficiency and persistence, managing time effectively to meet engagement deadlines and objectives. Deliver high-quality, client-ready output with minimal supervision, identifying and escalating risks/issues promptly. ### Job Requirements CA/MBA/Post graduate with 6+ years of post-qualification relevant experience in Internal Audit/SOX Compliance/Risk Advisory in a consulting or multinational environment. Professional certification (CIA, CISA, or equivalent) is preferred. Strong analytical skills are required to evaluate unstructured situations and provide logical conclusions. Excellent presentation skills are necessary to communicate audit findings and recommendations effectively. Candidates should be motivated, fast-thinking, dynamic individuals with strong business acumen. Proficiency in Microsoft 365, including advanced Excel skills for data analysis, is expected. Expertise in MS PowerPoint for creating compelling presentations and communicating audit findings is essential. Familiarity with other Microsoft Office applications to support various audit and administrative tasks is needed. Ability to leverage Power BI to analyze complex data sets, identify trends, and support data-driven decision-making within the audit function. Demonstrated ability to manage people to inspire, develop, and deliver results. Ability to foster teamwork and innovation among a diverse and sometimes virtual team. Solution-oriented approach and superior problem-solving abilities. Quick learner with the ability to adapt to change. Excellent communication skills (oral and written), strong interpersonal and presentation skills for interacting with senior stakeholders. Experience working under agile delivery methodology. Ability to travel.

We are looking for a skilled IT Risk Consultant with 3 to 6 years of hands-on experience in IT Risk/Audit, Assurance and Advisory to join our FS Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. ### Roles and Responsibility Lead and execute IT Audit and Risk Assurance engagements. Perform client walkthroughs, understand key IT processes and risk. Request and review audit evidence, draft control and risk review reports, and documentation. Plan team schedules and utilization, divide tasks amongst staff, and manage final delivery. Develop and maintain productive working relationships with clients and onshore stakeholders. Identify potential business opportunities for EY within existing engagements and facilitate integration as appropriate. ### Job Requirements Preferably B.E/B.Tech (Computers, Electronics, Data Analytics), BCA/MCA, B.Sc/M.Sc. (computers major), MBA, CA. Must Have: 3-6 years of hands-on internal/external IT Audits, Atleast One - IT General Controls, IT Automated Controls, and Service Organization Controls Reporting (SOCR - SSAE 16 / ISAE 3402) SOC 1, 2, & 3 Reporting. Able to perform independent security configuration review of common operating systems and databases - Windows, Unix, DB2, AS400, SAP R3ECC/HANA, Mainframe, SQL, Oracle. Knowledge of documentation and data analysis tools like Word, Excel, Access, Strong English verbal and written communication skills. CISA, CISM, CRISC, ISO27001, Data privacy certifications are a plus. IT audit knowledge for a financial audit - Control frameworks such as COSO, related regulations including SOX and J-SOX. Data analytics/automation tool – SQL, Monarch, BluePrism, Alteryx, PowerBI. German/Dutch/French language is an added advantage.

We are looking for a skilled Digital Risk Manager with 5 to 7 years of experience in IT Audit and strong personal skills to deliver quality results in the assessment, design, and support implementation of controls, security, and IT risk solutions. The ideal candidate will have a deep understanding of SAP business processes and experience in Internal controls within SAP ECC/S4 Applications. ### Roles and Responsibility Supervise delivery and provide technical and project leadership to team members. Build relationships with clients and drive high-value work products within expected timeframes and budget. Monitor progress, manage risks, and ensure key stakeholders are informed about progress and expected outcomes. Understand client challenges and industry-related issues, offering solutions in IT Risk. Participate in go-to-market activities, create proposals, and respond to RFPs and client orals. Travel to client locations (India and abroad) for meetings, conduct workshops, and knowledge-sharing sessions. Jointly lead global account relationships along with onshore teams, managing engagement deliveries, quality, and driving growth. Consistently deliver quality client services, driving high-quality work products within expected timeframes and on budget. Manage a team of Seniors and Staff (across geographies) for delivery of engagements across clients, fostering an innovative and inclusive team-oriented work environment and actively counseling/mentoring junior consultants. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues, communicating this information to the engagement team and client management through written correspondence and verbal presentations. Foster relationships with client personnel to analyze, evaluate, and enhance information systems, developing and improving security at procedural and technology levels. Assist with cultivating and managing business development opportunities, understanding EY and its service lines to assess/present ways to serve clients. ### Job Requirements Bachelor’s or master’s degree and approximately 5-7 years of related work experience. Deep understanding of SAP business processes (e.g., purchase-to-pay, record-to-report, order-to-cash). Experience in Internal controls within SAP ECC/S4 Applications and their integrations. Strong understanding of IT application controls, IT general controls, and interface controls. Excellent communication, documentation, and report writing skills. Excellent leadership and teaming skills, with the ability to train, coach, and mentor. A willingness to travel (India and abroad) for client needs. Preferred: SAP certification; additional Industry-related certifications such as CISA, CISM are a plus.

We are looking for a highly skilled and experienced Associate Consultant to join our team in Mumbai. The ideal candidate will have 0-3 years of experience in IT controls and auditing, with excellent analytical and problem-solving skills. ### Roles and Responsibility Conduct comprehensive IT audits to ensure compliance with established controls and regulatory requirements. Identify and review IT General Controls (ITGCs) and IT Application Controls (ITACs) to safeguard organizational assets and ensure accurate financial reporting. Execute SOX compliance activities, including risk assessments, controls testing, and remediation efforts. Prepare and assess Service Organization Control Reports (SOCR) to validate the effectiveness of IT controls objectives. Conduct IT process reviews through stakeholder interviews, data validations, and document analysis. Collaborate with cross-functional teams to identify control gaps and develop effective remediation plans. Review Change Management processes, ensuring that changes are thoroughly reviewed, tested, and approved. Evaluate and address Segregation of Duties (SOD) concerns to prevent unauthorized access and potential conflicts. Stay abreast of industry trends, regulatory changes, and emerging technologies related to IT controls and compliance. Prepare and communicate audit findings, recommendations, and status updates to key stakeholders and management. ### Job Requirements Excellent analytical and problem-solving skills with attention to detail. Effective communication and interpersonal skills for collaborating with internal teams and external auditors. Relevant professional certifications such as CISA, CISSP, or equivalent are preferred. Ability to adapt to a fast-paced environment and manage multiple priorities. Strong knowledge of IT controls, auditing, and compliance. Experience working with EY or similar organizations is an advantage.

We are looking for a highly skilled and experienced Associate Consultant to join our team in Pune. The ideal candidate will have 2-5 years of experience in IT controls, ITGCs, ITACs, SOX 404 controls testing, and IT auditing. ### Roles and Responsibility Conduct comprehensive IT audits to ensure compliance with established controls and regulatory requirements. Identify and review IT General Controls (ITGCs) and IT Application Controls (ITACs) to safeguard organizational assets and ensure accuracy of financial reporting. Execute SOX compliance activities, including risk assessments, controls testing, and remediation efforts. Prepare and assess Service Organization Control Reports (SOCR) to validate the effectiveness of IT controls objectives. Conduct IT process reviews through stakeholder interviews, data validations, and document analysis. Apply IT-related and internal control knowledge to deliver high-quality engagements. Review Change Management processes, ensuring changes are thoroughly reviewed, tested, and approved. Review Access Management procedures to ensure proper access levels and permissions. Evaluate and address Segregation of Duties (SOD) concerns to prevent unauthorized access and potential conflicts. Collaborate with cross-functional teams to identify control gaps and develop effective remediation plans. Stay updated on industry trends, regulatory changes, and emerging technologies related to IT controls and compliance. Prepare and communicate audit findings, recommendations, and status updates to key stakeholders and management. ### Job Requirements Bachelor's degree in Computer Science, Statistics, or M.C.A. Proven experience in IT controls, ITGCs, ITACs, SOX 404 controls testing, and IT auditing. Strong knowledge of Change Management, Access Management, SOD, business process IT controls, and ICFR principles. Familiarity with Service Organization Control Reports (SOCR) and related frameworks. Familiarity with ERPs such as SAP, Oracle, Dynamics 365, etc. Excellent analytical and problem-solving skills with attention to detail. Effective communication and interpersonal skills for collaborating with internal teams and external auditors. Relevant professional certifications such as CISA, CISSP, or equivalent are preferred. Ability to adapt to a fast-paced environment and manage multiple priorities.

We are looking for a highly skilled and experienced Consultant to join our team in Technology, Media & Entertainment (TMT) Assurance division based in Bangalore. The ideal candidate will have 2-5 years of experience in IT General Controls Testing/IT Application Controls Testing. ### Roles and Responsibility Design and implement effective IT general controls testing frameworks. Conduct thorough analysis of application controls and identify areas for improvement. Develop and maintain expertise in emerging technologies such as AI and DevOps/CI-CD. Collaborate with cross-functional teams to provide services across multiple client departments. Deliver insightful and practical solutions to complex problems. Stay updated with industry trends and developments in TMT assurance. ### Job Requirements CA, CISA, BE/B.Tech, or MSC in Computer Science degree. Minimum 2 years of experience in IT General Controls Testing/IT Application Controls Testing. Strong understanding of auditing principles and practices. Excellent analytical and problem-solving skills. Ability to work collaboratively in a fast-paced environment. Strong communication and interpersonal skills.

We are looking for a highly skilled and experienced Supervising Analyst to join our team in Bengaluru. The ideal candidate will have 3 to 8 years of experience in risk management, compliance, or quality assurance. ### Roles and Responsibility Serve as part of the GDS Account Data Risk - Independent Control Monitoring team, executing independent testing of controls related to data protection at the client account level. Execute control testing in line with EY's global data protection framework. Consult and collaborate effectively across key data protection stakeholders on testing activities. Evaluate and summarize test results, proposing remediation activities. Document findings and observations to contribute to continuous learning and improvement. Support the development and maintenance of reporting, such as regional/area risk leaders, service line leaders, and account leaders. ### Job Requirements Bachelor's degree and approximately 3+ years of related work experience. Experience or background in quality, risk management, compliance, cybersecurity, or familiarity with data protection law. Strong understanding of metrics and reporting. Ability to work independently and collaboratively within cross-functional teams. Excellent communication and problem-solving skills. IAPP certifications (CIPP/E, CIPP/US, CIPM) are preferred; CISA, CISM, CISSP, or equivalent certifications are also desirable.

We are looking for a skilled Security Consultant Lead with 9 to 14 years of experience in information security, preferably in cloud security. The ideal candidate will have advanced knowledge of computer science and experience in managing significant Information Security risk management functions. ### Roles and Responsibility Review security architectures and provide pragmatic security guidance that balances business benefits and risks. Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on implementation. Perform threat modeling and risk assessments of information systems, applications, and infrastructure. Maintain Information Security Policies and Compliance standards and enhance InfoSec risk assessment and certification methodologies. Define security configuration standards for shared and multi-tenant platforms and technologies. Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit. Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders. Provide knowledge sharing and technical assistance to other team members, acting as a Subject Matter Expert (SME) in responsible technologies with a deep technical understanding of services and technology portfolios. ### Job Requirements Advanced degree in Computer Science or a related discipline; or equivalent work experience. Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications or CISSP, CISM, or CISA, or similar cloud-security oriented certifications. Minimum 9 years of experience in managing a significant Information Security risk management function. Experience in managing communication of security findings and recommendations to IT project teams, business leadership, and technology management executives. Strong working knowledge of cloud security, infrastructure security, application security, Agile & DevSecOps methodologies, and operational security. Knowledge of common information security standards such as ISO 27001/27002, CSA and CIS Controls, NIST CSF, PCI/DSS, FEDRAMP is preferred. Experience with Azure Active Directory (AAD) based Identity and Access Management and Authorization design and integration with API, IDaaS, and Federation technologies is preferred.

We are looking for a highly motivated and detail-oriented individual with 2 to 7 years of experience to join our team as a Portfolio Compliance Enablement Specialist in Bengaluru. The ideal candidate will have a strong foundation in Cyber Security, Information Security, or a related field. ### Roles and Responsibility Support projects aimed at improving EY's risk posture and adherence to Information Security policies. Assist in the development and execution of compliance strategies and remediation plans under the guidance of more experienced team members. Contribute to the delivery of processes and/or solutions, focusing on quality and effective risk management. Document and translate technical vulnerabilities into business risk terms for stakeholder communication. Participate in the use and improvement of compliance assessment toolkits under supervision. Support assessments for technology infrastructure, applications, and third-party dependencies. ### Job Requirements At least 2 years of experience in Cyber Security, Information Security, or a related field. A degree in Cyber Security, Information Security, Computer Science, or a related discipline. Certifications such as Security+, Network+, or an interest in pursuing relevant certifications like CRISC, CISSP, CISM, CISA. Basic knowledge of information security standards like ISO 27001/27002, NIST, PCI DSS. Understanding of regulatory requirements such as PCI, SOX, HIPAA, GDPR. Strong communication skills and technical writing skills, and the ability to work effectively within a team environment.

We are looking for a highly skilled and experienced Consultant to join our team in Gurgaon. The ideal candidate will have 2-3 years of experience in IT Audits, preferably with experience working on FS clients. ### Roles and Responsibility Conduct IT audits, including statutory and internal audits, to ensure compliance with regulatory requirements. Develop and implement effective IT General Controls (ITGC) testing procedures to identify areas for improvement. Collaborate with cross-functional teams to design and execute IT Application Controls (ITAC) testing and Automated Business Controls testing. Perform IT Infrastructure risks and control assessments to identify potential vulnerabilities. Assist in SOC1, SOC2 audits and reporting, as well as IT Compliance and regulatory reporting. Develop and maintain expertise in emerging technologies such as cloud, RPA, AI/ML, and Blockchain. ### Job Requirements Bachelor's degree in Computer Science, Statistics, or M.C.A; Master's degree preferred. Minimum 2-3 years of relevant experience in IT Audits, with a focus on client-facing roles managing audits. Strong knowledge of ITGC, ITAC, and IT Automated Business Controls testing. Experience with IT SOX 404, SOC1, SOC2 audits, and reporting. Familiarity with risk and control assessments considering emerging technologies. Preferred certifications include CISA, CISSP, CISM, CRISC, CCSK, and others relevant to the role.