BPM Overview: What does BPM stand forInnovation, opportunity, community, diversity, inclusivity, flexibility and so much more. B-P-M stands for Because People Matter, because at our core, our people drive everything we do and how we do it. We are a forward-thinking, full-service accounting firm providing modern solutions to businesses across the globe. We focus on comprehensive assurance, tax, and consulting services for our clients, and we provide our people and our community with the resource are one of the largest California-based accounting firms, our flexible work locations and schedules mean we have professionals across the continent. BPM offers a rich diversity in clients, industries, and overall work. Our teams and our clients drive us to provide quality services and ignite unique insights and ideas that contribute to our continued success. Our clients come from different backgrounds and industries, which keep our people intellectually challenged every day. Our initiatives to lead meaningful and purposeful lives. While wes and ideals lead to our continued recognition as one of the Best Places to Work in the Bay Area and beyond. We are dedicated to providing meaningful careers for all of our employees along with fostering an environment that allows an integrated lifestyle. Our flexible culture allows our professionals to live a balanced lifestyle between their work responsibilities and personal commitments. BPM India Advisory Services Private Limited is a subsidiary of BPM LLP. Founded in 1986, BPM is one of the largest California-based accounting and consulting firms, ranking in the top 50 in the country. With 14 offices across the Bay Area, BPM serves emerging and mid-cap businesses as well as high-net-worth individuals in a broad range of industries, including financial services, technology, life science, manufacturing, food, wine, and craft brewing, automotive, nonprofits, real estate, and construction. The Firm s International Tax Practice is one of the largest on the West Coast, and its well-recognized SEC practice serves approximately 35 public reporting companies, mostly in the technology industry. Responsibilities: Assist with SOX ITGC testing for clients based in the United States. Conduct IT Audits in accordance with standards like SSAE and SOX. Attend walkthrough during control testing and assist the IT Assurance Manager/ Supervisors by taking detailed notes and documenting control objectives in working papers. Perform all the activities relating to the audit and ensure timely deliverables. Provide day-to-day support to the IT Assurance Manager/Supervisors to assist with the timely submission of audit deliverables. Managing other audit-related work/activities like SOC summaries, setting up & finalization of the Binder. Maintain CPE requirements relevant to audit areas. Qualifications: 2-3 years of post-qualification experience within IT consulting, IT internal audit, IT compliance, and SSAE engagements. Completed, pursuing, or interested in completing the CISA certification. Working knowledge of SOC (1,2 & 3) and ITGC controls testing. Ability to synthesize all forms of research into clear, thoughtful, actionable deliverables. Ability to work on multiple engagements simultaneously. A forward-thinking and hands-on approach Excellent written and verbal communication skills Prior experience of working with US stakeholders is an added advantage. A desire to learn. Team Player

Job Title: Senior GRC Specialist Location: Bangalore (On-site; full-time) About Locus : At Locus , we are redefining logistics decision-making with deep-tech solutions that drive efficiency, consistency, and transparency across industries like retail and FMCG/CPG. Founded in 2015 by Nishith Rastog i and Geet Garg , Locus has evolved from a women s safety geo-tracking app into a globally recognized logistics optimization platform . Our technology has empowered enterprises such as Unilever and Nestl to execute over a billion deliveries across 30+ countries. Guided by our commitment to innovation and sustainable growth, we transform complex supply chains into strategic growth enablers . Join us at Locus and be part of a team shaping the future of global logistics. About the role As a Senior GRC Specialist at Locus, you ll play a pivotal role in safeguarding the company s data and systems while enabling global logistics innovation. This role involves leading the implementation of robust security and privacy frameworks like ISO27001, ISO 27701, NIST, SOC2 Type II, etc., driving risk assessments, managing audits, and ensuring compliance across jurisdictions. Youll work closely with cross-functional teams to embed security into every layer of the organization people, processes, and technology. If youre passionate about security, privacy, and scalable compliance in a fast-paced tech environment, this is your opportunity to make a real impact. Key Responsibilities: Design, implement, and maintain the organization s Information Security Management System (ISMS) and Privacy Information Management System (PIMS) in alignment with ISO 27001, ISO 27701, and SOC2 Type II Drive end-to-end security and privacy compliance programs independently, ensuring alignment with business objectives and customer/regulatory expectations. Conduct periodic risk assessments , develop risk treatment plans, and work closely with business and technical stakeholders to ensure timely mitigation. Develop, review, and improve information security and privacy policies, processes, and controls based on changes in the business environment, emerging threats, and applicable legal and regulatory requirements. Ensure client contractual obligations (MSAs) and legal requirements (e.g., GDPR, CCPA) are consistently met. Track and report compliance status and risks through metrics, dashboards, and management reviews . Lead and coordinate internal and external audits (ISO 27001, SOC 2, etc.), including remediation and continual improvement efforts. Assess and onboard critical third-party vendors through structured third-party risk assessments . Coordinate and execute Business Continuity Planning (BCP) and Disaster Recovery (DR) tests. Set guidelines and review adherence to secure development practices , including secure coding standards . Champion and conduct employee awareness and training programs for security and privacy during onboarding and ongoing learning cycles. Oversee the incident response process , ensuring effective triage, containment, root cause analysis, and reporting of security and privacy incidents. Work closely with engineering/product teams to embed privacy and security-by-design principles into the product lifecycle. Liaise with vendors and partners to evaluate and deploy relevant security tools and solutions . Automate repetitive or redundant GRC tasks using scripting or low-code tools to improve efficiency. Key Requirements: 5-7 years of relevant experience in Governance, Risk & Compliance (GRC) roles in a product-based or technology-driven organization . Deep understanding of compliance frameworks : ISO 27001, SOC 2, CSA STAR, BS 10012, ISO 27701. Solid knowledge of global privacy regulations : GDPR, CCPA, and others. Proven experience leading audits and regulatory assessments , including stakeholder management and remediation. Hands-on experience implementing security/privacy controls in cloud environments (AWS preferred). Ability to translate compliance requirements into actionable security measures across tech, product, and operations. Ability to work independently and manage compliance responsibilities across multiple functions and geographies. Good to Have Certifications (At least one certification in GRC is mandatory): CISA/CISM (recommended) CISSP CIPM/CIPP-E ISO 27001 Lead Auditor (recommended) CRISC , CCSK , or other GRC/privacy-focused credentials What We Offer Join Locus and become part of a visionary team that is redefining logistics through innovation and smart distribution. We provide competitive compensation, comprehensive benefits, and a collaborative environment where your expertise will drive both your growth and that of the organization. Locus is an equal opportunity employer dedicated to creating a diverse and inclusive workplace.

1.Conduct information security management reviews and information security management system (ISMS) assessments 2.Must have knowledge of various compliances like ISO 27001, SOC 2, PCI DSS, GDPR etc. 3.Ensure technical implementation and business processes are aligned 4.Lead the design, implementation, operation and maintenance security management systems 4.Participate in the creation, review and update of information security policies 5.Provide complex technical advice, recommendations and consultancy on networks, infrastructure, products and services supplied 6.Provide or assist with implementation documentation Ongoing project management 7. Must be ISO 27001 LA certified.

To act as the SPOC for all third-party audits, especially from BFSI clients & create Network Infrastructure. JD: https://www.pinnacle.in/career/security-manager JD:https://www.pinnacle.in/career/network-manager To work purely from HO Nagpur

Client interface for understanding the IT Governance, IT Risk & Compliance Management Controls as applicable to Infrastructure operations. Responsible and accountable for driving and maintaining the Compliance Program Which Includes: I. Defining and implementing controls as per Customer defined Security and Privacy policies II. Ensuring measurement and compliance to the policies. III. Drives Internal and External Audits IV. Participate and advise on Security Incident Investigation V. Training and awareness of Employees on Security Policies Well versed and hands-on experience for establishing processes, controls and audits of compliances like ISO 27001, ISO 15408. SOX ITGCs, SSAE 18 SOC 1 & SOC 2, PCIDSS,HIPAA, Data Privacy Standards (GDPR/Schrems) Frameworks. Documentation of IT & risk management Controls as they are currently being executed in client environment and ensuring that the same controls are followed and implemented in service delivery operations Work with the client & technical teams for change request on any risk or control implementation as well as governance process Participate in internal as well as external regulatory audits as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security Point of contact for the client compliance & IT audit team for provisioning audit evidences within the SLAs defined. Provide strategic guidance & consulting support on implementation of IT controls for Networks, Operating Systems, System Security, Backup & Recovery, Storage, BCP/DR Work with the client & team in identifying any process/ control gaps and suggesting the remediation plan& tracking the plan progress till closure. Liaison with Audit Firms and Client for all types of External audits like (ISO 27001, SSAE 16 SOC 1/ SOC 2 etc)

Technical Consultant OneTrust Privacy Platform Description Governance, Risk & Compliance consulting team is looking for OneTrust certified technical Privacy SMEs to be part of our consulting/professional services division. The candidate must be highly experienced in providing implementation of OneTrust platform inclusive of integration with 3rd party tools and also should have the knowhow of functional aspects of the tool. The OneTrust data privacy consultant will be required to work on global/international consulting as well as technology implementation projects Qualification, Work Experience & Certifications Bachelors/Masters degree or higher in Computer Science, Information Systems or a related field. ONETRUST Privacy Product Certification (Mandatory) Overall IT professional with experience of8+ year At least 6+ yearsof Information Security, Risk Management, Compliance Management and delivery experience. Experience in handling global client stakeholders Excellent Communications & Presentation skills CISA, CISM, CIPM/CIPT, CIPP/E, CIPP/US (at least one certification preferred) Responsibilities Implementation of data privacy requirements using OneTrust platform Build forms, events, workflows, integration with 3rd party products, reports on the OneTrust platform. Oversee the functional and technical implementation and platform adoption for all customer proof of concept projects from start to finish. Technical understanding and experience working with the following concepts: (HTML, CSS, JS • REST APIs • JSON • Scripting :Python, Powershell, Bash, etc) Understanding data privacy stature in client organization Custom make and implement privacy compliance program in client organization Execute data discovery & privacy impact assessment manually as well as using ONETRUST technology platforms. Execute project which involve advise, create & documentation of policies and procedures to help organizations protect their data (e.g. PII, Sensitive data, Financial data etc.) Research and analyze new data privacy regulations evolving across the globe Define technical and business requirements for data privacy and information governance solutions Implement data privacy, information governance, IT and information security related technology products. Perform basic supervisory duties to mentor and coach junior staff. Develop people through effective trainings and certification guidance.

Skill required.. •Accomplish ITQM objectives in the assigned project by planning, executing and evaluating quality activities (as per service description). Accountable that assigned projects implement security and compliance with applicable laws/regulations like CSV, NVS Standards, the IMF, and project methodology Hands-on experience in Regulatory Compliance (UK DPA, SOX, PII, Data Privacy & Security etc.). Should be able to liaison with the client information security, compliance & legal teams on regulatory requirements & facilitate evidence provisioning during audits • Experience in implementation of at least 2 complete cycles of Information Security Management Systems. Good understanding of domains such as Network security, Firewall audits, VA/PT, Access Management etc. Should have experience in domains such as ISAE3402 • Strong knowledge of Qualification and Validation project development/implementation processes. • Excellent FDA GxP understanding. • Knowledge of SoX, cGMPs, FDA and EMA guidelines. • Preferred Certifications: ISO 27000 LA, CISA, CISM, CISSP, ISO 9000 • Experience in planning & conducting & leading internal audits on information security, pharma quality & compliance • Experience in audits of ITSM processes (Change Mgmt, Incident/Problem Mgmt). ITIL V3 foundation must. • Good Program/Project management skills along analytics & reporting skills with strong communication & presentation. • Ability to work with all level of clients & internal resources • Knowledgeable about Business Continuity Management & Disaster Recovery. ISO 22301 experience preferred. JD • Point of contact for client stakeholders as well as HCL Operations team for guidance & support regarding compliance control requirements and implementation into service operations • Create & Document the control compliance plans for all services in scope • Lead Compliance processes for large Pharmaceutical Client for specific geography • Manages the infrastructure Qualification of hardware/Servers. • Maintains categorization of Off-the-shelf validation categories. • Ensure that the operations run-books & SOPs are inline & map with Policies, Standards, and Guidelines relating to security, privacy, and confidentiality for the Client IT Environment. Development of Security plan & ensuring adherence for all security domains relevant for in-scope services • Develop & Plan internal audit calendar aligned to clients internal as well as external audit schedule • Execute Security audits as per the agreed upon plan with client stakeholders and work with operations teams for remediation of any gaps and non-compliances • Provide agreed upon and ad-hoc reports for audits & compliance operations. • Facilitate in-time evidence provisioning to client audit, risk & compliance teams at time of external audits • Conduct process audits for ITSM as per agreed upon process controls • Participate in client meetings and committees that investigate compliance needs and develop new and modified Policies, Standards, and Guidelines We are looking for functional consultants have extensive experience in GxP related policies & process definitions and enforcements.

Client interface for understanding the SOX IT General Controls as applicable to Application &Infrastructure operations Conducting assessment of existing processes and align them to COBiT 2018 standard. Conducting TOE and TOD for ITGCs Documentation of as-is SOX 404 IT General Controls as they are currently being executed in client environment. Identify process exceptions and risk with respect to materiality defined by the SOX controller. Evaluating 3rd parties and their ITGC environments by assessment of SSAE18 reports Create Process Summaries, Compliance runbooks and RCMs. Define RACI for Control owners, executioners etc. Work with Senior Management of the organization and business teams in getting assertions. Point of contact for the client compliance & IT audit team for provisioning SOX audit evidence within the SLAs defined. Provide strategic guidance& consulting support on implementation of SOX controls for Networks, Operating Systems, System Security, Backup & Recovery, Storage, BCP/DR Identify technical remediations for SOX 404 ITGC and create short term and long term roadmap for remediation Conducting regular training for technical teams for SOX control implementation & audits Should have worked on consulting/implementation & audit of SOX IT General Controls associated with IT Operations (Mandatory) CGEIT, COBiT Experience & COSO ERM execution (preferred) Excellent understand & experience in IT applications &infrastructure management which includes SDLC, App Security, DevOps, Networks, Data Centre Operations, Service Management/Service Desk, Server Management etc. Excellent understanding of IT Service Management processes. ITIL certified. Should be able to identify & report risks related to SOX ITGC design effectiveness & operational effectiveness gaps Should have experience in executing end-to-end SOX ITGC audit life cycle Exposure to other regulatory compliances such as Data Protection Act Candidate should have client facing experience B.E/B.Tech with MBA preferred. Candidates with following Certifications will be preferred: CISA/CGEIT/CISM/CISSP ISO 27001 Implementer, Lead Auditor ITIL V3.0

We, S A R A & Associates is a multidisciplinary firm of Chartered Accountants with more than 30 qualified professional having offices in Mumbai City and suburbs. Currently, we have following opening: AUDIT PARTNER The Ideal candidate should be a Chartered Accountant having experience of atleast 20 years in an audit firm. The candidate should have expertise in Statutory Audit of listed Companies, IND-AS and has understanding of SEBI & Stock Exchange law. Additional qualification like CISA/DISA shall be preferred. The candidate should have an organized and systematic approach towards audit and must have good understanding of audit documentation. The candidate would be responsible for the following: Overseeing client audits and ensuring that they are completed in a timely manner. Leading the client service management team on the formulation of audit strategy and planning. Ensure standards and procedures maintained by whole team. Identify and capitalizing on opportunities and prospects for new work. Business development, including working with colleagues in other teams.

What is the Internal Audit group responsible for? The Franklin Templeton Internal Audit group is an independent and objective function within the Franklin Templeton organization, designed to improve and protect organizational value by providing independent, dynamic risk-based assurance and advisory services. Internal Audit (IA) accomplishes its objectives by being a future-focused and sought-after business partner driven by our insight, knowledge and expertise. What is the Manager, Internal Audit, responsible for ? As our Manager, Internal Audit, you will play a key role in assessing risks, reviewing internal controls, and providing forward-looking insights into improving business processes. You will work closely with senior Private Market stakeholders and co-source partners to deliver high-quality internal audit reviews and help strengthen governance. Collaboration with teams across Internal Audit and the wider organization, while working under limited supervision, is key to supporting delivery of organizational strategies. Our global organization provides a stimulating environment and the opportunity to collaborate with knowledgeable colleagues and specialists around the world. What are the ongoing responsibilities of the Manager, Internal Audit? Planning and executing Private Market audits and special projects, including meeting with auditee management, documenting the control environment, documenting control weaknesses, inefficiencies, root causes, risks, and recommendations. Finalizing audits and special projects for Private Market areas, including conducting exit meetings and drafting and/or reviewing the audit reports. Meeting and interacting with key stakeholders (primarily Private Markets), overseeing our co-source partner of internal audit services, coordinating with other internal compliance/risk management functions. Attending and reporting to Boards and Audit Committees (ACs) as required. Interacting with external auditors and/or regulators as required. Training and developing Internal Audit personnel, working on department-wide initiatives including methodology enhancements, quality assurance, audit tool/system enhancements and procedural reviews What ideal qualifications, skills & experience would help someone to be successful? Bachelor s Degree or equivalent in Business, Accounting, Information Technology, or a related discipline 10 to 15+ years of auditing experience and at least 4 years in a senior/supervisory position. 4+ years of top-tier public accounting firm experience Required to hold one or more professional certification/designations in the following: Auditing, e.g., CPA, CIA, CA, CISA, CFE Experience in the asset management industry (Private Markets - Private Credit / Private Debt, Real Estate, Private Equity) Knowledge of regulations affecting asset management Demonstrated ability to perform both Assurance and Advisory reviews as well as collaborating with co-source partners Data analytics / data visualization experience (e.g., Tableau, Power BI, Business Objects) What are the other abilities of an Audit Manager? Knowledge of and ability to understand, adapt, respond to, and proactively seek changes and innovation in the technology business environment to improve the competitive advantage of an organization Drive critical activities to completion. Ability to work independently and as part of a team with minimal supervision Apply organizational acumen to identify and maintain focus on key success factors for the organization Knowledge of and ability to work and think alongside stakeholders to achieve stakeholders current and future aspirations and successes Knowledge of effective influencing tactics and strategies; ability to impact decisions within and outside own organization Knowledge of and the ability to use summarization and simplification techniques to explain complex technical concepts in simple, clear language appropriate to the audience Work with minimal supervision and exercise independent judgment consistent with department guidelines Act as supervisor to lower-level staff Ability to interact with senior management on a regular basis Ability to maintain a professional image (e.g., demeanor, confidentiality, humbleness, maturity and confidence) Work Shift Timings - 2:00 PM - 11:00 PM IST

If you are a strategic thinker passionate about driving solutions and mitigating risk; you have found the right team. The Testing CoE (Center of Excellence) team is responsible for ensuring a strong and consistent control environment across the firm. This role is a great opportunity to be working with a large Controls Testing team and help establish a newly formed organization which provides the potential hire a good starting point within the firm. Job Summary As a Risk and Controls Testing Associate within the Testing Center of Excellence, you will be responsible for the execution of independent risk-based, point-in-time evaluations of the control design adequacy and execution effectiveness, to mitigate compliance, conduct and operational risks. The role requires overseeing the performance of complex evaluations of business processes through a comparison of actual processes against expected practices (policies, standards, procedures, laws, rules and regulations). Testing activities often include sophisticated data analytics on large datasets and regular engagement with senior stakeholders across the firm. This is an exciting opportunity to work on key risk initiatives as they become the focus of the firm and across the financial services industry. You will excel at creative thinking and problem solving; be self-motivated, confident and ready to work in a fast-paced, energetic environment. Through collaboration and analytical skills, you will contribute to the Testing CoE s overall success and strengthen the firm s compliance with regulatory obligations and industry standards. Job responsibilities Lead comprehensive control evaluations and substantive testing to independently assess the design and effectiveness of controls Ensure compliance with internal policies, procedures, and external laws, rules, and regulations, while identifying necessary remediation actions. This includes developing and executing testing procedures, meticulously documenting results, drawing informed conclusions, making actionable recommendations, and distributing detailed compliance testing review reports. Foster collaboration with Compliance and Operational Risk Officers on various engagements. This includes developing detailed test scripts, facilitating issue discussions, participating in business meetings, and drafting comprehensive final reports to ensure alignment and clarity. Utilize advanced critical thinking skills to apply substantive testing techniques, thoroughly evaluating the effectiveness of high-risk business processes and identifying potential areas for improvement. Proactively assess and monitor risks, ensuring adherence to firm standards, regulatory requirements, and industry best practices. Implement strategies to mitigate identified risks effectively. Collaborate with cross-functional teams and stakeholders to support the design and effectiveness of controls. Drive initiatives that enhance the business control environment through recommended updates to the Compliance and Operational Risk Evaluation (CORE) application. Develop and execute robust control test scripts aimed at identifying control weaknesses, determining root causes, and recommending practical solutions to enhance operational efficiency and control effectiveness. Document test steps and results in a comprehensive and organized manner, ensuring sufficient support and justification for testing conclusions. Maintain a high standard of documentation to facilitate transparency and accountability. Lead meetings with business owners at various management levels, delivering testing results and supporting sustainable control enhancements. Identify and capitalize on opportunities to strengthen controls and improve operational efficiency. Required qualifications, capabilities, and skills 3+ years of experience or equivalent expertise in risk management, assessment, control evaluations, or a related field, within the financial services industry. Possess a strong understanding of industry standards and regulatory requirements. Demonstrated ability to analyze complex issues, develop and implement effective risk mitigation strategies, and communicate insights and recommendations clearly to senior stakeholders. Proficient knowledge of risk management frameworks, regulations, and industry best practices. Ability to stay updated with evolving regulatory landscapes and adapt strategies accordingly. Exceptional ability to develop and communicate well-founded recommendations based on regulatory guidance and standards, ensuring alignment with organizational goals and compliance requirements. Highly organized and detail-oriented, with a proven track record of managing multiple priorities and delivering results in a fast-paced environment. Strong analytical and communication skills, with the ability to convey complex information in a clear and concise manner to diverse audiences. Preferred qualifications, capabilities, and skills CISM, CRISC, CISSP, CISA, CCEP, CRCM, CRCMP, GRCP, or other industry-recognized risk and risk certifications preferred. A background in auditing and the ability to understand of internal controls is beneficial. Proficiency in MS (Microsoft Suite) Office - Microsoft Word, Excel, Access, and PowerPoint.

Lead a team of approximately four technology audit colleagues including audit managers, senior/ staff auditors managing recruiting pipeline, candidate screening and selection process. Manage team metrics including effective and efficient execution of audits in conformance with professional and department standards, assigned schedule within budgeted hours and training program for development. Coach/teach/mentor/develop junior colleagues and co-sourced resources in geographically diverse locations on audit methodology, technology processes & controls, stakeholder communication and effective workpaper documentation. Monitor a portfolio of audit analytics, & use data to tell the business story, evaluate results and work with audit and business colleagues to synthesize findings, draft audit reports. Present audit objectives, scope, and results to senior management, clearly articulating the potential impact of control gaps in a highly professional and proficient manner. Execute simultaneous global audit projects of varying sizes and complexity within the technology, projects or third-party risk domains including support of integrated audits that consider financial, operational and compliance. Minimum Qualifications Bachelor s or equivalent degree in technology, information systems or related field Big 4 audit/consulting experience 8+ years of experience in technology audit, IT risk management, cybersecurity or related fields including the audit life cycle and professional auditing practices 4+ years of leadership experience managing audit teams and stakeholders Strong verbal and written communication skills that deliver high quality, actionable feedback to management Effectively works independently, within a team and across teams utilizing related project management skills, employing creative thinking, a focus on quality, and the ability to work on competing priorities Familiarity with technology frameworks e.g. NIST and Experience testing all IT General Control technology control domains Ability to break down a complex scenarios into components, solve them using data analysis, process and risk/control knowledge Self-confident with a strong sense of integrity, and the ability and willingness to challenge and be challenged transparency and integrity Proven ability lead team members in a way that inspires, develops, and delivers results Strong knowledge and appreciation of IA standards, regulatory, and financial industry guidance and best practices relevant to business, technology and data implications Preferred Qualifications Experience in a regulated financial services environment Technology or other audit credentials Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA) Experience testing interface inputs, reports, application security, business continuity and third parties Experience with using data analytic tools, data visualization, key risk indicators (KRIs), key performance indicators (KPIs), and scorecards / dashboards Benefits include: Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities

Roles & Responsibilities: Triage alerts and analyze security events/logs for threats such as computer viruses, exploits, and malicious attacks. Use critical thinking to bring together information from multiple sources to determine if a threat is present. Conduct security incident response and investigation. Conduct comprehensive security assessments and risk analysis on existing systems and applications. Analyze web traffic for suspicious patterns and potential security breaches. Perform vulnerability assessments and penetration testing. Prepare and provide security documentation and evidence for internal and external audits, ensuring compliance with regulatory requirements and security standards. Stay abreast of the latest cybersecurity trends, threats, and technologies to proactively address emerging risks. Bachelor s degree in computer science, Information Technology, cybersecurity, or a related field. 3+ years of relevant experience. Proficiency in conducting risk assessments, vulnerability assessments, and penetration testing.

About The Role : Job Title Vendor Risk Manager AVP LocationPune, India Role Description Vendor Management is responsible for the service relationship with a vendor on a transactional level and for transactional vendor related support tasks. Work includes Managing or performing strategic sourcing work to manage risk and optimize the value/resilience of materials/services sourcing including Establishing supplier relationship management processes and continuous improvement goals/programs Negotiating contracts and coordinating supplier integration plans with internal clients Monitoring market dynamics that impact materials/services availability and/or pricing Partnering with internal clients to identify sourcing needs, develop buyer/market profiles, identify marketplace trends, and define acceptable service levels What we'll offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Y our key responsibilities Vendor Risk Management (VRM) is the framework/process for identifying and managing the risks arising from working with third-party vendors (internal and external). All vendor relationships and transactions are assessed and those carrying higher inherent risks are subject to a more granular assessment. SO (Service Owner) role is responsible for owning the service and providing comprehensive details, responding to tasks in the VRM process when necessary. Your role Taking end-to-end ownership of each assigned Vendor Risk Management (VRM) Engagement Requests for an engagement as SO. Follow-up with Vendors point(s) of contact for responding to all Control questions raised during VRM process for an engagement. Escalations to be triggered as required. Attending all trainings and workshops defined as mandatory by internal Third-Party Risk Management (TPRM) teams. Keeping yourself familiarized and updated on all latest Policies and Procedures published by the various Risk Management Functions within Deutsche Bank. Keeping yourself familiarized and updated on control requirements of the latest Security Control for Third Parties (SCTP 4.0) and explain the same to vendors to ensure that appropriate evidence is shared by the vendors, which satisfy the Control requirement. Ensuring appropriate due diligence before Third Party Management (TPM) review initiation and familiarity with Risk Type Controller (RTC) requirements in advance Providing comprehensive and transparent details about the owned Engagement Request in the TPM platform in a timely manner Ensuring that the data provided about the owned Engagement Request are kept up-to date, in line with the TPM Key Operating Documents Performing VRM Process tasks when prompted by TPM and/or RTCs Notifying the relevant RTCs whenever gaps are closed, deadlines cannot be met or full mitigation is not possible, Remediating gaps identified for the Engagement Request and implementing mitigation plans, Reporting gaps by raising Self-Identified Issues (SII) in an engagement and follow-up for closure/mitigation on a timely basis, in line with the remediation plans shared, Addressing unmitigated risks/gaps in accordance with the Operational Risk Management Policy, TPRM Policy, TPRM Procedure and TPM Key Operating Documents, Ensuring the service does not commence before the VRM review is completed, Ensuring that no contract is signed, or service is delivered to any Deutsche Bank Legal Entity for which Compliance deemed the service prohibited, Ensuring adherence to contractual obligations by Vendor Ensuring compliance to Regulatory guidelines Timely submission of accurate data to Regulators. Liaising with Divisional Vendor Management Office (DVMO) resources for closing any open points related to the engagement requests, Ensuring all strategies and plans eg. Termination Exit Plans, Termination Exit Strategies, etc. related to an engagement are documented, agreed between the relevant stakeholders, and reviewed / updated on defined intervals. Ensuring that Monthly, Quarterly Governance meetings with appropriate stakeholders are conducted and the details documented in line with the SDM requirements, Ensuring monthly feedback / review is completed for all engagements in scope and the details are documented in the designated portals in line with relevant policies. Ensuring annual audits are budgeted, planned, and conducted for the identified vendors and follow-up to ensure all open findings are remediated by vendor. Your skills and experience Excellent skills and experience / technical knowledge in handling data/information security audits in Banking / Financial environments Minimum 10 years Knowledge and experience with handling / responding to controls around IT Security audits, Financial Audits eg. SOX IT (SOC) audits, ISO 27001:2022, PCI-DSS, etc. Working with multiple teams to remediate open findings identified during internal / external audits including regulatory audits, IT Security audits, etc. Familiar with security requirements for Banking applications and environments, A great team player who is comfortable in working and coordinating with diverse people from both internal as well as vendor teams, Excellent communication and mentoring skills, Experience with distributed, multi-locations teams, Able to inspire and motivate people and multi-disciplinary, self-organized teams, Any Certifications in areas of Information Security or Vendor Management is a plus, Professional level of English is mandatory. How we'll support you Training and development to help you excel in your career. Coaching and support from experts in your team A culture of continuous learning to aid progression. A range of flexible benefits that you can tailor to suit your needs. About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Description We are seeking an adaptable, self-motivated, and detail-oriented Senior Internal Auditor to plan, lead, and execute internal audit engagements to insure the effectiveness of Coretek s Information Security Program and internal business processes. The ideal candidate will have a strong background in auditing, risk assessment, and compliance. This role involves continuous planning, participation, and execution of internal and external audit engagements to ensure effectiveness of controls and compliance with relevant standards and frameworks. Key Responsibilities: Act as a subject matter expert for Coretek s audit frameworks and engagements. Plan, perform, and coordinate internal audits, ensuring compliance with organizational controls, policies, and processes. Prepare detailed internal audit reports that clearly articulate the objective, scope, results, findings, recommendations, and action plans for each audit. Distribute internal audit reports to stakeholders and conduct follow-up meetings to further discuss audit results, as needed. Prepare executive-level updates and reporting for status of internal and external audits and identified issues. Design and implement new internal audits to contribute to the effective monitoring of the Information Security Program. Prepare and maintain internal and external audit schedules and ensure that Coretek stays aligned with those schedules. Communicate internal/external audit schedules and updates to organization stakeholders. Assist with coordination of external audits and serve as a point-person in these audits, providing requested artifacts and information to external auditors. Work with stakeholders across the organization to gather and assess audit evidence. Follow up with stakeholders to collect evidence for internal/external audits in a timely manner. Work closely with management to develop action plans and monitor progress of identified gaps and issues. Leverage internal tools and procedures to assess and track controls and testing requirements Utilize data analytics to identify trends, patterns, and anomalies in audit data. Take responsibility for meeting audit deadlines Apply lessons learned to continuous improvement opportunities Respond to client requests for SOC 2 Type II reports, ISO certificates, etc. Stay updated on industry trends, regulations, and best practices. Foster a collaborative and supportive team environment. Provide guidance and support to junior auditors. Skills: Self-motivation Strong analytical, critical thinking, and problem-solving skills Strong attention to detail Adaptable with ability to thrive in a fast-paced environment Strong organization and time management skills Ability to handle multiple projects simultaneously Excellent verbal and written communication Ability to work independently and as part of a team Qualifications: Minimum of 5 -7 years prior audit experience Practical application and working knowledge of ISO 27001, ISO 27701, SOC 2, and NIST 800-171 controls Familiarity with Azure Expert MSP preferred Experience in the service provider or multi-tenant environment Four-year degree or equivalent industry experience Proficiency in Microsoft Office Suite Professional certification such as CISA is preferred Working knowledge of Drata GRC software preferred

At EY, you ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Job description At EY, you ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Technology Risk As part of our EY- Technology Risk team you ll contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to perform IT audits and delivering good quality work In line with EY commitment to quality, while actively participating within the client engagement. You ll also identify potential business opportunities for EY within existing engagements and facilitate integration as appropriate. You will actively establish, maintain and strengthen internal and external relationships. The opportunity We re looking for candidates to join our EY-Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. The incumbent gets an excellent opportunity to work virtually or directly with the engagement teams and client across Americas and Europe and develop knowledge of risk framework and internal controls. Your key responsibilities are to Participate in IT Risk and Assurance engagements. Be responsible for delivering highest quality deliverables which comply to EY methodology Work effectively as a team member, sharing responsibility, providing support, maintaining active communication, and updating senior team members on progress. Develop and maintain productive working relationships with onshore and client personnel. Work closely with onshore, cross-functional teams and develop strong relationships as project staff across the organisation. Participate in walkthrough for IT process and business process. Execute the design and operating effectiveness testing for IT controls and IT automated business process controls for different ERP s. Maintaining the engagement trackers on real time basis and keeping clear communication of status of work with team. Contribute ideas for improvement by comparing efficiency of review procedures performed across different clients. Contributes to a positive team environment by demonstrating consistent commitment and optimism towards work challenges. Promote EY s ethical and professional standards, including data confidentiality. Develop knowledge of use of EY technology and tools to continually learn, share knowledge with team members, and enhance service delivery. Skills and attributes for success Good knowledge and understanding of the auditing methodology. Strong interpersonal and good written & oral communication skills. Knowledge and understanding of common IT governance, control, and assurance industry frameworks, including COBIT and ISACA best practices. Good knowledge of key business processes such as Order to Cash, Purchase to Pay, Fixed Assets, Inventories, Period End Financial reporting process along with key accounting entries involved and key risks within business processes impacting the financial statements. Knowledge of Application structure, Database, Operating Systems, ERP s, SDLC process. Proficient with MS office and Outlook. Commitment to continuous learning and proactively implement onto new processes. Team player, with the ability to multi-task, flexible and can work under pressure. To qualify for the role, you must have Qualified Chartered Accountancy recently (Big4 Articleship/industry experience preferred) SAP/Oracle/Cybersecurity ERP certification (preferred) CISA, CISM, CRISC, DISA, ISO27001, Data privacy (27701) certifications (preferred) Any other relevant certification (Preferred) What we look for A Team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment. Opportunities to work with EY Technology Risk practices globally with leading businesses across a range of industries. What working at EY offers At EY, we re dedicated to helping our clients, from start-ups to Fortune 500 companies and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that s right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. At EY, you ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Job description At EY, you ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Technology Risk As part of our EY- Technology Risk team you ll contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to perform IT audits and delivering good quality work In line with EY commitment to quality, while actively participating within the client engagement. You ll also identify potential business opportunities for EY within existing engagements and facilitate integration as appropriate. You will actively establish, maintain and strengthen internal and external relationships. The opportunity We re looking for candidates to join our EY-Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. The incumbent gets an excellent opportunity to work virtually or directly with the engagement teams and client across Americas and Europe and develop knowledge of risk framework and internal controls. Your key responsibilities are to Participate in IT Risk and Assurance engagements. Be responsible for delivering highest quality deliverables which comply to EY methodology Work effectively as a team member, sharing responsibility, providing support, maintaining active communication, and updating senior team members on progress. Develop and maintain productive working relationships with onshore and client personnel. Work closely with onshore, cross-functional teams and develop strong relationships as project staff across the organisation. Participate in walkthrough for IT process and business process. Execute the design and operating effectiveness testing for IT controls and IT automated business process controls for different ERP s. Maintaining the engagement trackers on real time basis and keeping clear communication of status of work with team. Contribute ideas for improvement by comparing efficiency of review procedures performed across different clients. Contributes to a positive team environment by demonstrating consistent commitment and optimism towards work challenges. Promote EY s ethical and professional standards, including data confidentiality. Develop knowledge of use of EY technology and tools to continually learn, share knowledge with team members, and enhance service delivery. Skills and attributes for success Good knowledge and understanding of the auditing methodology. Strong interpersonal and good written & oral communication skills. Knowledge and understanding of common IT governance, control, and assurance industry frameworks, including COBIT and ISACA best practices. Good knowledge of key business processes such as Order to Cash, Purchase to Pay, Fixed Assets, Inventories, Period End Financial reporting process along with key accounting entries involved and key risks within business processes impacting the financial statements. Knowledge of Application structure, Database, Operating Systems, ERP s, SDLC process. Proficient with MS office and Outlook. Commitment to continuous learning and proactively implement onto new processes. Team player, with the ability to multi-task, flexible and can work under pressure. To qualify for the role, you must have Qualified Chartered Accountancy recently (Big4 Articleship/industry experience preferred) SAP/Oracle/Cybersecurity ERP certification (preferred) CISA, CISM, CRISC, DISA, ISO27001, Data privacy (27701) certifications (preferred) Any other relevant certification (Preferred) What we look for A Team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment. Opportunities to work with EY Technology Risk practices globally with leading businesses across a range of industries. What working at EY offers At EY, we re dedicated to helping our clients, from start-ups to Fortune 500 companies and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that s right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

ASSOCIATE CONSULTANT Experienced in Information Security Risk Management with experience in implementing and maintaining Risk Management frameworks (ISO 31000 & ISO 27001) Should have executed and managed consulting and audit assignments for clients in the areas such as internal audit, operational risk management and compliance management. Should be adept at conducting gap analysis, risk assessments to identify vulnerabilities. Have worked with organizations to develop Business Continuity Plans and Disaster Recovery related processes. Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Should have Knowledge on information security incident management. Specific Duties and Responsibilities Include: Proactively protect the organizations information by ensuring appropriate information security controls are in existence and enforced Conduct audits to verify the compliance to organizations security standards Assist in Business Continuity Planning and Implementation. Metrics collection & reporting Must Have Skills Excellent communication and presentation skills. Able to effectively interact with various functions. Good to have Skills / Certification Minimum: ISO27001:2013 Lead Auditor course Good to have: CISSP, CISA, CISM, ISO22301QualificationBE/ BTech, MCA, MBA with specialization in Information Security #eviden

ASSOCIATE CONSULTANT Experienced in Information Security Risk Management with experience in implementing and maintaining Risk Management frameworks (ISO 31000 & ISO 27001) Should have executed and managed consulting and audit assignments for clients in the areas such as internal audit, operational risk management and compliance management. Should be adept at conducting gap analysis, risk assessments to identify vulnerabilities. Have worked with organizations to develop Business Continuity Plans and Disaster Recovery related processes. Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Should have Knowledge on information security incident management. Specific Duties and Responsibilities Include: Proactively protect the organizations information by ensuring appropriate information security controls are in existence and enforced Conduct audits to verify the compliance to organizations security standards Assist in Business Continuity Planning and Implementation. Metrics collection & reporting Must Have Skills Excellent communication and presentation skills. Able to effectively interact with various functions. Good to have Skills / Certification Minimum: ISO27001:2013 Lead Auditor course Good to have: CISSP, CISA, CISM, ISO22301QualificationBE/ BTech, MCA, MBA with specialization in Information Security #eviden

IS audit of Banks’ Application systems and related IT operations such as IT Governance, Information Security Governance, Audit of IT General Controls, IT Infrastructure audits, Audit of Outsourced agency having impact on banks’ IS operations, etc. Required Candidate profile Experience - 15 to 25+ years Location - Mumbai -Andheri East

About the role: The global Identity Access Management team is passionately serving our stakeholders while evolving best practices. As an Identity Access Analyst , you have a pivotal operational role to provide and deprovision system access. You have an equally crucial role to partner collectively with stakeholders to mature, streamline, and automate Identity and Access Management procedures for Blackbaud. What you’ll do Ensure appropriate Control through timely removal of unnecessary or inappropriate system access? Expediently provision approved access, often utilizing evolving Role Based Access Controls (RBAC), for Blackbaud systems to prevent excessive permissions and rights. ?? Proactively expand approved RBAC roles through analysis, recommendation and adoption/rollout. Analyze and resolve access issues, coordinating with system owners or technical support resources as necessary. Participate in ongoing audits and assessments, and assist with implementation of audit or compliance recommendations? Develop and maintain detailed documentation on standard operating procedures, system configurations, and technical settings for internal team use, end user support? Identify , evaluate and recommend opportunities to eliminate, streamline, and automate access management practices. Partner with colleagues including application owners, cloud engineers, cyber security SMEs, etc. to effectively execute improvements based on expected value. Generate reports to perform in-depth analysis and data collection for issues associated with IAM? What you’ll bring 2 years of experience in Identity or Access Management?? Tireless adherence and attention to appropriate IT general computing controls? Ability to understand, work with and where appropriate leverage various technologies including PowerShell , ServiceNow, SailPoint's Identity-Now, Active Directory, EntraID , Salesforce, Workday, etc. Practical experience with SCA, ITIL, COBIT, NIST and/or other security and control frameworks? Stay up to date on everything Blackbaud, follow us on Linkedin, X, Instagram, Facebook and YouTube ? Blackbaud is a digital-first company which embraces a flexible remote or hybrid work culture. Blackbaud supports hiring and career development for all roles from the location you are in today! Blackbaud is proud to be an equal opportunity employer and is committed to maintaining an inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.

We are looking for experienced TPRM (Third-Party Risk Management) Consultants with a strong background in the Life Sciences domain. The role involves conducting internal audits and third-party risk assessments focused on cybersecurity, compliance, operational, and fraud risks within pharmaceutical or healthcare settings. Candidates should be skilled in evaluating vendor risks, drafting SOPs and policies, performing gap analyses, and ensuring regulatory alignment. Relevant certifications like CISM, CISA, or CISSP are a plus. Location : - India(Remote) Preferably Hyderabad

GRC Lead will manage and strengthen our Governance, Risk, and Compliance (GRC) initiatives for Managed Security Services (MSS) within the Telecom sector. The GRC Lead will be responsible for ensuring that the services we provide to our telecom clients adhere to industry standards, regulatory requirements, and robust risk management practices. This individual will play a key role in aligning our security services with client business objectives, improving our security posture, and ensuring compliance with telecom-specific regulations and frameworks. You have: 7+ years of experience in Governance, Risk, and Compliance (GRC), with at least 3 years in telecom or Managed Security Services (MSS) with a degree in Telecommunication Engineering, Computer Science, Information Security, or a related field (B.E/B.Tech/M.E/M.Tech/MCA). Expertise in telecom-specific security technologies: Firewalls, IDS/IPS, SIEM, encryption, access management, and incident response platforms. Experience working with security and compliance frameworks: ISO 27001, NIST CSF, PCI-DSS, GDPR, NIST SP 800-53, ETSI EN 303 645, also telecom infrastructure, including MPLS, 5G, IoT, and SDN/NFV. Familiarity with GRC tools such as RSA Archer, ServiceNow GRC, or MetricStream. Experience in telecom risk management processes, regulatory assessments, and vendor risk governance. It would be nice if you also had: Industry certifications such as CISM, CISA, CISSP, CRISC, ISO 27001 Lead Auditor/Implementer, TOGAF, or ITIL. Experience in stakeholder management, including executive communication, regulatory liaison, and conflict resolution with auditors or vendors. Strong analytical, negotiation, and project management skills in a cross-functional, multicultural telecom environment. Provide security governance leadership tailored to telecom networks, including mobile, 5G, SDN/NFV, and MPLS environments. Lead risk assessment, threat modeling, and management activities for telecom networks and emerging technologies like IoT and cloud. Ensure compliance with global and local telecom regulatory requirements (e.g., TRAI, DoT, GDPR, FCC, ETSI) through audits, reviews, and reporting. Manage and maintain telecom-specific security policies, technical and administrative controls, and compliance frameworks (ISO 27001, NIST, PCI-DSS). Act as the prime security and compliance interface towards customers, internal teams, auditors, subcontractors, and third-party suppliers. Develop and maintain a risk register, tracking treatment plans and mitigation strategies across client environments. Provide proactive consultation and guidance to customers regarding security best practices and compliance requirements. Oversee incident and crisis response activities to minimize business impact and regulatory exposure, ensuring adherence to notification guidelines. Ensure vendor security due diligence, contract compliance, and ongoing third-party risk monitoring within the telecom supply chain.

Develop and implement machine learning algorithms, Generative AI models for various projects, with a focus on the financial and banking domain. Develop and apply techniques for Explainability, Privacy, and fairness in AI models and Generative AI. Use case development including building AI applications, such as Deep learning, LLM/RAG/finetuning, NLP, computer vision and pattern recognition. Work with a team of AI/ML engineers and data scientist to implement AI solutions, or AI agents, build MLOps Pipeline on cloud (AWS, Azure, or GCP) and on-prem setup along with CI/CD Pipelines. Work with data mining toolkits like NLP, Semantic Web, NLTK, and information retrieval libraries like Lucene, SOLR, Elastic. Work with version controls such as Git or bitbucket. Work with containerization and docker implementation and Kubernetes Optimize Gen AI models for improved accuracy. Testing and monitoring the AI models for accuracy and efficiency. Keep abreast of the latest AI/ML threats, vulnerabilities, and countermeasures. Communicate with a team and document the processes Stay up to date on emerging AI technologies, framework and methodologies. Requirements: 1-3 years of hands-on experience in software development, with a focus on AI/ML, NLP, DL. Strong knowledge of AI/ML algorithms, Recommendation systems, Reinforcement Learning, Gen AI and AI Agents. Proficient in any one of the programming languages like Python or R, knowledge of frameworks such as scikit-learn, Keras, PyTorch, Tensorflow, etc., with an understanding of AI compliance. Ability to design and implement cloud solutions and ability to build MLOps pipelines on cloud solutions (AWS, MS Azure or GCP/On-premise hosting). Well-versed with various AI/ML libraries for managing Bias, Variance etc. Experience in FastAPI. Experience with MLOps Frameworks like Kubeflow, MLFlow, DataRobot, Airflow etc., experience with Docker and Kubernetes, OpenShift Having knowledge or an understanding of Open-Source Tools such as MLFlow and Fairlearn. Having an understanding of Gen AI prompt engineering techniques such as N-Shot, Chain of thoughts, Cove, etc. Ability to stay updated with the latest AI/ML security trends and technologies. . Bachelors or Masters degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices. Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review. Conceptual knowledge of OT Security/ISA 62443 standard is preferable.

GRC Lead will manage and strengthen our Governance, Risk, and Compliance (GRC) initiatives for Managed Security Services (MSS) within the Telecom sector. The GRC Lead will be responsible for ensuring that the services we provide to our telecom clients adhere to industry standards, regulatory requirements, and robust risk management practices. This individual will play a key role in aligning our security services with client business objectives, improving our security posture, and ensuring compliance with telecom-specific regulations and frameworks. You have: 7+ years of experience in Governance, Risk, and Compliance (GRC), with at least 3 years in telecom or Managed Security Services (MSS) with a degree in Telecommunication Engineering, Computer Science, Information Security, or a related field (B.E/B.Tech/M.E/M.Tech/MCA). Expertise in telecom-specific security technologiesFirewalls, IDS/IPS, SIEM, encryption, access management, and incident response platforms. Experience working with security and compliance frameworksISO 27001, NIST CSF, PCI-DSS, GDPR, NIST SP 800-53, ETSI EN 303 645, also telecom infrastructure, including MPLS, 5G, IoT, and SDN/NFV. Familiarity with GRC tools such as RSA Archer, ServiceNow GRC, or MetricStream. Experience in telecom risk management processes, regulatory assessments, and vendor risk governance. It would be nice if you also had: Industry certifications such as CISM, CISA, CISSP, CRISC, ISO 27001 Lead Auditor/Implementer, TOGAF, or ITIL. Experience in stakeholder management, including executive communication, regulatory liaison, and conflict resolution with auditors or vendors. Strong analytical, negotiation, and project management skills in a cross-functional, multicultural telecom environment. Provide security governance leadership tailored to telecom networks, including mobile, 5G, SDN/NFV, and MPLS environments. Lead risk assessment, threat modeling, and management activities for telecom networks and emerging technologies like IoT and cloud. Ensure compliance with global and local telecom regulatory requirements (e.g., TRAI, DoT, GDPR, FCC, ETSI) through audits, reviews, and reporting. Manage and maintain telecom-specific security policies, technical and administrative controls, and compliance frameworks (ISO 27001, NIST, PCI-DSS). Act as the prime security and compliance interface towards customers, internal teams, auditors, subcontractors, and third-party suppliers. Develop and maintain a risk register, tracking treatment plans and mitigation strategies across client environments. Provide proactive consultation and guidance to customers regarding security best practices and compliance requirements. Oversee incident and crisis response activities to minimize business impact and regulatory exposure, ensuring adherence to notification guidelines. Ensure vendor security due diligence, contract compliance, and ongoing third-party risk monitoring within the telecom supply chain.

Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelor's Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk