You Lead the Way. We ve Got Your Back. At American Express, you ll be recognized for your contributions, leadership, and impact every colleague has the opportunity to share in the company s success. Together, we ll win as a team, striving to uphold our company values and powerful backing promise to provide the world s best customer experience every day. And we ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong. Join Team Amex and lets lead the way together. About the Internal Audit Group at American Express: Our Internal Audit Group (IAG) is a worldwide function with 300+ team members and offices across nine countries within American Express. We are committed to growing our audit staff significantly. Our mission is to protect and enhance organizational value by providing independent, objective, risk-based assurance, advisory services and to influence the way the company manages risk. Our assurance and risk professionals have diverse backgrounds including internal controls, consumer compliance, technology, operational risk, financial accounting, data analytics, and banking operations. Our audit teams align to key risk areas and business units to ensure IAG can provide comprehensive and risk-based audit coverage. In addition, IAG has a Professional Practices group responsible for managing audit operations, quality, and standards; regulatory relations; reporting; training and professional development; and key internal capabilities and technologies. American Express IAG has reinvented our audit process and is leading the financial services industry with our Data-Driven Continuous Auditing, and Auditor of the Future initiatives. Each uniquely support our Winning Aspiration to be a world class internal audit function that: Provides data-driven and technology-enabled assurance Delivers timely risk insights that are business-aware and forward-looking Supports our colleagues with experiences that prepare them to be enterprise leaders About the Role: Our Internal Audit Group is seeking an eager Staff Auditor Technology Audit to help advance and grow our audit coverage across our IT general controls (ITGC) portfolio. In this role, the ideal candidate will focus on technology processes and technology risk management. This opportunity may include supporting Enterprise Projects, Third-Party Risk audit entities, as needed. Additionally, this role will work immediately alongside colleagues that provide coverage over IT Applications, Cybersecurity and Resiliency. Key Responsibilities include: Effective and efficient execution of audit procedures through planning, fieldwork and reporting stages in conformance with professional and department standards, assigned schedule and within budgeted hours. Work within an audit team in diverse geographic locations including co-sourced team-members throughout the audit lifecycle of planning Engage in continuous learning through department training and self-study on audit methodology, technology processes & controls, stakeholder communication and effective workpaper documentation. Contribute to the development of audit analytics that use data to tell the business story, evaluate results and work with audit and business colleagues to synthesize and document findings. Participate in and support planning and capture of meetings with management to represent audit objectives, scope, and results. Execute simultaneous global audit projects within the technology, projects or third-party risk domains including support of integrated audits that consider financial, operational and compliance. Minimum Qualifications Bachelor s or equivalent degree in technology, information systems or related field Big 4 audit/consulting experience 2+ years of experience in technology audit, IT risk management, cybersecurity or related fields including the audit life cycle, testing technology controls and professional auditing practices Strong verbal and written communication skills that demonstrate an understanding of risks and controls with actionable feedback to audit managers and team leads. Effectively works within a team and across teams utilizing project management skills, employing creative thinking, a focus on quality, and the ability to work on competing priorities Drive results with an ability to embrace complex scenarios with curiosity and confidence using process, risk/control knowledge and exposure to internal audit standards. Strong sense of integrity and the ability and willingness to challenge and be challenged. Preferred Qualifications Experience in a regulated financial service environment Familiarity with guidance and best practices relevant to business, technology and data implications Technology or other audit credentials e. g. Certified Information Systems Auditor (CISA) Experience testing interface inputs, reports, application security, business continuity or third parties Understanding of data analytics, data visualization, key risk indicators (KRIs), key performance indicators (KPIs), and scorecards / dashboards Shift Timing - Rotational Benefits include: Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities

At EY, you ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Portfolio Compliance Enablement Leader Today s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 1000 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust. Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value. The Opportunity As an Assistant Director in the Information Security Portfolio Compliance Enablement function, you will work closely with our service line and function technologists from across the globe to support EYs digital services by ensuring compliance with Information Security policies. You will work with business teams to enhance their risk posture and partner with leaders to uphold policy compliance across global, regional, and country-based assets and systems. Your role includes maintaining the security and technology compliance posture through governance and oversight, ensuring data protection, privacy, and software development practices meet legal and regulatory standards. Key Responsibilities This position in the Information Security Portfolio Compliance Enablement function will focus on these pillars: Risk Management and Reduction: Assisting with managing the Portfolio or Service Line of security risk and compliance, engaging directly with key EY stakeholders to mitigate and reduce risks and provide insights on top risks impacting the security posture of the businesses. Trend Identification and Remediation: Gather information and report on security risk trends and themes that require a comprehensive approach to remediation. Proactive Security Initiatives: Proactively seeking out and identifying security risks, weaknesses, and potential vulnerabilities in systems and processes before they can be exploited. Improve compliance with security standards and policies though continuous improvement and innovation in security practices. Governance, Risk, and Compliance (GRC) Management: Assist with managing the end-to-end workflow of security compliance of risk findings in our Governance, Risk, and Compliance (GRC) tool to ensure continuity and compliance with security policies, standards and regulations. Key responsibilities include: Lead and contribute to projects that improve EYs risk posture. Develop and implement compliance strategies and remediation plans. Collaborate with Service Line and business stakeholders to reinforce policies, control ownership, and compliance responsibilities and support the communication of security findings and recommendations. Contribute to proactive security initiatives and continuous improvement of security practices. Translate technical vulnerabilities into business risk terms. Maintain and enhance compliance assessment toolkits. Conduct assessments and evaluate compliance effectiveness for technology infrastructure, applications, and third-party dependencies. Identify policy enforcement gaps and propose improvements. Skills and Attributes for Success Proven experience in compliance management within Information Security. Ability to balance security needs with business impact. Strong leadership and organizational skills. Capable of building relationships and facilitating compliance to security policies. Experience in risk assessments and recommending remediation strategies. Ability to develop and oversee enforcement protocols. Proficient in communicating complex issues and negotiating solutions. Knowledgeable in technical infrastructure and applications. Ability to team well with others to facilitate and enhance the understanding compliance to security policies. Assist with metrics to evaluate the effectiveness of policy enforcement and generate regular reports. Ability to maintain a high level of integrity, trustworthiness and confidence to represent the company and security leadership with professionalism To Qualify for the Role, You Must Have At least 8 years of experience in Cyber Security or a related field ( At least 3 years of experience in a leadership role managing a team. A degree in Cybersecurity, Information Security, Computer Science, or related discipline; or equivalent work experience. One or more of the following or equivalent certifications: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT Familiarity with security standards like ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT. Understanding of governance, risk, and compliance (GRC) frameworks. Experience with regulatory requirements such as PCI, SOX, HIPAA, GDPR, GLBA. Proven ability to identify and mitigate security risks proactively. Capable of working with diverse teams and promoting an enterprise-wide, collaborative security culture Experience in managing communication and recommendations to IT project teams. Strong English language communication skills and the ability to work with diverse teams. Ideally, You ll Also Have Good judgment, tact, and decision-making ability. Familiarity with local and regional regulatory requirements. Flexibility to adapt to changing priorities. Strong management, interpersonal, communication, organizational, and decision-making skills. Experience with GRC platforms like RSA Archer or IBM Open Pages. What we look for We are looking for individuals with a passion for information security and demonstrated ability to apply their knowledge to new and emerging technologies that are supporting the growth strategy of a global professional services firm. What we offer As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here s a snapshot of what we offer: Continuous learning: You will develop the mindset and skills to navigate whatever comes next. Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way. Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

As an Associate within the Risk and Controls Testing Center of Excellence, you will be responsible for the execution of independent risk-based, point-in-time evaluations of the control design adequacy and execution effectiveness, to mitigate compliance, conduct and operational risks The role requires overseeing the performance of complex evaluations of business processes through a comparison of actual processes against expected practices (policies, standards, procedures, laws, rules and regulations) Testing activities often include sophisticated data analytics on large datasets and regular engagement with senior stakeholders across the firm This is an exciting opportunity to work on key risk initiatives as they become the focus of the firm and across the financial services industry You will excel at creative thinking and problem solving; be self-motivated, confident and ready to work in a fast-paced, energetic environment Through collaboration and analytical skills, you will contribute to the Testing CoE s overall success and strengthen the firm s compliance with regulatory obligations and industry standards Job responsibilities Lead comprehensive control evaluations and substantive testing to independently assess the design and effectiveness of controls Ensure compliance with internal policies, procedures, and external laws, rules, and regulations, while identifying necessary remediation actions. This includes developing and executing testing procedures, meticulously documenting results, drawing informed conclusions, making actionable recommendations, and distributing detailed compliance testing review reports. Foster collaboration with Compliance and Operational Risk Officers on various engagements. This includes developing detailed test scripts, facilitating issue discussions, participating in business meetings, and drafting comprehensive final reports to ensure alignment and clarity. Utilize advanced critical thinking skills to apply substantive testing techniques, thoroughly evaluating the effectiveness of high-risk business processes and identifying potential areas for improvement. Proactively assess and monitor risks, ensuring adherence to firm standards, regulatory requirements, and industry best practices. Implement strategies to mitigate identified risks effectively. Collaborate with cross-functional teams and stakeholders to support the design and effectiveness of controls. Drive initiatives that enhance the business control environment through recommended updates to the Compliance and Operational Risk Evaluation (CORE) application. Develop and execute robust control test scripts aimed at identifying control weaknesses, determining root causes, and recommending practical solutions to enhance operational efficiency and control effectiveness. Document test steps and results in a comprehensive and organized manner, ensuring sufficient support and justification for testing conclusions. Maintain a high standard of documentation to facilitate transparency and accountability. Lead meetings with business owners at various management levels, delivering testing results and supporting sustainable control enhancements. Identify and capitalize on opportunities to strengthen controls and improve operational efficiency. Required qualifications, capabilities, and skills A minimum of 3+ years of experience or equivalent expertise in risk management, assessment, control evaluations, or a related field, within the financial services industry. Possess a strong understanding of industry standards and regulatory requirements. Demonstrated ability to analyze complex issues, develop and implement effective risk mitigation strategies, and communicate insights and recommendations clearly to senior stakeholders. Proficient knowledge of risk management frameworks, regulations, and industry best practices. Ability to stay updated with evolving regulatory landscapes and adapt strategies accordingly. Exceptional ability to develop and communicate well-founded recommendations based on regulatory guidance and standards, ensuring alignment with organizational goals and compliance requirements. Highly organized and detail-oriented, with a proven track record of managing multiple priorities and delivering results in a fast-paced environment. Strong analytical and communication skills, with the ability to convey complex information in a clear and concise manner to diverse audiences. Preferred qualifications, capabilities, and skills CISM, CRISC, CISSP, CISA, CCEP, CRCM, CRCMP, GRCP, or other industry-recognized risk and risk certifications preferred. A background in auditing and the ability to understand of internal controls is beneficial. Proficiency in MS (Microsoft Suite) Office - Microsoft Word, Excel, Access, and PowerPoint.

Job Description: Responsibilities Policy Governance: Establish, maintain, and enforce the organization s information security strategy, policies, and standards. Vendor Risk Management: Oversee and manage the organization s Vendor Risk Management Program, ensuring third-party compliance with security requirements. Cyber Risk Register: Maintain and manage the cyber risk register to document and track identified risks, mitigation efforts, and progress. Customer Contract Reviews: Partner with Legal to review customer contracts for compliance with security requirements and organizational standards. Customer Security Questionnaires: Respond to customer security questionnaires to address inquiries about the organization s security posture. Customer Trust Center: Maintain and update the Customer Trust Center to ensure transparency and confidence in the organization s security practices. Legal, Regulatory, and Compliance Tracking: Research, track, and ensure the organization remains compliant with relevant legal, regulatory, and compliance requirements. Key skills Responsible for identifying, evaluating, and reporting on information security risk to information assets Acting as a subject-matter expert on relevant compliance and regulatory frameworks (E.g. HIPAA, ISO standards, PCI, SOC 2, GDPR, CCPA, etc), and staying on top of industry best practices. Engaging in risk management and updating playbooks to align with current industry standards, regulatory changes, and best practices Engaging in Disaster Recovery (DR) and Business Continuity Planning (BCP), and managing the testing of these plans Conducting compliance audits to ensure adherence to cybersecurity standards and regulations Monitoring compliance with regulations and standards, typically by key cybersecurity KPIs. Engaging in Third-Party Risk Management (TPRM) by analyzing and minimizing risks associated with outsourcing to third-party vendors or service providers. Assisting with documentation following incident response Security awareness and training Engaging in regulatory change management to make sure the companies policies and practices are adjusted following regulatory updates Preparing detailed reports and documentation of compliance findings and security gaps Developing and implementing controls to address cybersecurity and compliance needs across an organization Implementing GRC programs with the knowledge in Data-driven decision, Responsible operations and Improved cybersecurity Experience on Tools and Software such as GRC platforms (e.g., RSA Archer, MetricStream); Risk management tools (e.g., RiskWatch, LogicManager); Compliance management software (e.g., ComplyAdvantage). Having knowledge on best practices for GRC in the cloud era include leveraging integrated GRC platforms to centralize management of risks, controls, and compliance activities across cloud environments. Implementing robust access controls, encryption, and monitoring mechanisms helps ensure data security and compliance with regulatory requirements. Operational knowledge on Regular risk assessments to address cloud-related risks effectively. Additionally, fostering collaboration between IT, security, compliance, and business teams facilitates the alignment of cloud initiatives with organizational goals and GRC objectives. Experience on Continuous monitoring, training, and adaptation to evolving cloud technologies and regulatory landscapes Educational Backgrounds Bachelor s degree in information security, Business Administration, or a related field with 3 to 5 years of experience. Certifications such as Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) are highly beneficial Culture is our Passion

Ready to be pushed beyond what you think you re capable of? At Coinbase, our mission is to increase economic freedom in the world. It s a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform and with it, the future global financial system. To achieve our mission, we re seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company s hardest problems. Our work culture is intense and isn t for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there s no better place to be. The Internal Audit Function at Coinbase works to enhance and protect organizational value by providing independent, risk-based, objective assurance and advisory services designed to add value and improve the Companys operations. The Internal Audit Function helps Coinbase accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, compliance, risk management, and control processes. The Coinbase Internal Audit function is looking for a highly motivated manager to help set up a Findings Validation Function. This role is based in India (Remote) and will be reporting to an Internal Audit Manager. The individual will be responsible for learning and supporting all aspects of the Finding validation process, including validation, testing and reporting. In addition, the manager will be responsible for establishing and maintaining standards within the Finding Validation Team being created. What you ll be doing (ie. job duties): Leading and managing a team of three members performing validations Assessing the adequacy and promptness of managements responses and the corrective measures implemented from assigned findings, including sustainability of remediation efforts. Coordinating with auditees to acquire necessary evidence for testing. Collaborating with stakeholders across various time zones and business functions. Providing comprehensive reports on the status of Findings Remediation for various legal entities within the organization. Addressing regulatory inquiries concerning the status of Findings. Facilitating seamless collaboration among multiple audit teams. Advocating for new ideas and innovative methods to execute projects and enhance internal infrastructure, with a focus on process or technology improvements. Engaging closely with the global internal audit team, spanning the US and EMEA regions. What we look for in you (ie. job requirements): A BA/BS degree in business, finance, and other related fields 8+ years of experience in Internal Audit, Risk Management, Compliance or Management Consulting Excellent understanding of an internal control environment Working knowledge of laws, regulations, risk management practices for the financial services industry Relevant industry experience and/or public accounting experience preferred Proven project management skills with the ability to juggle multiple responsibilities and deadlines Solid analytical and problem solving skills, with high standards for quality, accuracy and attention to detail Excellent written and verbal communication skills Experience leading and managing teams Demonstrated proficiency in Google Suite or MS Excel, Word and PowerPoint Nice to haves: Experience working in a fast paced organization Experience with Regulatory Finding/Issue Validation Entrepreneurial attitude and experience with, or the ability to adapt to, a rapidly growing start-up with associated complexities and ambiguities Experience working with/in an out-sourced or co-sourced internal audit function Ability to work across functions and time zones Understanding of crypto, payments and/or financial services industry and experience in auditing information systems and controls Professional Internal Audit / IT Audit qualification (e.g., CISA, CFE, etc.) or comprehensive working knowledge of the Chartered Institute of Internal Auditor practice P68610 Pay Transparency Notice: The target annual salary for this position can range as detailed below. Full time offers from Coinbase also include target bonus + target equity + benefits (including medical, dental, and vision). Pay Range: 6,612,600 6,612,600 INR Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbases roles before applying. Commitment to Equal Opportunity Coinbase is committed to diversity in its workforce and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the Know Your Rights notice here . Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law. Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations[at]coinbase.com to let us know the nature of your request and your contact information. For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here) . Global Data Privacy Notice for Job Candidates and Applicants Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here . By submitting your application, you are agreeing to our use and processing of your data as required. For US applicants only, by submitting your application you are agreeing to arbitration of disputes as outlined here.

Description and Requirements Position Summary The Firewall and Network Security Senior Analyst works to continuously improve MetLife s cybersecurity posture by providing firewall and network device security subject matter expertise. This role will primarily manage and improve the process to ensure enterprise firewalls and network devices (routers, switches and wireless access points) are adequately secured and monitored. In addition to strong technical knowledge of firewalls and other network devices, this role requires a high level of organization, excellent communication/collaboration skills with peers and all levels of management, and the ability to influence and to quickly re-prioritize and pivot as threats and objectives change. Key Responsibilities: Ensure security tools designed to perform periodic network device assessments and validate that they meet compliance standards and are updated Ensure security standards and baseline policies are in place on critical applications that are hosted on SaaS WAF tool Gain a solid understanding of firewalls various security features and help deploy those features efficiently. Work with the firewall engineering team to ensure firewalls are properly configured according to industry best practices and MetLife standards Maintain and enhance IDS/IPS standards; Document, review and approve traffic configuration rules Responsible for helping create a firewall analytics and dashboarding process based on Splunk Maintain and document security policy and standards for all authorized network devices (Firewalls, routers, switches, wireless access points). Proactively identify and make recommendations on potential security issues and solutions. Knowledge, Skills and Abilities Education Bachelor s degree in computer science, information systems or related field, or equivalent work experience Experience Candidate must have a combined minimum of 7 years hands on experience in the fields of IT and Cyber Security Experience managing, implementing, and supporting the core functions of Akamai Kona Site Defender Experience with Cisco routers, Palo Alto firewalls ; Experience with APs and Wireless Controllers ; Experience with SolarWinds Network Performance Monitor and Network Configuration Manager ; Ability to interpret PCAPs; Experience with BlueCoat, WAF; Familiar with CSC 11,12,15 Knowledge and skills (general and technical) Strong grasp of operational processes, IT general controls, security controls and vulnerability management Candidate must have experience working in complex, diverse and international environments and possess excellent communication and presentation skills Ability to lead and influence team members and cross-functional teams Experience managing projects involving interdepartmental teams and external vendors / third parties Experience in application security best practices and how to mitigate common attack vectors Other Requirements (licenses, certifications, specialized training if required) Ability to perform basic scripting to analyze and automate repeatable processes Relevant industry certifications such as CISM, CISSP, CISA, CCNA-Security, Security+, MCSE, GSEC, GIAC, PMP, LEAN and Six Sigma are desired Working Relationships Internal Contacts (and purpose of relationship): All Internal GOSC Stake Holders External Contacts (and purpose of relationship) If Applicable Stateside Client/ Engineers from different regional Security teams

At Pitney Bowes, we do the right thing, the right way. As a member of our team, you can too. We have amazing people who are the driving force, the inspiration and foundation of our company. Our thriving culture can be broken down into four components: Client. Team. Win. Innovate. We actively look for prospects who: Are passionate about client success. Enjoy collaborating with others. Strive to exceed expectations. Move boldly in the quest for superior and best in market solutions. Job Description: Join Pitney Bowes as a Software Engineer - User Provision Support Years of experience: 2 - 5 Years Job Location - Pune you have: 2 - 5 years professional experience in IT and/or Cybersecurity with User Provisioning, administration of user accounts and access privileges in the organization s identity management system. Work closely with the IAM team to ensure that the right people have access to the right resources. Responsible for the day-to-day identity administration Involved in troubleshooting and resolving IAM issues. Participate in IAM projects and initiatives. Work with internal customers, business analysts, and application teams to understand access requirements. Maintain documentation for the IAM program. Participate in IAM audits and review access control reports to identify potential risks. Provide training to new users. Update and maintain the IAM system according to changes in the organization s business needs. Streamline the processes of provisioning, updating and de-provisioning accounts Act as liaison with business units to promote security awareness and identify/recommend quality business processes that not only meet data protection and system resiliency requirements, but preserve a quality user experience Assist the approval process of Change Management of Roles and Profiles to ensure compliance with agreed Security and Authorization guidelines Support / Manage the continuous improvement projects including the production of Role-to-Users and Risk Ruleset changes, Segregation of Duties optimization, and any other as deemed appropriate to satisfy data security and SOX audit requirements Facilitate document requests and information gathering for audit activities Preferred Bachelor s degree in information security, Computer Science or equivalent Information Security Certifications such as CISA, CISSP, IAT, GIAC, CEH, CISM, GSEC Knowledgeable and experienced in: SAP ECC, SCM, GRC, S4 HANA S4C, S4 HANA C4C, S4 HANA IAG, S4HANA FSM IBM CPQ Oracle OLFM SFDC, ServiceMax HFM JIRA Service Desk Confluence About Pitney Bowes Pitney Bowes (NYSE:PBI) is a global technology company providing commerce solutions that power billions of transactions. Clients around the world, including 90 percent of the Fortune 500, rely on the accuracy and precision delivered by Pitney Bowes solutions, analytics, and APIs in the areas of ecommerce fulfillment, shipping and returns; cross-border ecommerce; office mailing and shipping; presort services; and financing. For 100 years Pitney Bowes has been innovating and delivering technologies that remove the complexity of getting commerce transactions precisely right. For additional information visit Pitney Bowes at https://www.pitneybowes.com/in . Only Talent Matters at Pitney Bowes Pitney Bowes is an equal opportunity workplace. To remove unconscious biases from our hiring process, we encourage Blind Applications from candidates applying for jobs at Pitney Bowes. This means that details such as gender, caste, religion, nationality, and age are omitted from applications. And candidates can choose to reveal only their first or last name on the application. Watch the video here: https: / / www.youtube.com / watchv=dNB-K5KFU78 Watch the videos below for more information about Life at Pitney Bowes: Who we are Pitney Bowes All Stars Pitney Bowes named a Great Place to Work Pitney Bowes Gratitude Video Pitney Bowes COVID Care Pitney Bowes was the recipient of several coveted Awards: We will: Provide the will: opportunity to grow and develop your career Offer an inclusive environment that encourages diverse perspectives and ideas Deliver challenging and unique opportunities to contribute to the success of a transforming organization Offer comprehensive benefits globally ( P B Live Well ) Pitney Bowes is an equal opportunity employer that values diversity and inclusiveness in the workplace. All interested individuals must apply online.

At Pitney Bowes, we do the right thing, the right way. As a member of our team, you can too. We have amazing people who are the driving force, the inspiration and foundation of our company. Our thriving culture can be broken down into four components: Client. Team. Win. Innovate. We actively look for prospects who: Are passionate about client success. Enjoy collaborating with others. Strive to exceed expectations. Move boldly in the quest for superior and best in market solutions. Job Description: Join Pitney Bowes as a Advisory Software Engineer - User Provision Support Years of experience: 6 - 8 Years Job Location - Pune you have: 6 - 8 plus years professional experience in IT and/or Cybersecurity with User Provisioning, administration of user accounts and access privileges in the organization s identity management system. Work closely with the IAM team to ensure that the right people have access to the right resources. Responsible for the day-to-day identity administration Involved in troubleshooting and resolving IAM issues. Participate in IAM projects and initiatives. Work with internal customers, business analysts, and application teams to understand access requirements. Maintain documentation for the IAM program. Participate in IAM audits and review access control reports to identify potential risks. Provide training to new users. Update and maintain the IAM system according to changes in the organization s business needs. Streamline the processes of provisioning, updating and de-provisioning accounts Act as liaison with business units to promote security awareness and identify/recommend quality business processes that not only meet data protection and system resiliency requirements, but preserve a quality user experience Assist the approval process of Change Management of Roles and Profiles to ensure compliance with agreed Security and Authorization guidelines Support / Manage the continuous improvement projects including the production of Role-to-Users and Risk Ruleset changes, Segregation of Duties optimization, and any other as deemed appropriate to satisfy data security and SOX audit requirements Facilitate document requests and information gathering for audit activities Preferred Bachelor s degree in information security, Computer Science or equivalent Information Security Certifications such as CISA, CISSP, IAT, GIAC, CEH, CISM, GSEC Knowledgeable and experienced in: SAP ECC, SCM, GRC, S4 HANA S4C, S4 HANA C4C, S4 HANA IAG, S4HANA FSM IBM CPQ Oracle OLFM SFDC, ServiceMax HFM JIRA Service Desk Confluence About Pitney Bowes Pitney Bowes (NYSE:PBI) is a global technology company providing commerce solutions that power billions of transactions. Clients around the world, including 90 percent of the Fortune 500, rely on the accuracy and precision delivered by Pitney Bowes solutions, analytics, and APIs in the areas of ecommerce fulfillment, shipping and returns; cross-border ecommerce; office mailing and shipping; presort services; and financing. For 100 years Pitney Bowes has been innovating and delivering technologies that remove the complexity of getting commerce transactions precisely right. For additional information visit Pitney Bowes at https://www.pitneybowes.com/in . Only Talent Matters at Pitney Bowes Pitney Bowes is an equal opportunity workplace. To remove unconscious biases from our hiring process, we encourage Blind Applications from candidates applying for jobs at Pitney Bowes. This means that details such as gender, caste, religion, nationality, and age are omitted from applications. And candidates can choose to reveal only their first or last name on the application. Watch the video here: https: / / www.youtube.com / watchv=dNB-K5KFU78 Watch the videos below for more information about Life at Pitney Bowes: Who we are Pitney Bowes All Stars Pitney Bowes named a Great Place to Work Pitney Bowes Gratitude Video Pitney Bowes COVID Care We will: Provide the will: opportunity to grow and develop your career Offer an inclusive environment that encourages diverse perspectives and ideas Deliver challenging and unique opportunities to contribute to the success of a transforming organization Offer comprehensive benefits globally ( P B Live Well ) Pitney Bowes is an equal opportunity employer that values diversity and inclusiveness in the workplace. All interested individuals must apply online.

Technologies Industries Resources Careers / Careers / / Security Engineer Security Engineer (4-7 Years) Remote / Kochi / Trivandrum Share Facebook Twitter LinkedIn Experience: 4-7 years Key Responsibilities: Triage and respond to security incidents and alerts. Monitor Common Vulnerabilities and Exposures (CVE) alerts and create CVE alerts for company products. Conduct threat hunting and log monitoring across multiple telemetry sources and vendors. Perform threat modeling and maintain security documentation. Triage and respond to SOC 2 security issues and alerts. Support compliance initiatives with NIST Cybersecurity Framework (CSF), CISA s Secure By Design Initiative, SOC 2, and other relevant standards. Assist in designing and executing technical table-top exercises to enhance security preparedness. Required Skills Qualifications: Strong knowledge of cybersecurity principles, threat detection, and incident response. Experience with CVE monitoring, vulnerability management, and risk assessment. Hands-on experience with SIEM tools, log analysis, and security telemetry. Familiarity with compliance frameworks such as NIST CSF, SOC 2, and CISA s Secure By Design. Proficiency in security documentation, reporting, and risk analysis. Strong analytical and problem-solving skills with the ability to respond to security threats effectively. Preferred Qualifications: Security certifications such as CISSP, CISM, CEH, or equivalent. Experience with security automation and scripting. Knowledge of cloud security best practices. Previous experience working in a SOC or security operations environment.

Job Summary: The Audit Lead is responsible for understanding security requirements to meet industry best practices with a focus on certification and regulatory requirements. As part of this role, the Audit Lead is responsible for mapping these requirements to security controls and actionable practices across various functions within the company. In some instances this individual will be responsible for designing security controls that best fit our environment while maintaining security compliance. Finally, applying automation to as many controls as practicable to ensure on-going compliance (e.g., evidence collection) and managing compliance programs from a centralized governance management system. Duties and Responsibilities: Working with our internal and external security auditors for various certification programs including ISO, SOC2, ITGC, NIST CSF, NIST 800-53, among others, to facilitate successful internal and external security audits that lead to industry certifications. Ensure all security controls r equired for several security certification programs including ISO, SOC2, ITGC, NIST CSF, NIST 800-53, among others, are designed, operational and mapped to the corporate security control matrix. This includes annual review and updating of existing IS Policies, Standards and Procedures and development of new documents as necessary to support Governance and Compliance requirements. Work with cross-functional teams to ensure all security controls are fully operational with evidence being captured on an on-going basis. Coordinate with cross-functional teams, ongoing compliance monitoring and evidence capture. Lead and report on status of security audits for various security programs, ensuring auditors are managed, and evidence is provided in a timely manner. Interact and deliver strong communication enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff. Analyze and lead enterprise security program overview discussions and coordinate gap remediation efforts with business functions. Desired Skills: Bachelordegree preferred or equivalent combination 6+ years of work experience related to the Information Security disciplines, with a minimum of 5 years working in a cloud product vendor environment (ideally AWS). Understanding of Information Security and Governance Risk and Compliance (GRC) terms, terminology and practices. Strong communication skills for communicating at various levels in the organization. Familiarity with common technical security controls and control frameworks such as ISO 27001/2/17/18, SOC2, GDPR, NIST CSF, NIST 800-53, among others. Industry recognized certifications are a plus, e.g., CISSP, CISM, CISA, GIAC, etc. Team-oriented and will promote execution and change through influence and partnership. Experience clearly articulating information security risk into business terms and presenting to company management.

Role Details: The IT Compliance Manager is responsible for ensuring that the bank's IT systems and processes adhere to regulatory requirements and industry standards. This role involves developing and implementing IT compliance strategies, managing audits, and collaborating with various departments to maintain a robust compliance framework. Key Responsibilities: Develop and oversee the bank's IT compliance strategy, policies, and procedures. Ensure compliance with all relevant regulatory requirements, including RBI guidelines and international standards. Conduct regular assessments of IT systems and processes to identify compliance gaps. Collaborate with IT teams to implement corrective actions and improvements as necessary. Stay up-to-date with changes in IT regulations and industry best practices. Prepare and submit compliance reports to regulatory authorities. Manage a team of compliance professionals and provide guidance and training. Foster a culture of compliance awareness and ethical behaviour within the IT department. Education and Work Experience: Bachelor's degree in Computer Science, Information Technology, or a related field. Relevant certifications (e.g., CISA, CISM, CISSP) is a plus. Minimum of 5 years of experience in IT compliance, governance, or related roles within the banking or financial services industry. Strong understanding of Indian banking regulations and IT security standards. Experience in leading compliance audits and assessments. Excellent communication and leadership skills. Ability to work collaboratively with cross-functional teams.

Job description Role : Information Security GRC - Lead Experience : 6+ years (Relevant) Location : Gurgaon Work Mode: WFO Role & responsibilities Global Standards ISO 27001,22301 and Control Testing (ITGC) Understand Compliance Assessment requirements inline to global security standards. Ability to validate effectiveness of controls implemented. Regulatory Compliance and Reporting Exposure Understand Regulatory and Business requirement and drive the Information security compliance requirements in line to the same. Eg. RBI, CERT-IN, IRDAI, Global Regulations 3rd Party Vendor Risk Assessment Understand Business requirement and drive the Information security compliance requirements in line to the same Training & Development Skills for managing training implementation w.r.t InfoSec, Aadhar to bank employees. Security KPI`s and KRI`s Identify the KPIs for different various Information security deliverables and document matrices for effectiveness measurement. Understanding of Security Technologies Understanding of Security Tools and Devices such as Firewall, IDS, DDoS, SIEM etc. Project Management Skills Skills for managing complex project implementation, stakeholder and senior management briefings. Soft Skills Candidate should be able to understand the questions & express their answers/thoughts precisely with confidence. Other desirable Skills Documentation, Managing Auditors, Led by Example Qualification: Preferred candidate profile 6+ years of Experience with GRC, Cyber Security & RBI regulatory Experience performing information security audits or risk assessments Familiarity with security auditing processes Must be familiar with dashboard creation and proficiency with Microsoft Windows software programs, MRI experience a plus Indian Banking exp preferred Must be handling a team If interested share your cv at aishwarya@beanhr.com

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993 Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara KPMG in India offers services to national and international clients in India across sectors We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature A Bachelors degree in engineering and approximately 2 -6 years of related work experience; or a master s or MBA degree in business, computer science, information systems, engineeringExpertise in coding skills (eg, Java, C++, C, SQL, Oracle)Experience in performing IT audits of banking/financial sector applicationsGood to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (eg, NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc)Technical Knowledge of IT Audit ToolsExperience in carrying out OS/DB/Network reviewsExposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantageExperience in performing technical code reviews (understanding code logic based on business requirement) Strong project management, communication (written and verbal) and presentation skillsA team playerStrong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalismPreferred Certifications - CISA/CISSP//CISMExposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantageProficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their colour, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability, or other legally protected status KPMG India values diversity and we request you to submit the details below to support us in our endeavour for diversity Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you Skills Required: Risk Based IT Internal Audit for Financial Services EntitiesIT SOX 404 Controls Testing, Quality AssuranceInternal Financial Controls related to IT General Controls as part of Financial Statements AuditsIT Risk & Control Self-Assessment Business Systems Controls / IT Application Controls Auditing Emerging Technologies such as Cloud Security, Intelligent Automation, RPA, IoT etcWorking knowledge of programming languages(C/C++/Java/SQL) Role: Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster RecoveryPerform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk & Control Matrix Perform business process walkthrough and controls testing for IT Audits Performing planning and executing audits, including: Information Security reviews Information Technology Infrastructure reviews Application reviews Use knowledge of the current IT environment and industry IT trends to identify the engagement and client service issues and communicate this information to the project manager Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables Demonstrate a thorough understanding of complex information systems and apply it to client situations Use extensive knowledge of the clients business/industry to identify technological developments and evaluate impacts on the work to be performedRisk Based IT Internal Audit for Financial Services EntitiesIT SOX 404 Controls Testing, Quality AssuranceInternal Financial Controls related to IT General Controls as part of Financial Statements AuditsIT Risk & Control Self-Assessment Business Systems Controls / IT Application ControlsAuditing Emerging Technologies such as Cloud Security, Intelligent Automation, RPA, IoT etcWorking knowledge of programming languages(C / C++ / Java / SQL)Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project s progress Monitoring and Tracking for Budget and Time Estimates on engagements Conducting IT audits, IT Internal Audit, Robotics Process Automation (RPA) AuditsConducting SOX audits, Third Party Security audits Conducting controls assessment in manual/ automated environmentInformation Security AssessmentsConducting OS/DB/Network reviewsPrepare/Review of Policies, Procedures, SOPs

As an Associate within the Testing CoE team, you will be responsible for ensuring a strong and consistent control environment across the firm. Your role in risk identification, control evaluation, and security governance is crucial in advising on complex situations and enhancing the firm s risk posture. Through collaboration and analytical skills, you will contribute to the Testing CoE s overall success and strengthen the firm s compliance with regulatory obligations and industry standards. Job responsibilities Assess end to end business processes to identify significant gaps and determine issue root causes. Partners with business units to drive control evaluation, monitoring and testing efforts across multiple business groups, technology domains, and operational functions to identify control gaps as well as opportunities for effectiveness and efficiency improvements Critical thinking skills to apply substantive testing techniques to thoroughly evaluate the effectiveness of high-risk business processes. Assess and monitor risks, ensuring compliance with firm standards, regulatory requirements, and industry best practices. Collaborate with cross-functional teams and stakeholders to support control design and effectiveness. Contribute to the development and/or enhancement of business control environment through recommended control and other updates to the Compliance and Operational Risk Evaluation (CORE ) application Develop and execute robust control test scripts designed to identify control weaknesses, determine root causes, and recommend solutions Document test steps and results in comprehensive and organized manner to sufficiently support and justify testing conclusions Participate in meetings with business owners at various levels of management, deliver testing results and support sustainable control enhancements; recognize opportunities to strengthen controls and improve operational efficiency. Required qualifications, capabilities, and skills 3+ years of experience or equivalent expertise in risk management, assessment, control evaluations, or a related field with a strong understanding of industry standards Demonstrated ability to analyze complex issues, develop and implement risk mitigation strategies, and communicate effectively with senior stakeholders. Proficient knowledge of risk management frameworks, regulations, and industry best practices Have an ability to effectively develop and communicate recommendations based on regulatory guidance and standards. 1-2 area specific skill sets Preferred qualifications, capabilities and skills CISM, CRISC, CISSP, CISA, CCEP, CRCM, CRCMP, GRCP,, or other industry-recognized risk and risk certifications preferred. A background in auditing and the ability to understand of internal controls is beneficial Knowledge of data analytical tools such as Tableau, Altryx or Pythyon and proficiency in MS (Microsoft Suite) Office - Microsoft Word, Excel, Access, and PowerPoint. Proficient knowledge of (tech, finance, controls etc.

We are on the lookout for a talented IT Auditor to join our business assurance team. As an IT Auditor you will play a crucial role in evaluating technology infrastructure , assessing IT Systems and processes to ensure security, efficiency and compliance with policy and regulations. Identify risks, access controls, design testing of automated control and providing recommendations to enhance processes. If you are passionate about tech, this could be the perfect opportunity for you! Key Responsibilities : Plan, execute, and oversee IT audits for e-commerce systems, including cloud infrastructure, payment gateways, and data privacy controls. Conduct IT audits to assess risks, security controls, and compliance. Evaluate IT policies, procedures, and regulatory adherence (e.g., SOX, GDPR). Review system access controls, data integrity, and cybersecurity measures. Identify vulnerabilities and recommend mitigation strategies. Collaborate with IT, security, and compliance teams to strengthen controls. Prepare audit reports, findings, and recommendations for management. Stay updated on emerging IT risks, best practices, and compliance standards. Required Skills Qualifications: Bachelor s degree in IT, Computer Science, or related field. Certifications like CISA, CISSP, or CISM preferred. Strong knowledge of IT security, risk management, and compliance frameworks. Experience with auditing tools, cloud security, and data protection. Experience of Continuous Control Monitoring Experience in Data Analytics Analytical thinking, attention to detail, and problem-solving skills. Excellent communication and report-writing abilities. Experience: 3+ years in IT auditing. Strong understanding of e-commerce platforms, cloud security, and payment systems. Proficiency in IT risk management, cybersecurity frameworks, and compliance standards. Strong understanding of e-commerce platforms, cloud security, and payment systems.

At Armanino, you determine your career path. This means its possible to pursue challenges you are passionate about, in industries you care about. Armanino is proud to be among the top 20 Largest Firms in the United States of America and one of the Best Places to Work. Armanino has more than 2500 employees across the USA and more than 20 offices in different states of the USA. We have a community of resources that are ready and willing to support your ideas, build your skills and expand your professional network. We want you to integrate all aspects of your life with your career. At Armanino, we know you don t check-out of life when you check-in at work. That s why we ve created a unique work environment where your passions, work, and family friends can overlap. We want to help you achieve growth by giving you access to a network of smart and supportive people, willing to listen to your ideas. This open position is for Armanino India LLP, which is located in Ahmedabad, Gujarat, India. Armanino India LLP is a fully owned subsidiary of Armanino. (USA). Job Responsibilities Primarily perform SOC audits, along with ITGCs support, HITRUST certifications, and ISO assessments. Learn the clients platform structure, security, and software. Learn the client s system and control environment and how it impacts their associated customer users. Exercise professional skepticism in the critical assessment of audit evidence. Possess knowledge of Windows and/or UNIX-based operating systems, SQL and other databases, cloud environments, application change management methodologies and security best practices. Thoroughly evaluate assigned areas of fieldwork and identify potential points for improvement. Develop an understanding of client businesses related to assigned engagements. Know and apply specialized knowledge, for example, the SOC Trust Services Criteria and SOC report framework, and the rules, regulations, and code of ethics of the AICPA. Requirements Degree in Accounting, Management Information Systems (MIS), Information Technology, or related field. Minimum of 2-4 years of Public Accounting experience, with some exposure to SOC, HITRUST or ISO engagements. Ability to identify internal control deficiencies and document management letter comments for purposes of communicating deficiencies and weaknesses to clients. Demonstrate knowledge or interest in information technology. Working knowledge of the Microsoft Office Suite and Adobe Acrobat Engagement. Achieved or working towards CPA or CISA certification. Master s degree in Accounting, Finance, or a related field. Compensation and Benefits Compensation: Commensurate with Industry standards Other Benefits: Provident Fund, Gratuity, Medical Insurance, Group Personal Accident Insurance etc. employment benefits depending on the position. "Armanino is the brand name under which Armanino LLP, Armanino CPA LLP, and Armanino Advisory LLC, independently owned entities, provide professional services in an alternative practice structure in accordance with law, regulations, and professional standards. Armanino LLP and Armanino CPA LLP are licensed independent CPA firms that provide attest services, and Armanino Advisory LLC and its subsidiary entities provide tax, advisory, and business consulting services. Armanino Advisory LLC and its subsidiary entities are not licensed CPA firms. Armanino provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Armanino complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Armanino expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Armanino employees to perform their job duties may result in discipline up to and including discharge. We have a community of resources that are ready and willing to support your ideas, build your skills and expand your professional network.

As an ISO 27001, you will be responsible for ensuring the effectiveness and compliance of the organization. Conduct ISO 27001 Audits Audit Reporting and Documentation Provide Recommendations and Guidance Continuous Improvement Client Interaction Required Candidate profile Bachelor’s degree in Information Security, IT, CSE, or a related field. Relevant certifications such as ISO 27001 Lead Auditor, CISA/CISM are desirable. B-Tech/BE/ME/BCA/MCA/BBA/MBA/Diploma(CS/IT). Perks and benefits Hybrid Model of Working, Client interaction, TA/DA

About Workato Workato transforms technology complexity into business opportunity. As the leader in enterprise orchestration, Workato helps businesses globally streamline operations by connecting data, processes, applications, and experiences. Its AI-powered platform enables teams to navigate complex workflows in real-time, driving efficiency and agility. Trusted by a community of 400, 000 global customers, Workato empowers organizations of every size to unlock new value and lead in today s fast-changing world. Learn how Workato helps businesses of all sizes achieve more at workato. com . Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles . We are driven by innovation and looking for team players who want to actively build our company. But, we also believe in balancing productivity with self-care . That s why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives. If this sounds right up your alley, please submit an application. We look forward to getting to know you! Also, feel free to check out why: Business Insider named us an enterprise startup to bet your career on Forbes Cloud 100 recognized us as one of the top 100 private cloud companies in the world Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America Quartz ranked us the #1 best company for remote workers Note: This role requires working during overlapping hours with the US PST zone. Are you flexible and available to work between 3:00 PM IST onwards? We need significant experience with auditing PCI, NIST 800-171, NIST 9-800-53, SOC2, and possibly IRA. Responsibilities Workato is seeking a detail-oriented, highly motivated, technology-savvy and passionate Senior GRC Analyst professional who wants to support, promote and further mature the companys security GRC program. Responsible for leading NIST 800-171, NIST 800-53, and IRAP assessments and certification. Responsible for executing various security compliance initiatives such as risk assessments, security control audits and 3rd party risk assessments. You will use your strong communication, analytical and troubleshooting abilities to quickly identify and report on controls from various security domains, control and/or process gaps and to identify process and technology opportunities. Primary responsibilities include, but are not limited to: Lead internal and external audits related to ISO 27001/ISO 27701, PCI-DSS, NIST 800-171, NIST 800-53, and IRAP. Overseeing risk, compliance, and governance programs across departments Leverage broad experience to coordinate work assignments with process owners, control owners, external auditors, and consultants to ensure issues are documented and monitored. Document and perform assessments as needed and review contracts for security requirements. Exhibit strategic agility and proactively identify and correct process gaps and improvements to further the maturity of Workato s information security program in alignment with company goals and objectives. Clearly and effectively communicate security issues and risks to diverse audiences and ensure compliance with applicable controls based on a unified framework. Conduct periodic user access reviews Support developing remediation plans for issues and risks, coordinate activities with control owners, and track remediation to completion. Maintaining and documenting the risk register. Oversight of the vendor security assurance program Ability to work independently and as part of a team with a professional attitude and demeanor Partner with stakeholders to design internal controls based on regulatory requirements and best practices for ongoing risk mitigation of information systems. Support and guide information risk and security discussions with technical and non-technical groups Build and cultivate positive working relationships with stakeholders across various teams. Performs other related duties as assigned. Requirements Qualifications / Experience / Technical Skills 8+ years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management. Relevant experience working with AWS, Azure, Google or any other cloud computing environment. Experience negotiating prioritization of risks and remediation findings with internal teams. B. S. degree in Management Information Systems, Computer Science, Information Security, or any security technology-related field Solid understanding of technical security controls related to perimeter security operations, including Cloud service providers, firewalls, IDS/IPS, Vulnerability Management, and services offered by cloud service providers. Ability to prioritize and multitask with minimal supervision. Excellent skills in troubleshooting, problem-solving, analytical thinking, and project management Technical knowledge/Experience in security control technologies such as firewalls, IDS, DLP, Vulnerability Management, AWS environment, Application Security, Monitoring and logging tools, etc. Working knowledge of the controls and implementation of DFARS Clause 252. 204-7012 (NIST 800-171) and NIST Risk Management Framework (NIST 800-53) Experience auditing security standards/frameworks such as PCI-DSS, SOC, and ISO 27001/27701, etc. CISSP, CISA, PCI ISA, PCIP, CMMC RP, or similar security certifications preferred It may require working outside of normal business hours periodically It may require some international travel Soft Skills / Personal Characteristics Excellent communication skills that translate compliance requests into technical recommendations. High level of energy and a desire to thrive in a fast-paced organization; ability to balance multiple projects under pressure Excellent team player with a willingness to share knowledge with others. Excellent personal and time management skills Very high attention to detail, high integrity, and business ethics Willing to learn and take on new responsibilities

Role & responsibilities : Responsible for the security of an organization's information, systems, and technology. Identifying vulnerabilities in our current network. Developing and implementing a comprehensive plan to secure our computing network. Monitoring network usage to ensure compliance with security policies. Keeping up to date with developments in IT security standards and threats. Collaborating with management and the IT department to improve security. Documenting any security breaches and assessing their damage. Educating colleagues about security software and best practices for information security. Preferred candidate profile : Experience of minimum 5 years. Certified in at least two INFOSEC areas. Perks and benefits : As per company standards

Ensure all IT policies are reviewed, updated, and approved annually Execute annual BCP Tests and store evidence of results Execute annual DR Tests and store evidence of results Maintain Risk and Control Matrix for IT controls relative to SOX Required Candidate profile 7 years in GRC, Information Security audits Understanding of security classification, change controls, SDLC, security controls Experience with ISO standards, GDPR, NIST, PCI DSS. CIA/CISA/CISSP

The ERP Risk & Automation Services (ERAS) team assists with various consulting, internal, and external audit clients by bringing in-depth ERP/ business applications, data analytics (DA), risk management and IT audit skills where needed. As part of the RSM's Risk Consulting practice, the specialty service provides complex data analysis and automation services for both external and internal clients, assists in data governance assessments, data conversion/ integration validation, process and performance mining, risk and audit analytics, integrated risk management services, continuous auditing and monitoring program implementations, internal controls design/assessments, segregation of duties assessments and key report testing. We're looking for a dynamic, hands-on manager who thrives in both strategic planning and day-to-day operations. As a Data Risk and Automation Manager, you will lead a team while being actively involved in the workflow, ensuring smooth processes, and contributing to projects at every stage. This role requires someone who can inspire a team, make decisions, and, when necessary, roll up their sleeves to get the job done. The Data Risk and Automation Manager is responsible for managing a team that scopes, designs, develops and deploys systems and processes for addressing critical data risks to our clients, including: a) providing data-driven analytics-based insights into key risk areas, b) analyzing data strategy and validating the integrity of data conversion and integration activities as part of an ERP/ business applications system implementation, c) providing insights, analytics and automation recommendations to address client opportunities, d) evaluating the maturity and viability of an organizations overall IT risk, data governance, and audit readiness strategy and processes and e) providing integrated risk management solutions across all three lines of defense. Responsibilities: Provide data analytics, risk management and IT audit subject matter expertise during business development pursuits; e.g. proposals, cost build-ups, sales meetings Identify, prioritize and execute on high-value opportunities to improve data risk services methodologies; including developing and delivering training, whitepapers, and desktop procedures for best-practice evaluation methods by business application (prioritization on Oracle Fusion, SAP ECC and SAP S/4HANA, Microsoft D365, Workday, NetSuite and other tier 1 business applications Identify and prioritize high-value opportunities to improve audit and compliance processes through analytics and automation, particularly in areas unique to Data GRC (e.g., metadata management, master data management, data lineage capture and mapping, risk and controls design and testing, upstream and downstream data quality and accuracy validations, etc.) Responsible for developing and implementing data analytics solutions, including creating dashboards and reports. This role requires technical expertise to directly build and manage analytics, not just overseeing a team or performing high-level QA. The specialist will actively engage in data analysis, build visualizations, and provide actionable insights to support decision-making. Upskill and train more junior staff on best practices and approach to data and risk management, including risk management and internal audit basics, analytics and automation. Responsible for execution and review and approval of all work-papers and deliverables, including reporting to client stakeholders. Provide guidance to other internal and external stakeholders (clients, industry events, market events, etc.) on related data risk, analytics best practices Facilitate sessions with internal and external personnel to effectively design methodology that: a) help audit/compliance professionals learn more about the business in order to better focus attention on the areas of highest risk, and b) identify issues and potential process exceptions Manage communication with IT and/or business resources to locate internal and external data for analysis, understand data, and make data requests or direct connections to databases Champion sustainable data risk, analytics and automation design concepts Manage the development of visualization, dashboards and scripts, using agile development methodology Perform quality assurance over developer practices for data mapping, data transformations, data joining/blending, data quality, data cleansing, and other data movement related activities Provide guidance to both internal and external stakeholders on interpreting analytic results Coordinate data risk services with off-shore resources at the RSM Delivery Center in India Assist with university/campus outreach and recruiting Be an active participant in local employee network groups and build relationships with RSM members across all lines of business and consulting as representing practice services and capabilities Position Requirements: Experience managing a team of 3-8 individuals providing services to numerous clients simultaneously Project and program management expertise and strong written and verbal communication skills Detail-oriented with a pro-active, inquisitive and creative approach to work, preferred to be analytics and technology inclined Experience as an auditor or supporting internal or external audit teams with fundamental understanding of enterprise risk management and compliance and/or best practice frameworks sch as COSO, Sarbanes-Oxley (SOX), COBIT, etc. Understanding basic accounting, operations and auditing concepts and reporting skills, including documentation requirements Understanding and ability to describe the flow of typical business processes, covering the purchase-to-pay, order-to-cash, and record-to-report cycles, at a minimum. Minimum Qualifications: Undergraduate degree in Accounting, Management Information Systems, Computer Science, or equivalent level of education Minimum of 6 years in IT audit and/or compliance with expertise in key reporting testing and experience in testing IT application controls, business process controls, and IT general controls Minimum of 3 years' experience in technical analytics using analytics and cleansing tools such as Alteryx. Minimum of 3 years in public accounting in audit or risk advisory services capacity CPA, CISA, or CIA Preferred Qualifications: Experience with data analytics of large ERP applications such as MS D365, SAP, Oracle, NetSuite and Workday. Hands-on experience using audit-focused GRC technologies such as AuditBoard, ServiceNow, TeamMate, Idea, and WDesk. Experience using other industry standard data analysis technologies such as Alteryx, SAS, SQL, and/or Python Experience developing and/or managing dashboard solutions created using Power BI, Tableau, Qlik, or similar technologies Experience with process mining using tools like Celonis or ABBYY Timeline Experience working with automations software such as Automation Anywhere and UiPath. Experience working with data from cloud-based applications like Workday, NetSuite, Salesforce, Concur is a plus Business development experience is a plus Certifications in one or more data analysis technologies such as Alteryx, Tableau, or Power BI Standards of Performance: Data stewardship - Maintain confidentiality, integrity and availability of information with your custody A self-starter with a process improvement mentality who is hands on, results-oriented, and leads by example A strong entrepreneurial spirit with the highest levels of professional and personal honestly, integrity and ethics Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments Ability to interact with all levels of client staff, including executives and senior managers Possess strong business ethics and willingness to adhere to stringent professional standards Ability to put forth additional effort to meet deadlines when necessary Ability to travel to local client sites and/or the local office at least 3 days per week Ability to travel out-of-town as need for client and other meetings (up to 20%)

We are seeking a highly skilled OT (Operational Technology) Cybersecurity Professional/Expert to design, implement, and manage cybersecurity solutions for our clients industrial environments. Candidate should be able to play a pivotal role in delivering secure..." /> Offerings Technologies Industries About Us Careers English English Deutsch Fran ais Offerings Technologies Industries About Us Careers English English Deutsch Fran ais OT Cybersecurity Expert We are seeking a highly skilled OT (Operational Technology) Cybersecurity Professional/Expert to design, implement, and manage cybersecurity solutions for our clients industrial environments. Candidate should be able to play a pivotal role in delivering secure and reliable OT architectures, ensuring compliance with cybersecurity standards, and protecting industrial control systems such as SCADA, HMI, PLC, RTUs, DCS, IoT Devices, MES applications, Managed Switches etc against evolving threats. The ideal candidate will possess a deep understanding of Industrial Automation protocols, risk assessment, and system integration to deliver cutting-edge cybersecurity solutions tailored to diverse industrial sectors. Experience: Sr. Project Engineer (Professional) 4-9 years. (Open Positions - 3 to 4) Project Lead (Expert) 8-14 years. (Open Positions - 1 to 2) Location: Navi Mumbai (This is not a Hybrid or WFH opportunity) Role Responsibilities: Design and Deployment : Architect and implement advanced security solutions tailored to OT environments, such as network segmentation, firewall configurations, and secure remote access gateways. Threat Detection and Response : Configure OT-specific intrusion detection systems (IDS), intrusion prevention systems (IPS), and anomaly detection tools of products from companies like Nozomi Networks or Claroty. Protocol Analysis : Analyze and secure industrial network protocols (e.g., Modbus, OPC-UA, DNP3, Ethernet/IP, Profibus, Profinet and other fieldbus protocols) against vulnerabilities and unauthorized activity. Security Hardening : Implement device hardening practices on PLCs, RTUs, and HMIs, legacy products, including secure firmware updates, role-based access control, and default credential elimination. Incident Management : Establish incident response plans for OT environments, including preparation, detection, containment, eradication, recovery, and post-incident review. Vulnerability Management : Conduct regular vulnerability scanning and patch management for OT systems, ensuring minimal downtime while adhering to operational requirements. Secure Integration : Lead the secure integration of IT-OT environments, ensuring compatibility while minimizing cybersecurity risks, such as lateral movement threats. Continuous Monitoring : Configure and maintain Security Information and Event Management (SIEM) systems specifically for OT environments to identify and respond to threats in real time. Compliance Audits : Perform in-depth compliance audits for standards like IEC 62443, NIST 800-82, and other relevant frameworks, ensuring regulatory alignment. Red Teaming and Penetration Testing : Simulate cyberattacks to test the resilience of OT systems, document findings, and implement necessary remediation measures. Supply Chain Security : Assess and mitigate cybersecurity risks introduced by third- party vendors or contractors in OT environments. Encryption and Data Security : Implement encryption techniques for secure data transfer across OT networks and ensure compliance with data privacy regulations. Maintain thorough documentation of systems, configurations, and project progress. Qualifications: Bachelor s or master s degree in ECTC, computer science, Cybersecurity, or a related field. Minimum 4 years of experience in OT cybersecurity or industrial control systems security. Hands-on experience with SCADA systems, PLCs, DCS, and industrial network protocols (e.g., Modbus, OPC, BACnet, Profibus). Knowledge of cybersecurity frameworks like IEC 62443, NIST 800-82, and ISO 27001. Proficiency in Claroty s tools and software like CTD, SRA etc. Strong understanding of network segmentation, firewall policies, and secure remote access solutions. Certifications or strong practical know how on (multiple if not all) - ISA/IEC 62443 Cybersecurity Certificates Certified SCADA Security Architect (CSSA) Certified Information Systems Security Professional (CISSP) CompTIA Security+ Offensive Security Certified Professional (OSCP) Certified Information Systems Auditor / Manager (CISA) / (CISM) Excellent problem-solving and analytical skills. Familiarity with safety instrument systems (SIS) and knowledge of industry standards such as IEC 61511. Excellent problem-solving skills and attention to detail. Strong communication and interpersonal skills. Ability to work independently and as part of a team. Willingness to travel to client sites as required. Experience in integrating OT systems with IT environments securely. Familiarity with cloud and IoT security in industrial settings. IT Network Certifications.

You will help assess the design and effectiveness of internal controls over financial reporting as part of Avalara s SOX program. You will work closely with process owners to address identified gaps or deficiencies through corrective action plans. You will perform follow-up audits to ensure remediation of findings and report on remediation efforts. You will Develop standardized best practices, and systems for Internal Audit, incorporating automated audit techniques and Artificial Intelligence. You will support operational audits and ad-hoc projects. You will help develop audit goals, scope, and programs, and prepare concise reports on audit results and findings. You will develop and deliver training on Sarbanes-Oxley Section 404 and other audit areas. You will help coordinate with external auditors on their annual audit plan and facilitate collaboration with affected teams. You will support internal investigations related to financial reporting matters as they arise and audit perspectives on special projects, including business acquisitions and financing transactions. What Youll Need to be Successful Bachelors degree in Accounting, Finance, or a related field; Master s. CA, CPA, or CIA credentials strongly CRMA, CISA, or related certifications. Minimum of 2 years in auditing in public accounting or at a public company. Understanding of US GAAP, COSO internal control framework, PCAOB audit standards, and regulatory requirements. Experience with ServiceNow.

Job Summary: Were seeking an experienced Information Security Auditor to join our team. As an Information Security Auditor, you will be responsible for managing audits across Information Technology, Human Resources, and Physical Security. You will assess the effectiveness of our controls, identify risks, and provide recommendations for improvement. Responsibilities: 1. Audit Planning: Plan, coordinate, and execute audits across IT, HR, and Physical Security across the enterprise. 2. Client Audits : Front end client information security audits across WNS locations. 3. Control Evaluation: Evaluate the effectiveness of existing controls, policies, and procedures. 4. Audit Reporting: Prepare and present audit reports to management, highlighting findings, risks, and recommendations. 5. Recommendations and Remediation: Provide recommendations for control improvements and work with stakeholders to implement remediation plans. 6. Compliance: Ensure audits are conducted in accordance with relevant laws, regulations, and industry standards (e.g., HIPAA, PCI-DSS, ISO 27001). Also lead the compliance activities across the enterprise including the annual SOC assessments. 7. Stakeholder Management: Collaborate with stakeholders across IT, HR, and Physical Security to ensure audit objectives are met. Requirements: 1. Education: Bachelors degree in Computer Science, Information Systems, or a related field. 2. Experience: 7-9 years of experience in information security auditing, IT audit, or a related field. 3. Certifications: CISA, CISM, CISSP, or equivalent certifications are preferable. 4. Technical Skills: - Strong knowledge of IT systems, networks, and infrastructure. - Familiarity with security frameworks and standards (e.g., NIST, ISO 27001). - Experience with audit tools and technologies (e.g., ACL, SQL). 5. Soft Skills: - Excellent communication and reporting skills. - Strong analytical and problem-solving skills. - Ability to work independently and as part of a team. Qualifications Degree + ISMS auditor

Job Description We are seeking a motivated Information Security and Risk Analyst to join our IT Security team. The ideal candidate will have a strong understanding of security principles, vulnerability management, and the ability to work with development and IT teams to mitigate and remediate security risks in applications and systems. This role will also provide support for security operations, audits, and security-related inquiries. Key Responsibilities: Security Vulnerability Management: Penetration Remediation: Support remediation efforts for vulnerabilities identified during application penetration testing. Vulnerability Mitigation: Collaborate with IT teams to resolve vulnerabilities and recommend compensating controls. Vulnerability Scanning: Establish and maintain vulnerability scanning across networks to identify security weaknesses. Security Reviews: Conduct security reviews of applications, systems, and infrastructure, ensuring adherence to best practices. Security Operations Audits: Security Audits: Assist with internal and external audits, including reviewing security controls. Security Policies: Support the review and maintenance of IT security policies, ensuring alignment with industry standards. File Monitoring UBA: Assist in managing file monitoring solutions and User Behavior Analytics (UBA) to detect and mitigate risks. File Encryption: Assist with managing and improving file encryption solutions across the organization. Collaboration Reporting: Cross-functional Collaboration: Work with IT and development teams to implement security measures. Security RFPs: Assist with answering security-related RFP questions, providing expertise on security requirements. Compensating Controls: Recommend compensating controls to address security gaps while minimizing risk. Security Best Practices Recommendations: Recommendations: Provide recommendations to improve security posture based on best practices and threat intelligence. Security Awareness: Promote security awareness across the organization to enhance overall security posture. Triage Incident Response: Alert Triage: Perform triage and analysis of security alerts to assess impact and determine appropriate actions. Incident Management: Assist in managing security incidents, including root cause analysis and threat mitigation. Required Skills Competencies: Core Values: Uphold values of Exceed to Service, Innovate to Generate, Trust to Succeed, Empowered to Achieve, Collaborate to Perform, Recognize to Reward, Play to Win. Collaboration: Ability to work independently or within a team and collaborate with various stakeholders. Communication: Strong written and verbal communication skills, able to explain complex security issues clearly. Time Management: Effectively prioritize and meet deadlines in a fast-paced environment. Analytical Thinking: Strong problem-solving skills and consultative approach to security challenges. Attention to Detail: Precision and accuracy in security reviews and audits. Calm Under Pressure: Ability to remain calm in high-pressure situations, proactively addressing security risks. Qualifications Educational Requirements: o Associate s degree in Cybersecurity, Information Technology, or a related field preferred. Certifications such as CISA, CISM, CISSP, Security+ are preferred. Experience Requirements: o