Key Responsibilities: Governance & Risk Management : Overseeing technology-driven processes, managing risks, and ensuring compliance within the organization. Risk & Control Assessments : Working closely with management to identify, assess, and monitor risks and controls related to technology and security. Collaboration : Collaborating with process owners to create risk and control matrices, process narratives, and flowcharts. Control Effectiveness : Assessing the design and operating effectiveness of technology-related processes and controls. Self-Assessments & Audits : Conducting reviews of Risk and Control Self-Assessments (RCSAs) and supporting audits. Project Management : Overseeing project status, identifying risks and roadblocks, and ensuring project alignment with management and audit requirements. Regulatory Compliance : Advising management on regulatory compliance, especially regarding security and technology issues. Team Development : Providing feedback to team members and helping them with growth opportunities. Time Management : Balancing competing priorities to keep projects on track. Skills & Qualifications: Educational Background : Bachelor's degree in Information Systems, Computer Science, or related field. Experience : Minimum of 3-5 years in operations and technology governance, risk management, compliance, and audit. Compliance Frameworks Knowledge : Familiarity with standards such as COBIT, NIST, GLBA, SOX, PCI, ISO27001. Certifications : Professional certifications such as CPA, CIA, CISA, CISM, or CISSP preferred. Risk Management Expertise : Proficiency in risk management tools and methodologies. Communication Skills : Ability to communicate complex issues clearly and effectively. Project Management Tools : Experience with tools like ServiceNow, Predict360, Jira, and Microsoft Office tools (Word, Excel, PowerPoint, Visio). Collaboration & Independence : Ability to work well both independently and as part of a team. Audit Experience : Experience with regulatory exams, SOX compliance, and internal/external audits. Attention to Detail : Strong organizational and prioritization skills. Soft Skills: Strong communication and writing skills. Demonstrated ability to build relationships with senior management. Ability to manage multiple projects simultaneously.

Preferred Knowledge/Skills Experience of above 5 years in Strategy & Governance Prior experience in Risk Management, Governance Frameworks, RBI regulatory guidelines/circulars etc. Strong understanding of security frameworks (e.g., NIST, ISO 27001, COBIT) and regulatory requirements (e.g., RBI, PCIDSS, SEBI, GDPR). Prior experience in vetting Bank IT/IS/BCP related policies & procedures. Prior experience in ISO 27001/ISO 22301 implementation and assessments Experience in Business Continuity Planning (BCP) and ThirdParty Risk Management (TPRM) processes. At least one certification CISM/CISA/CISSP is preferred Experience in cloud security concepts and network security technologies.

Experience of working on FS clients is preferred IT audits including statutory and internal audits IT General Controls (ITGC) testing IT Application Controls (ITAC) testing / IT Automated Business Controls testing IT Infrastructure risks and control assessments IT SOX 404 SOC1, SOC2 audits and reporting IT Compliance and regulatory reporting Risk and control assessments considering emerging technologies such as cloud, RPA, AI/ML, Blockchain etc Certifications preferred CISA, CISSP, CISM, CRISC, CCSK and others (if relevant). Skills and attributes To qualify for the role you must have Qualification BE/ B.Tech,, or MSC in Computer Science/Statistics or M.C.A or MBA in Finance or IT Experience 5+ years of relevant experience in field of IT Audits Should have played client facing role in managing audits Experience of working on FS clients is preferred IT audits including statutory and internal audits IT General Controls (ITGC) testing IT Application Controls (ITAC) testing / IT Automated Business Controls testing IT Infrastructure risks and control assessments IT SOX 404 SOC1, SOC2 audits and reporting IT Compliance and regulatory reporting Risk and control assessments considering emerging technologies such as cloud, RPA, AI/ML, Blockchain etc

Experience of working on FS clients is preferred IT audits including statutory and internal audits IT General Controls (ITGC) testing IT Application Controls (ITAC) testing / IT Automated Business Controls testing IT Infrastructure risks and control assessments IT SOX 404 SOC1, SOC2 audits and reporting IT Compliance and regulatory reporting Risk and control assessments considering emerging technologies such as cloud, RPA, AI/ML, Blockchain etc Certifications preferred CISA, CISSP, CISM, CRISC, CCSK and others (if relevant). Skills and attributes To qualify for the role you must have Qualification BE/ B.Tech,, or MSC in Computer Science/Statistics or M.C.A or MBA in Finance or IT Experience 2-3 (or more) years of relevant experience in field of IT Audits Should have played client facing role in managing audits Experience of working on FS clients is preferred IT audits including statutory and internal audits IT General Controls (ITGC) testing IT Application Controls (ITAC) testing / IT Automated Business Controls testing IT Infrastructure risks and control assessments IT SOX 404 SOC1, SOC2 audits and reporting IT Compliance and regulatory reporting Risk and control assessments considering emerging technologies such as cloud, RPA, AI/ML, Blockchain etc

Experience of working on FS clients is preferred IT audits including statutory and internal audits IT General Controls (ITGC) testing IT Application Controls (ITAC) testing / IT Automated Business Controls testing IT Infrastructure risks and control assessments IT SOX 404 SOC1, SOC2 audits and reporting IT Compliance and regulatory reporting Risk and control assessments considering emerging technologies such as cloud, RPA, AI/ML, Blockchain etc Certifications preferred CISA, CISSP, CISM, CRISC, CCSK and others (if relevant). Skills and attributes To qualify for the role you must have Qualification BE/ B.Tech,, or MSC in Computer Science/Statistics or M.C.A or MBA in Finance or IT Experience 2-3 years of relevant experience in field of IT Audits Should have played client facing role in managing audits Experience of working on FS clients is preferred IT audits including statutory and internal audits IT General Controls (ITGC) testing IT Application Controls (ITAC) testing / IT Automated Business Controls testing IT Infrastructure risks and control assessments IT SOX 404 SOC1, SOC2 audits and reporting IT Compliance and regulatory reporting Risk and control assessments considering emerging technologies such as cloud, RPA, AI/ML, Blockchain etc

Job Description Job Title Divisional Risk and Control Analyst - TDI Controls Testing & Assurance, AS Location Pune, India Role Description Infrastructure Chief Operating Office (COO) is responsible for the effective operation of the infrastructure functions, driving operational efficiency whilst supporting the effective delivery of infrastructure services in line with business objectives and control requirements. It also includes oversight of Infrastructure Divisional Control Office (DCO) and Trade Settlement and Confirmations Operations (TSCO). Infrastructure Divisional Control Office (IDCO) as part of Infrastructure COO, provides services to multiple functions in infrastructure. The IDCO function is a dedicated risk, control, and regulatory oversight function, with prime responsibility for managing and proactively mitigating risk across the full breadth of the Technology and Infrastructure organization. Function also provides a consolidated view and central coordination of (non-financial) risks, as well as effective, efficient, and consistent standards and policies. (Technology Data & Innovation) TDI Control Testing & Assurance team part of IDCO identifies, tracks and reports control testing & assurance activities, conducts independent controls testing (design and operating effectiveness) on different risk types in line with the Control Testing Standards. The team also focuses on regulatory and risk-based assurance requirements. This role is within TDI Control Testing & Assurance team. What we ll offer you As part of our flexible scheme, here are just some of the benefits that you ll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Flexible working arrangements Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Perform Control Testing in line with Control Testing methodology/minimum standard Identify control deficiencies (findings), risks related to elements of controls, participate in findings agreement with stakeholders, escalate potential issues and exception items noted during the testing to senior management for discussion and further investigation, if deemed necessary Prepare Control Testing workpapers for senior management detailing testing results, document findings with highest quality Track Control Testing identified findings, perform required follow-up on open findings Consider regulatory and internal firm policy requirements as well as established best practices for control assurance. Support controls assurance activities Support in monitoring Control testing teams adherence to Control Testing methodology/minimum standards Support, contribute in managing Control Testing vendor resources, where applicable Track testing related effort/budget Plan Vs. Actuals throughout the testing lifecycle Build and maintain solid working relationships with key stakeholders such as within the DCO, IDCO, TSCO, GTI and other Testing Teams including Divisions/sub-divisions, 2 LoD and Group Audit (GA) Your skills and experience University degree preferably in Computer Science, Mathematics, Engineering or a related subject or equivalent qualification in the areas of information security. Professional/industry recognized qualifications e. g. , CISA, CISSP, CISM, CRISC are beneficial. Experience in Cloud Security audit/testing, GCP (Google Cloud Platforms) or Professional/industry recognized qualifications e. g. , CCSP, CCSK will be an advantage Good knowledge of auditing IT application controls, e. g. , from IT audits or IT risk management. Understanding of the relationship between IT risk and underlying business process risk. Knowledge of regulations governing financial institutions is beneficial. Strong written and verbal communication skills and the ability to communicate effectively in conflict situations. Strong organizational skills and attention to detail. Ability to work under pressure, multi-task and prioritize workload. Strong analytical skills and structured thought process with the ability to clearly articulate control deficiencies and related risk Flexible, proactive, and innovative mind set with strong organizational skills to take ownership and responsibility for agreed targets and to meet them within budget to enable a timely and efficient completion of projects. This is an IC (individual contributor) role. How we ll support you Training and development to help you excel in your career Flexible working to assist you balance your personal priorities Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs About us and our teams Please visit our company website for further information https//www. db. com/company/company. htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.

? ?Job Description ?Key Responsibilities: Act as a trusted advisor to stakeholders, supporting the provision of accurate, appropriate, timely assurance information regarding the KPMG supply chain across capabilities and firmwide. Support the identification of emerging trends and issues with the KPMG supply chain to shape and inform the KPMG risk posture. Tactically deliver allocated activity from the annual service roadmap to defined standards and service levels. Support the delivery of the annualised audit schedule, with a strong understanding of a risk based approach. Be proactive in identification of continuous improvements to foster positive change within the Information Assurance team, seeking innovative solutions to enhance practices. Deliver the 2nd LoD Supply Chain audit activity to monitor supply chain compliance against regulatory, client, global and local policy & standard requirements, including ISO27001. Support the ongoing need to ensure that all supplier contracts include standardised Information Security and Data Privacy statements. Provide support to report on Supply Chain Assurance metrics, providing insights into compliance and risk, highlighting areas for improvement. Log all findings in the GRC tooling, track, review and monitor remediation results and associated evidence, supporting sign off where appropriate. Work with finding owners to ensure remediation actions plans are defined and delivered in a timely manner. Support the analysis and thematic reviews and consolidation of findings and to recommend risk treatment plans to reduce risk for the firm. Ensure audit work is documented in accordance with business standard and fully supports conclusions and overall opinion through 1st / 2nd level reviews Ensure that all work is delivered to a high standard Conduct other Information Security & Privacy audit activity on behalf of KPMG (i. e. SOC2) where appropriate. Skills and experience required: Strong stakeholder management skills, the ability to collaborate and develop relationships internally and externally Experience advising on supply chain matters, with appropriate background in developing and implementing supply chain risk and assurance frameworks Excellent ability to conduct audits in an effective and efficient manner y Working knowledge of ISO27001, Cyber Essentials/ Cyber Essentials Plus, NIST Cybersecurity Framework, CIS, SOC2, Data Protection (UK GDPR, DPA, PECR) and experience of operational implementation An understanding of ancillary frameworks (EU AI Act, UK AI Frameworks) Experience of developing processes to deliver service improvements Excellent analytical and reporting skills, using presentation tools to present complex information with exceptional attention to detail Excellent communication skills, both written and verbal Well organised and able to maintain a high workload efficiently at a consistently high standard Strong knowledge of information security controls Experience of working with GRC tools (ServiceNow) and supplier management tools (Coupa, Bitsight). Understanding of a 3 lines of defence model (risk & assurance) Be highly motivated and able to work on own initiative, ability to seek support when required. Additional Requirements: Significant experience in information security and supply chain risk and assurance. Certifications in information security, such as CISM, CISMP, CISSP. Auditor qualifications, CISA, ISO27001 Lead Auditor, GIAC or equivalent. ITIL foundation certificate or above desirable

OneTrust Implementation Expert The Cybersecurity and Infrastructure Security Agency (CISA) has established the CISA Secure Software Development Attestation Form to ensure software producers follow secure development practices. This initiative stems from various executive orders and legislation, allowing government entities to request attestations from software vendors to promote better industry standards. Our Information Security and Risk Management (ISRM) organization is seeking a skilled OneTrust Implementation Expert to lead the implementation and optimization of our CISA Self-attestation assessment and evidence collection process. This role supports the production of self-attestation for our software. As an Implementation Expert, you will work with strategic stakeholders to define and implement an assessment in OneTrust, automating evidence production through existing organizational datasets. You will design and implement the assessment process, covering all necessary use cases from intake to fulfillment, to support the claims required by self-attestation. Are you passionate about transforming organizational processes into streamlined workflows? Do you thrive in leveraging cutting-edge technologies to drive innovation? Join our team to support the ISRM organization with operational insights and business intelligence. Be at the forefront of transformation and shape the future of our security and compliance practices. As an Implementation Expert, you will build and maintain robust solutions that power our analytics and drive informed decision-making. About Role In this role as a OneTrust Implementation Expert, you will: Design, develop, and maintain OneTrust custom assessments and questionnaires. Collaborate with cross-functional teams to understand requirements and deliver solutions that meet business objectives. Include OneTrust best practices during the implementation of the solution. Manage the piloting and testing of the assessments implemented to ensure they meet requirements and expectations. Provide technical expertise and support to stakeholders, helping them leverage the platform and implementation to support their business need. Import new datasources in OneTrust to be consumed automatically in the assessments. Optimize data processes and workflows to ensure efficiency, reliability, and performance of the processes implemented. About You: Youre a fit for the role of OneTrust Implementation Expert if your background includes: Must Have Experience implementing custom GRC assessment processes in OneTrust. Understanding of OneTrust platform administration and configuration[ST1] . Experience consuming new datasources in OneTrust. Experience in developing and maintaining compliance documentation such as policies control matrices. Knowledge of security regulations and standards (e.g., ISO 27001, NIST, GDPR, CCPA). Experience with automation in general consuming APIs, with plus when the automation is related to security tooling. Proficiency in Microsoft 365 Power Platform, Python. Experience working with databases using SQL. Nice to Have Knowledge of NIST Secure Software Development Framework (NIST SSDF) & OWASP Software Assurance Maturity Model (SAMM). Knowledge of risk management methodologies (e.g., NIST Risk Management Framework). Experience in conducting cybersecurity risk assessments, certifications & audits, and gap analyses and developing risk mitigation strategies. Experience with Application Security and Software Engineering practices. Programming experience with Golang preferred. [ST1]Maybe to reformulate. It's about being able to set up forms and logic within OneTrust, more than managing the platform itself.

Position: Consultant Risk and Compliance Experience: 3 to 5yrs Location: Noida OR Remote Responsibilities: • Independently manage multiple service engagements ensuring customer service deliveraccording to the company quality guidelines & methodologies. • Lead and manage data privacy and risk & compliance projects from initiation to completion, ensuring they are delivered on time, within scope, and within budget. • Expertise in delivery of risk and compliance advisory services • Experience on conducting privacy risk assessments and data protection impact assessments (DPIAs), and advice on corrective measures to mitigate data privacy risks. • Identify, develop, recommend and/or implement business processes to improve organizational privacy and information security compliance. • Provide analysis of legislative requirements, emerging knowledge, and trends to make recommendations to management. • Work with internal and external customers on consulting engagements and provide business as well as technical leadership to ensure that data, processes and technology are designed for data protection and compliance such as SOC 1/2, NIST, PCI-DSS, CIS 8, ISMS etc. • Knowledge of information protection methodologies and concepts, such as identification and authentication, access control, inception, and audit trails • Work collaboratively with the practice leaders and provide end to end engagement leadership on the projects. • Provide subject matter expertise to the engagement/project teams. Serve as the point of contact for requirements across various standards. • Build and maintain customer relationships by understanding and being responsive to customer needs and ensuring high quality of work. • Contribute in people and knowledge development initiatives within the team and organization. • Maintain an up-to-date understanding of emerging trends in information security and apply new techniques and trends, in-line with overall information security objectives and risk tolerance • Demonstrate strong analytical thinking and interpersonal skills, including the ability to research and understand sophisticated processes and effectively communicate them to interested parties. • Recommend security policy changes and enhancements • Support the Information Security program including development, collection, assessment, and reporting of metrics Requirements: • Demonstrate proficiency in standards such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, ISO 27701, etc. • Exhibit a good understanding of GDPR, CCPA, or other privacy laws. • Excellent technical capabilities around information security, business continuity and technology risk assessments • Must be able to demonstrate outstanding communication skills to ensure the ability to articulate clearly IECnmotnpelfroindyaelnetia-CPleornsfoidneanl tial https://www.sdgc.com/ and negotiate with the relevant stakeholders. • Experience working with internal and external auditors/stakeholders/customers • Prior knowledge and experience on performing testing of internal controls specified in Information Security policies • Possess a sound knowledge of fundamentals of information security systems and data privacy requirements. • Display competence in governance and reporting, as well as a strong grasp of cyber and privacy risks. • Effectively managing workflow, including multiple projects, in a proactive and highly responsive manner. • Strong attention to detail with an analytical mind and outstanding problem-solving skills. • Must be able to demonstrate outstanding communication skills to ensure the ability to articulate clearly and negotiate with the relevant stakeholders. • Experience working with internal and external auditors/stakeholders/customers. • Knowledge and auditing experience around some regulations/acts/standards, such as ISO 27001, NIST Cybersecurity Framework and Privacy Framework, SOC2, ISO 22301, NIST CSF and Cloud Security will be preferred. • Ability to work on a flexible schedule when needed, as part of cross-geography and cross-culture global team • Willingness to travel globally on need basis Certifications: • ISO 27001 Lead Auditor, CRISC, CISA, CISM (Must have) • FIP-IAPP (Essential) • Knowledge of compliance standards like ISO 27001, NIST CSF, NIST 800-53, NIST 800-171, GDPR, SOX, SOC, HIPAA, FAIR, OWASP, CIS 20 (Good to have)

The Second Line of Defense (2LOD) Controls Testing partner (Sr. Consultant Risk) will operate with minimal guidance and increased autonomy. This role involves leveraging in-depth conceptual and practical knowledge to execute complex testing engagements, refine methodologies, mentor less experienced team members, and provide strategic insights that influence the cyber and technology risk posture. The key responsibilities of the role include: Test, validate, and enhance control testing methodologies and test procedures, ensuring they remain effective amid evolving cyber and technology threats Perform 2LOD validation work on complex engagements, including advanced testing plans, detailed workpapers, comprehensive findings, and high-quality reporting to risk committees Oversee the resolution of complex risk issues, collaborating with various teams to design, implement, and improve controls, aligning with industry standards and regulatory expectations Conduct in-depth examinations of cyber risk controls, evaluate their design and operational effectiveness, and recommend remediation strategies to leadership Support second-line governance activities, participating in Risk Identification and Change Initiative Risk Assessment processes, and offering expertise on risk trends and control gaps Communicate complex operational and technical risk findings to stakeholders in a clear and persuasive manner, working to build consensus and influence remediation efforts Apply advanced risk assessment knowledge to identify critical risks and controls, informing testing priorities and strengthening risk management strategies Manage multiple testing initiatives simultaneously, applying strong project management and organizational skills while maintaining flexibility in a dynamic environment Monitor evolving banking/financial regulatory requirements, ensuring continuous alignment of testing activities with regulatory guidance and industry best practices The successful candidate will benefit from having: 6+years of experience in IT Audit, Cybersecurity, IT Risk & Control, or related fields CISSP, CISM, CISA, CRISC, or equivalent certifications strongly preferred In-depth understanding of cyber and technology risks within the financial services sector Experience with cloud security, MFA solutions, password management tools, and Secure SDLC practices Strong analytical, communication, and negotiation skills to handle complex issues and build consensus among stakeholders Demonstrated ability to guide less experienced team members and effectively manage projects Proficiency in Microsoft Office 365 and familiarity with risk management/GRC tools (e.g., ServiceNow, Fusion) to streamline issue tracking and remediation

About Certify : At CertifyOS, were building the infrastructure that powers the next generation of provider data products, making healthcare more efficient, accessible, and innovative. Our platform is the ultimate source of truth for provider data, offering unparalleled ease and trust while making data easily accessible and actionable for the entire healthcare ecosystem. What sets us apartOur cutting-edge, API-first, UI-agnostic, end-to-end provider network management platform automates licensing, enrollment, credentialing, and network monitoring like never before. With direct integrations into hundreds of primary sources, we have an unbeatable advantage in enhancing visibility into the entire provider network management process. Plus, our team brings over 25+ years of combined experience building provider data systems at Oscar Health, and were backed by top-tier VC firms who share our bold vision of creating a one-of-a-kind healthcare cloud that eliminates friction surrounding provider data. But its not just about the technology; its about the people behind it. At Certify, we foster a meritocratic environment where every voice is heard, valued, and celebrated. Were founded on the principles of trust, transparency, and accountability, and were not afraid to challenge the status quo at every turn. Were looking for purpose-driven individuals like you to join us on this exhilarating ride as we redefine healthcare data infrastructure. As the Director of IT/Security at CertifyOS, you will lead the strategic direction of our IT infrastructure and ensure the security of our systems and data. This role requires someone who can roll up their sleeves and get hands-on when necessary, while also effectively leading and managing the IT team to deliver operational excellence. You will be instrumental in evolving our technology stack, securing our platform, and driving operational improvements, all while managing both tactical and strategic initiatives.You will oversee all aspects of IT operations, network security, and compliance, while working closely with cross-functional teams. Your leadership will be critical as we continue to scale and secure our infrastructure. What makes you a match Leadership experience: 10+ years in IT Security leadership, with a proven track record of managing IT teams, and leading both infrastructure and security initiatives. Hands-on capability: You re not afraid to get into the weeds when needed, whether it s troubleshooting issues, configuring systems, or implementing security protocols. Security expertise: In-depth understanding of security frameworks and certifications (CISSP, CISM, CISA), and experience with regulatory compliance such as SOC2, GDPR, ISO 27001, HITRUST. Technical proficiency: Experience managing IT infrastructure, cloud environments, and network security, with hands-on experience in cybersecurity, risk management, and incident response. Effective leadership: Ability to lead and develop a high-performing IT and security team, fostering a collaborative and accountable culture. Problem-solving skills: Strong analytical thinking, able to drive complex IT and security projects with a focus on operational impact. Communication skills: Ability to effectively communicate complex technical concepts to non-technical stakeholders and across cross-functional teams. What will you be doing Develop and execute IT strategy: Create a roadmap for CertifyOS s IT infrastructure and security that aligns with the companys overall business strategy. Lead Security strategy: Implement robust security requirements, frameworks, conduct audits, and lead incident response efforts to ensure the protection of company assets and sensitive data. Hands-on leadership: When necessary, be ready to dive in and provide direct support to the IT team, ensuring swift resolutions to technical issues. Ensure security compliance: Manage and maintain compliance with healthcare industry regulations, including SOC2, HITRUST, GDPR, CCPA, and others. Familiarity with healthcare regulations (i.e. NCQA) is a plus Oversee IT infrastructure: Manage IT systems, network architecture, cloud platforms, and disaster recovery planning to ensure operational excellence. Manage and develop the IT team: Provide guidance, mentorship, and hands-on support to the IT team, ensuring alignment with business goals and continuous improvement. Cross-functional collaboration: Work with engineering, legal, product, and compliance teams to implement security best practices and support the company s broader objectives. What will you get working with CertifyOS Collaborative team: You will work alongside experts who are passionate about building the future of healthcare data infrastructure. Leadership opportunities: You ll have the chance to shape the IT and Security function, influencing both strategic and operational initiatives. Continuous learning: We value growth and provide opportunities for certifications and professional development in IT and security. Direct impact: Be part of a mission-driven organization where your contributions will have a lasting effect on the future of healthcare. At Certify, were committed to creating an inclusive workplace where everyone feels valued and supported. As an equal opportunity employer, we celebrate diversity and warmly invite applicants from all backgrounds to join our vibrant community.

Job Description Job Title Cyber Hygiene Delivery Manager, AVP Location Pune, India Role Description Deutsche Bank is seeking a dynamic and experienced Cyber Hygiene Delivery Manager to join our team. In this role, you will be responsible for driving the successful implementation and ongoing management of cyber hygiene initiatives across the organization. You will work closely with various teams to ensure that cybersecurity best practices and hygiene protocols are effectively delivered and maintained, contributing to the banks overall security posture. What we ll offer you As part of our flexible scheme, here are just some of the benefits that you ll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Lead Cyber Hygiene Programs Oversee the end-to-end delivery of cyber hygiene initiatives, ensuring that best practices are followed, risks are mitigated, and all activities are aligned with Deutsche Bank s security objectives. Collaboration Stakeholder Management Partner with cross-functional teams, including IT, Security Operations, Compliance, and Risk Management, to ensure that cyber hygiene standards are integrated into all stages of the system and application life cycle. Cyber Hygiene Strategy Develop and implement strategic plans for improving cyber hygiene within the bank, including patch management, vulnerability remediation, endpoint security, access controls, and data protection. Process Optimization Continuous Improvement Identify areas for continuous improvement in the delivery of cyber hygiene services and enhance processes, tools, and methodologies to maximize effectiveness and efficiency. Risk Management Reporting Monitor and assess cyber hygiene risks and performance, preparing reports for senior leadership that highlight key issues, risks, and progress. Compliance Regulatory Oversight Ensure that all cyber hygiene efforts are compliant with relevant regulations, industry standards, and Deutsche Bank s internal policies. Stay informed on evolving cyber hygiene requirements and ensure timely adaptation. Incident Management Support Support incident response activities related to cyber hygiene issues, assisting with identifying root causes and driving remediation efforts. Vendor Management Oversee relationships with third-party vendors who support cyber hygiene initiatives, ensuring that service level agreements (SLAs) and performance expectations are met. Your skills and experience Experience 5+ years of experience in cybersecurity, IT operations, or related fields, with a focus on managing cyber hygiene programs, vulnerability management, or risk management. Leadership Proven ability to lead and motivate teams, manage complex projects, and drive results in a fast-paced environment. Technical Expertise Strong understanding of cybersecurity tools, technologies, and frameworks related to endpoint security, patch management, vulnerability scanning, and security configuration management. Project Management Strong project management skills, including experience managing large-scale cybersecurity initiatives and programs. Problem-Solving Skills Ability to analyze complex cybersecurity challenges, develop solutions, and lead remediation efforts. Communication Excellent written and verbal communication skills, with the ability to communicate effectively with both technical and non-technical stakeholders. Certifications (Preferred) CISSP, CISM, CISA, or other relevant cybersecurity certifications are a plus. How we ll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs

As the Director of IT/Security at CertifyOS, you will lead the strategic direction of our IT infrastructure and ensure the security of our systems and data. This role requires someone who can roll up their sleeves and get hands-on when necessary, while also effectively leading and managing the IT team to deliver operational excellence. You will be instrumental in evolving our technology stack, securing our platform, and driving operational improvements, all while managing both tactical and strategic initiatives.You will oversee all aspects of IT operations, network security, and compliance, while working closely with cross-functional teams. Your leadership will be critical as we continue to scale and secure our infrastructure. What makes you a match Leadership experience: 10+ years in IT Security leadership, with a proven track record of managing IT teams, and leading both infrastructure and security initiatives. Hands-on capability: You re not afraid to get into the weeds when needed, whether it s troubleshooting issues, configuring systems, or implementing security protocols. Security expertise: In-depth understanding of security frameworks and certifications (CISSP, CISM, CISA), and experience with regulatory compliance such as SOC2, GDPR, ISO 27001, HITRUST. Technical proficiency: Experience managing IT infrastructure, cloud environments, and network security, with hands-on experience in cybersecurity, risk management, and incident response. Effective leadership: Ability to lead and develop a high-performing IT and security team, fostering a collaborative and accountable culture. Problem-solving skills: Strong analytical thinking, able to drive complex IT and security projects with a focus on operational impact. Communication skills: Ability to effectively communicate complex technical concepts to non-technical stakeholders and across cross-functional teams. What will you be doing Develop and execute IT strategy: Create a roadmap for CertifyOS s IT infrastructure and security that aligns with the companys overall business strategy. Lead Security strategy: Implement robust security requirements, frameworks, conduct audits, and lead incident response efforts to ensure the protection of company assets and sensitive data. Hands-on leadership: When necessary, be ready to dive in and provide direct support to the IT team, ensuring swift resolutions to technical issues. Ensure security compliance: Manage and maintain compliance with healthcare industry regulations, including SOC2, HITRUST, GDPR, CCPA, and others. Familiarity with healthcare regulations (i.e. NCQA) is a plus Oversee IT infrastructure: Manage IT systems, network architecture, cloud platforms, and disaster recovery planning to ensure operational excellence. Manage and develop the IT team: Provide guidance, mentorship, and hands-on support to the IT team, ensuring alignment with business goals and continuous improvement. Cross-functional collaboration: Work with engineering, legal, product, and compliance teams to implement security best practices and support the company s broader objectives. What will you get working with CertifyOS Collaborative team: You will work alongside experts who are passionate about building the future of healthcare data infrastructure. Leadership opportunities: You ll have the chance to shape the IT and Security function, influencing both strategic and operational initiatives. Continuous learning: We value growth and provide opportunities for certifications and professional development in IT and security. Direct impact: Be part of a mission-driven organization where your contributions will have a lasting effect on the future of healthcare.

br> Work Mode : Onsite Job description This is a very dynamic high-growth environment and requires being agile and flexible. Successful candidates for this role should be experienced in evaluating, ever-evolving compliance requirements and conducting gap assessments, documenting compliance-related governance documents (policies, standards, etc.), and experienced in third-party compliance audits. The successful candidate will be knowledgeable with risk management and risk treatment methodologies working in a similar fast-paced organization. The candidate is expected to have an understanding of the Cloud SaaS technical environment and translate the compliance requirements into language Developers, DevOps, and Leadership can apply to our environments and work closely with cross-functional teams spread across multiple geographies. Major Responsibilities/Activities Evaluate new and evolving certification programs, regulatory requirements, and technologies. Conduct comprehensive assessments of technical controls, information security policies, and procedures against applicable regulations and compliance requirements. Assessments include GAP analysis, recommendations and prioritize enhancements to the security and privacy infrastructure to remove or mitigate risk. Effectively communicate execution status, key accomplishments, and risks that impact Cloud s ability to achieve or maintain compliance accreditations or certifications to line management. Evaluate and audit security control systems to address requirements. Advise process/control owners with the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures, etc.). Guide Development Operations on the appropriate selection, design, implementation, and configuration of security controls. Identify control deficiencies make appropriate recommendations and drive remediation of control deficiencies. Proactively identify gaps or conflicts in existing processes and work to develop solutions with cross-functional teams. Program manage Third-party compliance audits. Collaborate effectively across multiple organizations with diverse personalities and expertise to drive agreement on complex issues. Support the annual review of information security and privacy policies, standards, and guidelines covering all areas within the environment. Engage with Infrastructure and/or Architect Teams to assess the security risk of proposed projects and system/application modifications. Build strong cross-functional relationships with business partners to facilitate the development of strong compliance programs that support continuous improvement and operational efficiency. Minimum Requirements 4+ years of related Governance Risk and compliance and/or security experience. Knowledge and experience in audit execution of a global security certification such as ISO 27001/17/18, PCI, HIPAA, ENS, HDS, SOC 1 / 2 etc. Knowledge of compliance frameworks (NIST etc.). Good understanding of security concepts and practical usage. Knowledge of, or experience working with, Cloud technologies/environments, including evaluating and implementing controls on Software as a Service (SaaS), is a plus. Working knowledge of GRC tools and technologies. Understanding of current Cyber Security trends. Experience managing GRC projects and project management skills. Focus on team and organizational goals, building accountability and a positive team culture. Proactive achiever and comfortable working in a fast-paced, dynamic environment incorporating constant change as we grow. Excellent written and verbal English communication skills; ability to communicate effectively across all levels of the organization. Analytical problem solver with organizational skills and an eye for detail. Prior Big-4 consulting experience or prior professional experience in similar cloud-based organizations is a plus. Desirable certifications One or more Information Security Certifications: CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CRISC ( Certified in Risk and Information Systems Control) , ISO 27K Lead Auditor/ Implementor or other security certification/accreditation.

Position : SOC - Manager Role : Manager Educational Requirements : Minimum - BSC (IT) and any Post Graduate degree Maximum - B.E. (IT, CE, ETC) Professional Certification : Certifications in CEH / CHFI / GSEC / GMON / ITIL or any equivalent Security Certification Desirable Certifications : CISA / CISSP / OSCP / GPYC / GREM Experience : Total Experience: 8 - 12 Years Relevant Experience : Minimum 8 years in cyber security and below mentioned Technologies. SIEM / SOAR Implementation Experience will be added advantage. Skills Soft Skills : Leadership Skills, Change Agent, Communication skills, Presentation Skills, Problem Solving skills. Technical Skills : SIEM (QRadar / Splunk / MS Sentinel) SOAR (Palo Alto), EDR/XDR, Threat Intelligence, Threat Hunting. Responsibilities : 1. Leading and managing the Security Operations consiting of Security Analyst, Sr. Security Analyst, Leads and Technology consultant 2. Responsible for SOC Strategy, Governance and enhancing SOC maturity level. 3. Revising and developing processes to strengthen and improve the current Security Operations Framework. 4. Ensuring compliance to policies and procedures and process improvisation to achieve operational objectives. 5. To ensure daily management and administration of SOC operations to achieve operational effectiveness. 6. Responsible for overall use of resources and initiation of corrective action where required for Security Operations Centre. 7. Well versed with industry frameworks of NIST, ISO SOC2 and good understanding of Mitre Attack Framework TTPs. 8. Ensuring incident monitoring, identification, reporting and communication is carried out within the agreed SLAs. 9. Ensuring achievement of targeted Productivity with set quality standards and achieving KPI s. 10. Deep Dive into Critical Incidents and respond back to customers in a timely manner and support customers as required. 11. Responsible for guiding teams on reports, dashboards, metrics for SOC operations and presentation to Senior Management of Customers. 12. Extending support off business hours or during critical situation that requires to extend support beyond regular work timings. 13. Attend client calls and drive weekly monthly steering committee discussions. 14. Support the Pre Sales/Sales functions during the Scope Discussions with clients. 15. Should be a dynamic cyber security professional with a passion to support complex environment to attain targeted CSAT. 16. Ensure 100% customer satisfaction. 17. Should be able to handle customer escalations, concerns and providing timely resolutions. 18. Good command on customer handling. 19. To Integrate respective solution / technology with every other solution / technology deployed in the SOC setup. 20. To Automate L1 L2 activities. 21. To perform threat modelling of the client assets and accordingly define the necessary use cases. 22. To plan execute Major changes without any disruption and adverse impact. 23. To continuously deliver the value of solution to the client terms of detecting all kind threats, accuracy of detection, value added use cases and content development etc. 24. To improvise threat hunting capabilities. 25. Ensure continuous fine tuning of configuration, rules, policies etc. Continuous innovation and automations in intuitive dashboards, report, queries. 26. Participate in client DR, cyber, tabletop drills etc. 27. Responsible for ensuring end to end tight integration of the client IT Assets, other SOC solutions, Applications etc. 28. Provide management report on respective solutions effectiveness Provide necessary support during the Forensics investigation and threat hunting. 29. Perform continuous assessment of respective solution maturity against global standards. 30. Responsible to do the additional activities based on the SOC services provided by Inspira

J OB D ESCRIPTION - S ENIOR A SSOCIATE - I TA About Grant Thornton: Grant Thornton is collaborative, entrepreneurial and on the move. As part of a dynamic global organization of 52,000 people serving clients in more than 135 countries, we have the agility and focus it takes to be a leader. Founded in Chicago in 1924, Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd., one of the world s leading organizations of independent audit, tax and advisory firms. Grant Thornton has revenues in excess of $1.87 billion and operates 58 offices across the U.S., with 623 partners and 8,500+ employees in the United States and at our Shared Services Center in Bangalore, India. About GT INDUS: GT INDUS is the global in-house centre for GT US. Situated in Bangalore, GT INDUS has over 2000 professionals in Tax, Audit, Advisory, Client Services and Enabling Functions. Empowered people, bold leadership and distinctive client service are imbibed in the culture at INDUS. A transparent, competitive and excellence driven firm that offers an opportunity to be part of something significant. Driven, young professionals at GT INDUS serve communities through inspirational and generous services to give back to the communities they work in. Visit the website for more: Location: Bangalore, India. Responsibilities: Prior experience in IT Audit (ITGC/GITC/SOC report, testing) from a client facing or offshore role Knowledge of the domains of ITGC Having knowledge of Excel macros / Microsoft Office / Visual basic / Development of audit automation tools Having experience in leading a small team or managing a portfolio. Primary Responsibilities Manage a portfolio of engagements, by leading a team of associates or analysts. Managing the client engagement. Ensure quality delivery as per client requirements respecting timelines as per budget. Determine that the work delivered is of high quality through quality review/ assurance processes in place, taking it to reperformance standards. Understand business industry issues / trends. Identify areas requiring improvement in the clients business as value add. Ensure compliance with engagement plans and internal quality risk management procedures. Develop strong working relationships with client. Assist Practice Leads, Associate Directors and Directors in developing marketing collaterals, business proposals etc., adding to business growth. Attention to detail and mentor junior staff within the practice. Be agile in welcoming assignments out of comfort zone. Contribute to knowledge management sessions within the practice - Participate and contribute to off the desk activities. Skills: Critical mindset and exercise professional judgment throughout the engagement/Take accountability for performing and following up on the audit and for ensuring the delivery of work is to the highest quality/ Excellent planning and organization skills and work effectively in situations involving rapid change and simultaneous demands/ Proactively share knowledge and effectively develop, motivate, coach, train and supervise less experienced team members. Good communication and people management skills/ Ability to manage multiple engagements and deadlines. Sound knowledge of Business Process Controls and IT Application Controls Professional Experience / Qualifications: 3 - 6 years of post-qualification experience IT Audit support engagements / related internal audit experience/ external audit experience preferably in big 4 or related business experience. Proffered qualifications include, but not limited to, are Engineering Graduates (Computer Science, Electronics, Electronics Telecommunications)/ Certified Information Systems Auditor (CISA)/ Certified Information Systems Security Professional (CISSP)/ MBA - Information Technology Grant Thornton INDUS (Full Time Employee) Benefits: Insurance Benefits - Group health, Group Accidental Group Term life Wellness Program - Employee Assistance Program, Practo Plus Corporate Health Plan, Counselling services Work life effectiveness - Hybrid work model Parental Support - Parental leaves (Maternity Paternity leaves), Flexi work benefit, Child care benefit (creche facility) Mobility Benefits - Relocation benefits, Internal Job Posting, Travel Policy Retirement Benefits - Employee PF Contribution, Gratuity, Leave Encashment. Other Benefits - Women security, Onetime payment for home office set up, Professional Certification Programs, Mobile Broadband Reimbursements, Meal card, Service Awards

J OB D ESCRIPTION - A SSISTANT M ANAGER - I TA About Grant Thornton: Grant Thornton is collaborative, entrepreneurial and on the move. As part of a dynamic global organization of 52,000 people serving clients in more than 135 countries, we have the agility and focus it takes to be a leader. Founded in Chicago in 1924, Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd., one of the world s leading organizations of independent audit, tax and advisory firms. Grant Thornton has revenues in excess of $1.87 billion and operates 58 offices across the U.S., with 623 partners and 8,500+ employees in the United States and at our Shared Services Center in Bangalore, India. About GT INDUS: GT INDUS is the global in-house centre for GT US. Situated in Bangalore, GT INDUS has over 2000 professionals in Tax, Audit, Advisory, Client Services and Enabling Functions. Empowered people, bold leadership and distinctive client service are imbibed in the culture at INDUS. A transparent, competitive and excellence driven firm that offers an opportunity to be part of something significant. Driven, young professionals at GT INDUS serve communities through inspirational and generous services to give back to the communities they work in. Visit the website for more: Location: Bangalore, India. Role Summary: As an Assistant Manager, you ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. Collaborate with the teams / stakeholders for better understanding of the business and smooth execution of audit deliverables Responsibilities: Prior experience in IT Audit (ITGC/GITC/SOC report, testing) from a client facing or offshore role. Knowledge of the domains of ITGC Having reviewed/audited ERP s/DB s/OS/App - SAP, ORACLE, JD Edwards, SQL, Win, OS 400, Mainframe, Home grown ERP s, etc. Having knowledge of Excel macros / Microsoft Office / Visual basic / Development of audit automation tools Having experience in leading a small team or managing a portfolio. Primary Responsibilities - Manage a portfolio of engagements, by leading a team of senior associates, associates or analysts. Managing the client engagement - Ensure quality delivery as per client requirements respecting timelines as per budget. Determine that the work delivered is of high quality through quality review/ assurance processes in place, taking it to reperformance standards Understand business industry issues / trends. Identify areas requiring improvement in the clients business as value add. Ensure compliance with engagement plans and internal quality risk management procedures - Develop strong working relationships with client. Assist Practice Leads, Associate Directors and Directors in developing marketing collaterals, business proposals etc., adding to business growth. Attention to detail and mentor junior staff within the practice. Be agile in welcoming assignments out of comfort zone - Contribute to knowledge management sessions within the practice Participate and contribute to off the desk activities. Skills: Critical mindset and exercise professional judgment throughout the engagement/Take accountability for performing and following up on the audit and for ensuring the delivery of work is to the highest quality/ Excellent planning and organization skills and work effectively in situations involving rapid change and simultaneous demands/ Proactively share knowledge and effectively develop, motivate, coach, train and supervise less experienced team members. Analytical mindset and possess leadership qualities/ Good communication and people management skills/ Ability to manage multiple engagements and deadlines. Knowledge of ERP s like SAP, Oracle, Navision, JDE, etc. and their native application controls will be preferred/ Risk Based IT Internal Audit and Compliance Audits IT SOX 404 Controls testing/Management Testing and Assurance IT General Computer Controls related to Financial Statement Audit Automated Business Controls Third Party Assurance/IT Attestation (i.e. SOC 1, SOC 2, SOC 3, ISAE 3402, ISAE 3000, etc.). Business Process Controls and IT Application Controls. Professional Experience / Qualifications: 5 - 8 years of post-qualification experience IT Audit support engagements / related internal audit experience/ external audit experience preferably in big 4 or related business experience. Proffered qualifications include, but not limited to, are Engineering Graduates (Computer Science, Electronics, Electronics Telecommunications)/ Certified Information Systems Auditor (CISA)/ Certified Information Systems Security Professional (CISSP)/ MBA - Information Technology, Grant Thornton INDUS (Full Time Employee) Benefits: Insurance Benefits - Group health, Group Accidental Group Term life Wellness Program - Employee Assistance Program, Practo Plus Corporate Health Plan, Counselling services Work life effectiveness - Hybrid work model Parental Support - Parental leaves (Maternity Paternity leaves), Flexi work benefit, Childcare benefit (creche facility) Mobility Benefits - Relocation benefits, Internal Job Posting, Travel Policy Retirement Benefits - Employee PF Contribution, Gratuity, Leave Encashment. Other Benefits - Women security, Onetime payment for home office set up, Professional Certification Programs, Mobile Broadband Reimbursements, Meal card, Service Awards

The role reports to the JSOX Manager, support the testing of internal controls related to Japan Sarbanes-Oxley (JSOX) compliance, ensuring the execution and independent evaluation of dentsu s control environment of effective internal control over financial reporting primarily covering the Company Level Controls (CLC), Business Process Controls (BPC) and Financial Reporting controls within the three regions (APAC, Americas and EMEA). Job Description: Develop test procedures for controls testing by effectively identifying key financial, operational, technology and related business risks Develop complete and accurate work papers to a high-quality standard that substantiate and evidence findings in Riskonnect and review work papers from junior members and co-source providers. Work closely with regional JSOX leads in executing the JSOX program for the respective regions and markets. Effectively communicate to control owners any control deficiencies identified, liaise with financial audit firm (KPMG) and CoE s co-sourcing partner firm in testing controls and aligning on deficiencies, and identify appropriate action plans to mitigate control failures. Assist the Manager and regional leads with the preparation of appropriate reporting as needed Support the team on delivering to the Function s KPIs. Work with other team members to ensure JSOX test work and other projects are delivered as expected meeting the department and JSOX standards. Work with the Function s leadership team, to maintain and develop relationships with key stakeholders, and proactively seek feedback, to help ensure the audit work carried out adequately addresses the key risks in the Group Support in the execution of JSOX program, processes and controls across APAC, EMEA and Americas regions and successfully manage relationships. Communicate with relevant 2nd line global/region/cluster/market functions (e.g., Financial Controllers, Corp Secretary, Legal, IT, and Global Group Risk and Control executives and management. Requires a deep understanding of dentsu s business processes as well as IT environment, SOX compliance requirements, IT audit and risk management; working closely with the finance, controllership and audit teams to ensure that the companys JSOX controls are designed and operating effectively. Qualifications: 2 - 3 years with Chartered Accountant qualification from ICAI and /or CPA Bachelors degree or higher in accounting, finance, business administration, or a related field preferred Experience with working for Big 4 or Internal audit at publicly listed company. Professional experience in internal controls, internal audit, or risk management is essential with a focus on JSOX or US SOX. Strong command of written/verbal English communication required. Strong analytical and problem-solving skills are necessary for identifying risks, assessing controls, and recommending improvements to internal control processes. Effective communication skills, both written and verbal Related professional certificates as plus (e.g., CIA, CISA, CFE, Risk Management). Strong stakeholder engagement and organisation skills. Internal controls, Compliance and Risk Management experience. Attention to detail Familiarity within the media/advertising industry is a plus Location: Bangalore Brand: Bcoe Time Type: Full time Contract Type: Permanent

The role reports to the JSOX Manager, supports the testing of internal controls related to Japan Sarbanes-Oxley (JSOX) compliance, ensures the execution and independent evaluation of dentsu s control environment of effective internal control over financial reporting primarily covering the Company Level Controls (CLC), Business Process Controls (BPC) and Financial Reporting controls within the three regions (APAC, Americas and EMEA). Job Description: Develop test procedures for controls testing by effectively identifying key financial, operational, technology and related business risks Develop complete and accurate work papers to a high-quality standard that substantiate and evidence findings in Riskonnect and review work papers from junior members and co-source providers. Work closely with regional JSOX leads in executing the JSOX program for the respective regions and markets. Effectively communicate to control owners any control deficiencies identified, liaise with financial audit firm (KPMG) and CoE s co-sourcing partner firm in testing controls and aligning on deficiencies, and identify appropriate action plans to mitigate control failures. Assist the Manager and regional leads with the preparation of appropriate reporting as needed Support the team on delivering to the Function s KPIs. Work with other team members to ensure JSOX test work and other projects are delivered as expected meeting the department and JSOX standards. Work with the Function s leadership team, to maintain and develop relationships with key stakeholders, and proactively seek feedback, to help ensure the audit work carried out adequately addresses the key risks in the Group Support in the execution of JSOX program, processes and controls across APAC, EMEA and Americas regions and successfully manage relationships. Communicate with relevant 2nd line global/region/cluster/market functions (e.g., Financial Controllers, Corp Secretary, Legal, IT, and Global Group Risk and Control executives and management. Requires a deep understanding of dentsu s business processes as well as IT environment, SOX compliance requirements, IT audit and risk management; working closely with the finance, controllership and audit teams to ensure that the companys JSOX controls are designed and operating effectively. Qualifications: 4 - 6 years+ experience with Chartered Accountant qualification from ICAI and /or CPA preferred Experience working for Big 4 or Internal audit at publicly listed company. Professional experience in internal controls, internal audit, or risk management is essential with a focus on JSOX or US SOX. Strong command of written/verbal English communication required. Strong analytical and problem-solving skills are necessary for identifying risks, assessing controls, and recommending improvements to internal control processes. Effective communication skills, both written and verbal Related professional certificates as plus (e.g., CIA, CISA, CFE, Risk Management). Strong stakeholder engagement and organisation skills. Internal controls, Compliance and Risk Management experience. Attention to detail Familiarity within the media/advertising industry is a plus Location: Bangalore Brand: Bcoe Time Type: Full time Contract Type: Permanent

About Gameskraft Established in 2017, Gameskraft has become one of India s fastest-growing companies. We are building the worlds most-loved online gaming ecosystem, one game at a time. Started by a group of passionate gamers, we have grown from a small team of 5-6 members to a large family of 600+ Krafters, working out of our office in Prestige Tech Park, Bangalore. Our short-term success lies in the fact that we strive to focus on building a safe, secure, and responsible gaming environment for everyone. Our vision is to create unmatched experiences every day and everywhere. We set the highest benchmarks in the industry in terms of design, technology, and intuitiveness. We are the industry s only ISO 27001 and ISO 9001 certified company. About the Role: We are seeking a highly skilled and experienced Lead Information Security Engineer to drive the design, implementation, and management of our organizations security architecture. In this role, you will lead a collaborate with cross functional teams, and play a pivotal role in protecting our critical information assets. Your expertise will help us strengthen our security posture, ensuring compliance with industry standards and safeguarding against emerging threats. Key Responsibilities: 1. Security Architecture and Strategy: Design, implement, and maintain the enterprise security architecture. Develop and enforce security policies, standards, and best practices. Evaluate and implement security tools and technologies to mitigate risks. 2. Incident Response and Threat Management: Lead the investigation and resolution of security incidents and breaches. Develop and maintain the organization s incident response plans. Perform threat modeling, vulnerability assessments, and penetration testing. 3. Risk Management and Compliance: Conduct risk assessments and recommend mitigations to reduce exposure. Ensure compliance with regulatory frameworks and standards (e.g., ISO 27001, NIST, GDPR, PCI DSS). Collaborate with legal, compliance, and audit teams to address security related requirements. 4. Leadership and Team Development: Mentor and guide a team of security engineers and analysts. Foster a culture of security awareness across the organization. Partner with IT and development teams to integrate security into the DevSecOps lifecycle. 5. Stakeholder Collaboration: Act as the primary security liaison for stakeholders, including executives, customers, and external auditors. Communicate security risks and recommendations to nontechnical audiences. Partner with product and engineering teams to embed security into all stages of development. Qualifications and Skills: 1. Education and Experience: Bachelor s degree in Computer Science, Information Security, or a related field. Minimum of 5-7 years of experience in information security, with at least 2 years in a senior role. 2. Certifications: Preferred certifications: CISSP, CISM, CISA, CEH, or equivalent. 3. Technical Expertise: Strong understanding of security frameworks (e.g., NIST, ISO 27001, CIS Controls). Proficiency in tools and technologies such as SIEM, IDS/IPS, firewalls, DLP, and endpoint protection. Expertise in cloud security (AWS, Azure, GCP) and container security. Knowledge of cryptography, secure coding practices, and network security protocols. 4. Soft Skills: Excellent problem solving and analytical abilities. Exceptional communication and stakeholder management capabilities. Work Culture A true startup culture - young, fast paced, where you are driven by personal ownership of solving challenges that help you grow fast Focus on innovation, data orientation, being results driven, taking on big goals, and adapting fast A high performance, meritocratic environment, where we share ideas, debate and grow together with each new product Massive and direct impact on the work you do. Growth through solving dynamic challenges Leveraging technology analytics to solve large scale challenges Working with cross functional teams to create great product and take them to market Rub shoulders with some of the brightest most passionate people in the gaming consumer internet industry Compensation Benefits Attractive compensation and ESOP packages INR 5 Lakh medical insurance cover for yourself and your family Fair transparent performance appraisals An attractive Car Lease policy Relocation benefits A vibrant office space with fully stocked pantries. And your lunch is on us! If you are passionate about creating exceptional user experiences, possess strong leadership skills, and have a track record of delivering successful data science, we encourage you to apply for this exciting opportunity. We are committed to providing equal opportunity in employment and creating an inclusive work environment. Remember, together, we can achieve more!

The Information Security Specialist is a role within the Chief Security Office. The Chief Security Office (CSO) is responsible for protecting DB s information and systems in order to protect assets and revenues, create competitive advantages, and prevent reputational damage. What we ll offer you As part of our flexible scheme, here are just some of the benefits that you ll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Support for issues arising from complex business and CIO programs that require coordination or end-to- end support from the CSO area, such as the risks to be applied to information security, and decide who to involve from other CSO division teams. To assist in the development of appropriate pragmatic strategies to ensure effective controls and information security management in relevant programs. Identify and assess potential threat areas for information security by assessing the likelihood and impact and implementing appropriate mitigation measures. Monitoring and contributing to the implementation of the Information Security Strategy Assessment of the adequacy and effectiveness of internal controls in relation to information security risks. Ensure that appropriate procedures, policies and processes are in place and agreed and agreed with relevant stakeholders. Develop appropriate, pragmatic strategies to provide effective controls and information security management objectives and implement them across the Bank Maintain customer relationships and ensure management is focused on the information security agenda Experience in working as a single point of contact for all application issues / queries faced or encountered during the Cloud Migration Journey. Provide support to application stakeholders for migrating applications to GCP (Google Cloud Platform). Ensure compliance with security and operational readiness controls for GCP (Google Cloud Platform) migration. Identify and report risks associated with cloud migration. Working with various level of stakeholders and multi-cultural/global teams. Your skills and experience Graduate in computer science and/or first technical experience Very good technical knowledge information security and IS technology as well as cloud security Years of experience aligning standards, frameworks, and security with overall business and technology strategy Comprehensive knowledge of the processes of a security organization One or more of the following education/certification qualifications are also beneficial CISSP/CCSP/CISM/CEH/CISA/CCSK Excellent knowledge of English (oral and written) How we ll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs

We are looking for an experienced GRC Manager with a strong background in conducting audits for Banks, Data Centres, and Insurance Companies. The ideal candidate should be CISA or CISSP certified and have excellent team management and customer handling skills. This role requires expertise in IT governance, compliance frameworks, risk management, and security audits. Key Responsibilities: Audit Compliance: Lead and manage IT security and compliance audits for Banking, Data Centre, and Insurance industries. Ensure adherence to regulatory requirements such as RBI, IRDAI, ISO 27001, PCI DSS, GDPR, DPDP Act, SEBI CSCRF and NIST frameworks. Conduct risk assessments, identify gaps, and recommend security improvements. Work closely with external auditors and regulatory bodies. Prepare audit reports, track remediation, and follow up on compliance actions. Governance Risk Management: Develop and maintain GRC policies, procedures, and controls to strengthen security posture. Conduct periodic risk assessments to identify vulnerabilities and develop mitigation plans. Ensure compliance with industry best practices and legal requirements. Drive third-party risk assessments and vendor security evaluations. Team Management Leadership: Lead, mentor, and manage a team of 12 GRC professionals , providing guidance and support. Allocate resources effectively to meet audit and compliance project deadlines. Encourage professional development and upskilling within the team. Customer Engagement Stakeholder Management: Collaborate with CIOs, CISOs, Chief Risk Officers, and Compliance Teams of customer organisations. Provide expert consultation on IT security, risk, and compliance matters. Ensure seamless communication and issue resolution with customers. Travel Engagements: Willingness to travel across India and internationally for client audits and assessments. Conduct on-site assessments and ensure compliance with global security standards. Requirements: Education: Bachelor s or Master s degree in IT, Computer Science, Cybersecurity, or a related field. Certifications (Mandatory): CISA or CISSP (Additional certifications like ISO 27001 LA, CRISC, CISM are a plus). Experience: 8+ years in IT Security, Audit, GRC, or Compliance roles. Industry Exposure: Banks, Data Centres, and Insurance companies. Technical Knowledge: IT Governance, Risk Management, and Compliance Frameworks (ISO 27001, NIST, PCI DSS, RBI IT Guidelines, DPDP Act). Cloud Security, Data Protection, Business Continuity, and Third-party Risk Management. Familiarity with SIEM, DLP, Vulnerability Management, and Endpoint Security solutions. Soft Skills: Strong leadership and team management skills. Excellent communication and customer handling abilities. Ability to work in a fast-paced, multi-client environment. Why Join Us Challenging rewarding role in a growing cybersecurity and GRC firm. Opportunity to lead and make an impact on large-scale compliance programs. International exposure through audit engagements across different countries.

: GRC Lead Key Responsibilities : Develop and refine IT governance frameworks, policies, and procedures in line with industry best practices and regulatory mandates Conduct periodic reviews and updates of IT governance documents to ensure ongoing compliance with changing regulations and standards Identify, evaluate, and manage IT risks, including cybersecurity threats, data privacy issues, and operational risks Perform comprehensive risk assessments and create risk mitigation plans to address identified vulnerabilities Continuously monitor and report on the effectiveness of risk management activities and controls Conduct assurance activities including security assessments and issues management Collaborate with IT teams to improve security compliance, manage risk and the effectiveness of the IT control environment Work closely with internal and external auditors to facilitate audit activities and manage IT remediation workstreams Communicate effectively with internal and external stakeholders, including regulators, auditors, and clients, regarding GRC-related matters Work closely with business teams to address Clients GRC related concerns / findings / questionnaires Required Qualification, Skills and Experience : Bachelors degree in Information Technology, Computer Science, Finance, Accounting, or a related field Minimum of 5 years of experience in IT governance, risk management, compliance, information security or audit Minimum of 1 year of experience working with third-party risk management questionnaires In-depth knowledge of ISO standard 27001 Professional certifications such as CISA, CRISC, CISSP are a plus Strong analytical and problem-solving skills, with the ability to identify and mitigate risks effectively Excellent communication and interpersonal skills, with the ability to work collaboratively with cross-functional teams Proven ability to manage multiple projects and priorities Proficiency in GRC and audit tools and software is a plus

Some careers open more doors than others. If you re looking for a career that will unlock new opportunities, join HSBC and experience the possibilities. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. ROLE DESCRIPTION - Deliver assigned work within the given timeframes, standards, methodology, budget, and where applicable, lead and deliver audits. Confirm that audit findings and recommendations are understood and with proposed mitigations. Demonstrate knowledge of the applicable Business, Functional, and Regulatory environment, including developing trends, risks, controls, and expectations. Support a strong risk and conduct culture across the Group and promote awareness and sound operational and strategic decision-making. Critically analyse and determine key drivers of change for area of coverage and assess how these will impact audits. Use insights, industry knowledge and current developments to assess areas of concern. Coherently articulate audit exceptions and findings to GIA team members and management, and as necessary to business and/or functional stakeholders. Effectively discuss potentially challenging matters and ability to communicate with impact and articulated in a meaningful way to wide and varied audiences. Be an analytical and critical thinker, who can effectively manage competing priorities and complex challenges to deliver positive outcomes. Apply qualitative and quantitative methods to analyze and investigate challenging scenarios and situations. Be a proactive team player, who leads by example and works constructively across GIA. Effective communication and ability to maintain constructive relationships with stakeholders, team members, and GIA Management. Actively promote collaboration and sharing of ideas across GIA Produce smart, simple, and pragmatic solutions. Requirements Minimum Graduation or as required for the role, whichever is higher 2 5 years relevant work experience in the Financial Services Sector, consultancy, and external audit will be considered, but is not always essential. Applicable regulatory experience and product knowledge. Relevant accounting, audit, analytical, financial, project management, programming, quantitative, risk, and technology skills, qualifications or certifications. Undergraduate or graduate degree. Preference given to qualified accounts, CIA, CISA, CFE, or ACAMS. Fluency in English. Willingness to travel. Mature team player who is highly professional. Useful Link Link to Careers Site: Click HERE You ll achieve more at HSBC.

About Workato Workato transforms technology complexity into business opportunity. As the leader in enterprise orchestration, Workato helps businesses globally streamline operations by connecting data, processes, applications, and experiences. Its AI-powered platform enables teams to navigate complex workflows in real-time, driving efficiency and agility. Trusted by a community of 400, 000 global customers, Workato empowers organizations of every size to unlock new value and lead in today s fast-changing world. Learn how Workato helps businesses of all sizes achieve more at workato. com . Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles . We are driven by innovation and looking for team players who want to actively build our company. But, we also believe in balancing productivity with self-care . That s why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives. If this sounds right up your alley, please submit an application. We look forward to getting to know you! Also, feel free to check out why: Business Insider named us an enterprise startup to bet your career on Forbes Cloud 100 recognized us as one of the top 100 private cloud companies in the world Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America Quartz ranked us the #1 best company for remote workers Note: This role requires working during overlapping hours with the US PST zone. Are you flexible and available to work between 3:00 PM IST onwards? Responsibilities Workato is seeking a detail-oriented, highly motivated, technology-savvy and passionate Senior GRC Analyst professional who wants to support, promote and further mature the companys security GRC program. Responsible for leading NIST 800-171, NIST 800-53, and IRAP assessments and certification. Responsible for executing various security compliance initiatives such as risk assessments, security control audits and 3rd party risk assessments. You will use your strong communication, analytical and troubleshooting abilities to quickly identify and report on controls from various security domains, control and/or process gaps and to identify process and technology opportunities. Primary responsibilities include, but are not limited to: Lead internal and external audits related to ISO 27001/ISO 27701, PCI-DSS, NIST 800-171, NIST 800-53, and IRAP. Overseeing risk, compliance, and governance programs across departments Leverage broad experience to coordinate work assignments with process owners, control owners, external auditors, and consultants to ensure issues are documented and monitored. Document and perform assessments as needed and review contracts for security requirements. Exhibit strategic agility and proactively identify and correct process gaps and improvements to further the maturity of Workato s information security program in alignment with company goals and objectives. Clearly and effectively communicate security issues and risks to diverse audiences and ensure compliance with applicable controls based on a unified framework. Conduct periodic user access reviews Support developing remediation plans for issues and risks, coordinate activities with control owners, and track remediation to completion. Maintaining and documenting the risk register. Oversight of the vendor security assurance program Ability to work independently and as part of a team with a professional attitude and demeanor Partner with stakeholders to design internal controls based on regulatory requirements and best practices for ongoing risk mitigation of information systems. Support and guide information risk and security discussions with technical and non-technical groups Build and cultivate positive working relationships with stakeholders across various teams. Performs other related duties as assigned. Requirements Qualifications / Experience / Technical Skills 8+ years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management. Relevant experience working with AWS, Azure, Google or any other cloud computing environment. Experience negotiating prioritization of risks and remediation findings with internal teams. B. S. degree in Management Information Systems, Computer Science, Information Security, or any security technology-related field Solid understanding of technical security controls related to perimeter security operations, including Cloud service providers, firewalls, IDS/IPS, Vulnerability Management, and services offered by cloud service providers. Ability to prioritize and multitask with minimal supervision. Excellent skills in troubleshooting, problem-solving, analytical thinking, and project management Technical knowledge/Experience in security control technologies such as firewalls, IDS, DLP, Vulnerability Management, AWS environment, Application Security, Monitoring and logging tools, etc. Working knowledge of the controls and implementation of DFARS Clause 252. 204-7012 (NIST 800-171) and NIST Risk Management Framework (NIST 800-53) Experience auditing security standards/frameworks such as PCI-DSS, SOC, and ISO 27001/27701, etc. CISSP, CISA, PCI ISA, PCIP, CMMC RP, or similar security certifications preferred It may require working outside of normal business hours periodically It may require some international travel Soft Skills / Personal Characteristics Excellent communication skills that translate compliance requests into technical recommendations. High level of energy and a desire to thrive in a fast-paced organization; ability to balance multiple projects under pressure Excellent team player with a willingness to share knowledge with others. Excellent personal and time management skills Very high attention to detail, high integrity, and business ethics Willing to learn and take on new responsibilities