646 Cisa Jobs - Page 5

1. Experience in Company Compliances, Accounting, Finance Operation and Reporting of Data. 2.Demonstrated excellence in ensuring compliance with applicable laws, various act and regulations. 3.Experience in handling board and general meetings.

Basic Qualifications BE/B Tech/MCA/MBA/MSc or equivalent University Degree in Information Technology Atleast 10 years of experience in Technology auditing focusing on Financial Services Ability to review code (Java, C++, SQL) Experience in managing audit engagements or Technology Projects Good People Management Skills Strong written and verbal communication skills and strong interpersonal skills, as the job requires frequent interaction with Technology Management Must be able to multitask while managing both time and work load Technology audit skills including an understanding of System architecture, Operating Systems, Database, System Development Lifecycle (SDLC) Preferred Qualifications Ability to review / develop code (Java, C++, Python, etc.) Experience with Data Analytics tools and techniques Relevant certification or industry accreditation (e.g. CISA) Good Knowledge of Financial Products and Services

Position Summary Track and maintain a central repository of all issues, findings, and gaps identified by customers during due diligence and audits. Collaborate with product, technology, and functional teams to identify the best possible way to remediate client-identified gaps and answer client inquiries. Coordinate preparation, execution, and delivery of formal responses. Track and report weekly, biweekly, and monthly statistics on open, remediated, and in-progress issues to leadership and senior stakeholders. Foster positive relationships with customers, maintain open and transparent communication throughout the process, acknowledge receipt of audit findings, and provide regular updates on progress. Develop a deep understanding of product solutions and platforms for effective communication. Maintain awareness of internal controls and audit/due diligence trends to ensure the process remains effective. Maintain thorough documentation of the entire audit findings process, including correspondence with customers, supporting documentation provided, and actions taken to address issues or concerns. Lead Cross-Functional Programs & Projects Oversee key milestones and activities; communicate program details, project risks, and mitigations to leadership, ensuring timely project completion. Develop and Manage Project Plans & Reporting Create project plans, tools, reports, and narratives for identified programs. Re-prioritize based on impact and effort and provide tactical support for implementation. Education and Experience Bachelor's degree in a related field, with 8+ years of project management and execution experience. Familiarity with CISA, ISO Standards, NIST, and SOC standards. Proven track record in project delivery with excellent communication, time management, organizational, presentation, and stakeholder management skills. Demonstrated success in planning, directing, and implementing multiple, complex projects concurrently. Ability to set priorities independently and meet deadlines in a fast-paced environment. Experience working in a collaborative environment, building strong relationships at all organizational levels, and effectively working with diverse styles, skills, and cultures. Personal Competencies Exceptional communication and interpersonal skills, able to engage and influence stakeholders at all levels with flexibility and negotiation expertise to drive optimal outcomes. Strong analytical and problem-solving abilities, skilled in assessing complex data and developing actionable strategies. Self-motivated with a keen eye for detail, ensuring high-quality execution in all tasks. Highly proficient in managing multiple projects simultaneously, demonstrating adaptability as priorities shift, and showing creativity and perseverance in problem-solving. Demonstrates consistent creativity and initiative across all tasks and projects. Fosters strong collaborative relationships with internal teams, enhancing synergy and teamwork.

Come, be a part of a growing team where you can make an impact! If tackling problems and designing disruptive solutions is your passion, we have the platform for you. Encouraging leadership and supportive mentors will give wings to your ideas. Join us and grow with us! Jobs SOC & ISO 27001 Compliance Specialist Role Remote 29th May 2025 Somnetics is looking for a SOC & ISO 27001 Compliance Specialist for Information Security / Compliance Department. The individual will report to Information Security Manager / Compliance Manager. Key Responsibilities : Compliance Management: Implement and maintain SOC 2 & ISO 27001 controls. Manage internal/external audits and remediation. Policy & Procedure Oversight: Develop and update security policies. Promote compliance awareness across teams. Risk Management: Conduct risk assessments and treatment planning. Monitor and report security risks and gaps. Collaboration & Training: Coordinate with IT, legal, HR for compliance efforts. Train staff on security and compliance practices. Continuous Improvement: Enhance security processes and controls. Stay updated on industry trends and regulations. Requirements: : Education & Experience: Bachelor s in InfoSec, CS, or related field. 3 5 years in compliance/information security. Hands-on with SOC 2 & ISO 27001 audits. Preferred Certifications: ISO 27001 Lead Implementer/Auditor CISA / CISM / CISSP Skills: Strong in SOC 2, ISO 27001, and risk management. Excellent documentation & communication skills. Familiarity with GRC and audit tools. Key Competencies: : Analytical Thinking Attention to Detail Problem Solving Project Management

Responsibilities Requisition ID R-10358429 Date posted 06/01/2025 End Date 06/05/2025 City Thane State/Region Maharashtra Country India Location Type Onsite Calling all innovators find your future at Fiserv. Job Title Senior Manager, Audit What does a successful Senior Audit Manager do at Fiserv? At Fiserv, within the dynamic world of our Corporate Assurance & Advisory Services (CAAS) department, we are dedicated to delivering world class audit and advisory services that elevate the performance of Fiserv and our clients. This international team covers a wide range and scope of audit activities in the highly regulated payments and card industry! By joining the Audit team, you will be a key player in refining a diverse range of audits spanning operational, compliance, financial, and info-security/cybersecurity. What you will do: Provide guidance and direction to the planning process and the execution of fieldwork such as overseeing interviews and walkthroughs, reviewing materials, the design and execution of audit testing, analyzing results, drawing conclusions within the allotted time scheduled. Manage the audit lifecycle, staffing, scheduling, methodology and approach to testing and fieldwork and finally, the quality and timeliness of all work products you oversee. You will be expected to provide weekly, monthly, or periodic status reporting and work with the CAAS leadership team to ensure the appropriate allocation and assignment of resources. Assist the Audit Director in the development and mentoring of Senior and Staff Auditors by providing regular and timely feedback regarding their execution of tasks performed during each audit engagement and their overall performance. What you will need to have: 7+ years of audit experience applying Auditing principles, methodology and standards in a risk-based environment across a variety of audit areas at varying degrees of complexity 5 + years of financial services industry experience and/or experience working in a public accounting firm 2+ years of experience managing other professionals Active professional Audit certification such as CPA, CIA, CISA, CFE Bachelor s degree or an equivalent combination of education, work, and/or military experience What would be great to have: Experience working with risk assessment methodologies, control activities, control monitoring, control evaluations and measurement of control effectiveness in accordance with regulatory compliance requirements such as corporate governance, consumer protection, AML/CTF and Financial Crimes, data protection/data privacy, ethics or conduct risk Important info about this role: We re better together. This role is fully on-site. This is a full-time, direct-hire position, and no contract options for unsolicited agency submissions will be considered. Thank you for considering employment with Fiserv. Please: Apply using your legal name Complete the step-by-step profile and attach your resume (either is acceptable, both are preferable). Our commitment to Diversity and Inclusion: Fiserv is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, gender identity, sexual orientation, age, disability, protected veteran status, or any other category protected by law. Note to agencies: Fiserv does not accept resume submissions from agencies outside of existing agreements. Please do not send resumes to Fiserv associates. Fiserv is not responsible for any fees associated with unsolicited resume submissions. Warning about fake job posts: Please be aware of fraudulent job postings that are not affiliated with Fiserv. Fraudulent job postings may be used by cyber criminals to target your personally identifiable information and/or to steal money or financial information. Any communications from a Fiserv representative will come from a legitimate Fiserv email address. Share this Job Email LinkedIn X Facebook

Since our founding in 2007, ChargePoint has focused solely on making the transition to electric easy for businesses, fleets and drivers. ChargePoint offers a once-in-a-lifetime opportunity to create an all-electric future and a trillion-dollar market. Join the team that is building the EV charging industry and make your mark on how people and goods will get everywhere they need to go, in any context, for generations to come. Director, Internal Audit What You Will Be Doing This position in Internal Audit will provide an opportunity to learn organizations objectives, regulatory and risk management environment. Candidate is responsible for coordinating and supervising the activities of the Internal Audit Unit of the organization, to ensure effective and efficient internal control systems. Below are the key responsibilities - Test the business processes and systems that are in scope for SOX and participating in the annual risk assessment process. Performing SOX documentation, including risk and controls matrices and process flowcharts. Assist and lead efforts to advise on the design of SOX key controls and remediation of deficiencies to ensure identified risks are mitigated, and that those controls are monitored for timely execution and operating effectiveness. Assisting management in designing and implementing internal controls and business processes, including IT automation controls. Understanding existing controls, identifying gaps in the current control environment and recommending additional controls to mitigate the open risks. Use knowledge of the current environment and industry trends to identify potential audit issues. Applying internal control principles and business/technical knowledge including IT general controls (ITGC) and application controls; financial reporting concepts; working experience applying professional skepticism skills. Develop working relationships with different departmental and functional areas, ensuring a holistic understanding of key risks and processes across the organization. Direct coordination of external audit controls testing efforts, including walkthroughs, testing, audit requests and evaluation of deficiencies. Performing Key report testing after identifying the key reports used by management for conducting the key business and IT controls What You Will Bring to ChargePoint 8+ years Internal audit and SOX testing or Statutory audits. Bachelor s degree in accounting, finance, Business, Technology (IT or Information systems), or related field Certifications are preferred (CIA, CISA, CISSP or equivalent certification) Requirements Ability to support the SOX team during late hours aligned with the US Pacific Time Zone. Ability to support high-caliber SOX controls testing and other internal control initiatives Participating in the continuous improvement of audit processes and procedures Knowledge of conducting IT General Control testing, IT Automation Control testing, Key Report testing and Segregation of duties testing. Ability to work independently, deliver high quality output under time pressure and prioritize competing workloads Strong project management skills Excellent communication (written and verbal) and interpersonal skills Communicating the findings of an audit via written reports and oral presentations Strong problem solving & organizational skills Training junior staff and supervising interns Location India If there is a match between your experiences/skills and the Company needs, we will contact you directly. ChargePoint is an equal opportunity employer. Applicants only - Recruiting agencies do not contact.

Sr. Cyber Security Analyst POSITION PURPOSE: This role is responsible for assessing, managing, and enhancing the security measures of Bayer s systems, networks, and data. Especially using data analytics for monitoring of Bayers security systems and applications. YOUR TASKS AND RESPONSIBILITIES: Oversee security alerts and incidents, executing timely responses to mitigate potential risks and minimize operational impact. Collaborate with IT and security personnel to implement and verify the effectiveness of comprehensive security protocols. Remain updated on current cybersecurity developments, threats, and industry best practices to enhance the organizations security framework. Monitor and evaluate operational logs, event console activities, intelligence feeds, and pertinent data to detect security-related occurrences and trends, ensuring compliance with established industry standards and regulations such as ISO 27001, NIST, and GDPR. Develop and refine cybersecurity processes and protocols, ensuring adherence to relevant industry standards and regulatory requirements. Perform analysis and testing to identify vulnerabilities, misconfigurations, or other security exposures Conduct root cause analyses and investigations to recommend prevention strategies and configuration modifications. Execute penetration testing to identify vulnerabilities within infrastructure, web applications, and other systems, differentiating between vulnerability assessments and penetration testing methodologies. Investigate incidents and respond to events in real time. WHO YOU ARE: BS or MA in computer science, information security, cybersecurity, or a related field, though relevant working experience may be considered an equivalent with 8+years of experience Experience in IT audit, network operations, enterprise risk management, penetration testing, red team/incident response, or as a junior security operations analyst Experience with regulatory compliance and information security management frameworks, such as ISO 27000, COBIT, and NIST 800. Professional certifications such as CCP-SIRA (Senior), CISSP, and ISACA certifications, along with familiarity with standards like BSI ISO 27001 and PCI DSS Further certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), CompTIA, EC-Council (CSA) SOC Experience monitoring SIEM systems and tools Experience with network and security technologies, such as firewalls, IDS/IPS Experience configuring and utilizing vulnerability assessment technologies Experience with monitoring networks, detecting threats, and responding to incidents Proficiency in report writing, investigational techniques, and communicating to large audiences Ever feel burnt out by bureaucracy? Us too. Thats why were changing the way we work- for higher productivity, faster innovation, and better results. We call it Dynamic Shared Ownership (DSO). Learn more about what DSO will mean for you in your new role here https: / / www.bayer.com / enfstrategyfstrategy Bayer does not charge any fees whatsoever for recruitment process. Please do not entertain such demand for payment by any individuals / entities in connection with recruitment with any Bayer Group entity(ies) worldwide under any pretext. Please don t rely upon any unsolicited email from email addresses not ending with domain name bayer.com or job advertisements referring you to an email address that does not end with bayer.com . For checking the authenticity of such emails or advertisement you may approach us at HROP_INDIA@BAYER.COM. Division: Enabling Functions Reference Code: 847153

Educational Qualification: BE/BTech/MCA Experience: More than 10yrs+ exp. Certifications such as CISSP, CISA, CASE, Latest CEH preferred. JD Details: Required Skills: Deep knowledge of web Application and mobile application security testing Suggest mitigation for identified vulnerabilities for Application and network Infrastructure. SOC incidents and threat analysis A clear conceptual understanding of the Secure Software Development Life Cycle Strong knowledge on automated scanning using HP Fortify, Burp suite or similar tools. Strong knowledge on network penetration testing. Collaboration on product conceptualization for security by design Knowledge on ethical hacking, DFRA and CSR Experience in understanding false positive from the Source code scans Led at least one CSR (Compressive security review) Experience on static application security testing (SAST), dynamic application security testing (DAST), and open source security (OSS) Strong understanding of OWASP top 10. Experience in WAF logs analysis Experience on secure configuration document (SCD) based on CIS benchmark Rapid decision making to prevent delayed releases due to security issues To coordinate with various stakeholders for completion of Audit points observed by internal and external auditor. Make sure all CERTS in, RBI and various security advisories are checked and recommended action taken on the respective platforms in the application. Outside the box thinking to anticipate possible threats. Nice to Have: Knowledge on kali Linux would be an added advantage Knowledge on conducting Security Audits Good knowledge on Threat modeling, cryptography, and common application vulnerabilities Certificate in Certified Application Security Engineer (CASE), Certified Ethical Hacker (Latest CEH) if any Proficiency in programming languages (Java) Compliance: Knowledge of compliance frameworks (PCI DSS, GDPR, etc.) Key Responsibilities for network VAPT: Network Vulnerability Assessment: Conduct comprehensive network vulnerability assessments to identify potential security threats and weaknesses. Perform penetration testing to simulate real world attacks and identify vulnerabilities that could be exploited by attackers. Assess the risk associated with identified vulnerabilities and provide recommendations for remediation. Prepare detailed reports outlining findings, risks, and recommendations for remediation. Engage with clients to discuss findings, provide recommendations, and answer questions. Lead and mentor junior team members to ensure knowledge transfer and skill development. Stay up to date with the latest security threats, vulnerabilities, and technologies. Basic Skills required: Proficiency in network protocols (TCP/IP, DNS, DHCP, etc.) Experience with vulnerability scanning tools (Nessus, Qualys, etc.) Knowledge of penetration testing frameworks (Metasploit, Burp Suite, etc.) Excellent analytical and problem solving skills Effective communication and interpersonal skills

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organizations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realize their ambitions. We are currently seeking an experienced professional to join our team in the role of Sr. Associate Director, Data and Analytics Key Responsibilities: SME and Advisory Role: Serve as the primary control advisory for the CTO Data Technology organization, ensuring alignment with enterprise control expectations. Represent CTO Data Technology in all Control Owner forums to understand evolving control requirements and ensure consistent communication with ITSOs. Control Implementation Support: Educate and guide ITSOs in implementing relevant technology controls. Partner with control owners and technology teams to ensure consistent interpretation and application of control standards. Drive the implementation of assigned Technology Risk and Control Bow (TRCB) activities across CTO Data Tech aligned services and platforms. Audit & Assurance: Support ITSOs in internal, external, and regulatory audits by ensuring accurate, complete, and timely submission of evidence and responses. Coordinate with CCO, auditors and compliance teams to facilitate smooth audit walkthroughs and findings validation. Remediation Planning & Execution: Assist ITSOs in building actionable remediation plans for audit findings, KCIs, and control gaps. Monitor progress and ensure on-time delivery of all remediation commitments. Risk & Control Visibility: Provide regular visibility to CTO Data Technology sub-verticals on their control and risk posture. Publish dashboards, heat maps, and risk summaries highlighting gaps, timelines, and ownership. Tracking & Reporting: Maintain comprehensive tracking of all open audit issues, control gaps, and Key Control Indicators (KCIs). Drive regular reporting to senior stakeholders on risk metrics, remediation status, and emerging control themes. Solutioning & Risk Mitigation: Collaborate with central technology and control design teams to recommend or build control solutions where standard tools or processes are lacking. Contribute to the continuous improvement of control frameworks and tooling. Requirements Qualifications External To be successful in this role you should meet the following requirements: Bachelor s degree in computer science engineering or related field. 15+ years of experience in technology risk management, control assurance, IT audit, or compliance functions within a global enterprise. Deep understanding of IT controls, risk frameworks (e.g., COBIT, NIST, ISO 27001), and regulatory expectations. Proven experience in audit management and control remediation within complex technology environments. Strong stakeholder management and influencing skills across technology, risk, and compliance domains. Excellent communication, analytical, and problem-solving capabilities. Experience working with service owners, infrastructure, and application teams in large-scale IT organizations. Familiarity with control tools, risk dashboards, GRC systems, and reporting platforms is a plus. Preferred Certifications: CISA, CRISC, CISSP, or equivalent risk/control-related certifications. You ll achieve more when you join HSBC. HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working, and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

FS XSector Specialism Risk Management Level Associate & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. As a cybersecurity generalist at PwC, you will focus on providing comprehensive security solutions and experience across various domains, maintaining the protection of client systems and data. You will apply a broad understanding of cybersecurity principles and practices to address diverse security challenges effectively. Why PWC Learn more about us . & Summary We are seeking a professional to join our Cybersecurity and Privacy services team, where you will have the opportunity to help clients implement effective cybersecurity programs that protect against threats, drive transformation, and foster growth. As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As an L3 Analyst/SOC Manager, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalated from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit. Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. Follow up on cybersecurity incident tickets until closure. Guide L1 and L2 analysts in analyzing events and response activities. Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. Review and provide suggestions for information security policies and best practices in client environments. Ensure compliance with SLAs and contractual requirements, maintaining effective communication with stakeholders. Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. Update and review documents, playbooks, and standard operational procedures. Validate and update client systems and IT infrastructure documentation. Share knowledge on current security threats, attack patterns, and tools with team members. Create and review new use cases based on evolving attack trends. Analyze and interpret Windows, Linux OS, firewall , web proxy, DNS, IDS, and HIPS log events. Develop and maintain threat detection rules, parsers, and use cases. Understand security analytics and flows across SaaS applications and cloud computing tools. Validate use cases through selective testing and logic examination. Maintain continuous improvement processes and build/groom teams over time. Develop thought leadership within the SOC. Mandatory skill sets Bachelor s degree ( minimum requirement). 2- 8 years of experience in SOC operations. Experience analyzing malicious traffic and building detections. Experience in application security, network security, and systems security. Knowledge of security testing tools (e.g., BurpSuite , Mimikatz , Cobalt Strike, PowerSploit , Metasploit, Nessus, HP Web Inspect). Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NYDFS). Experience with traditional security operations, event monitoring, and SIEM tools. Knowledge of MITRE or similar frameworks and procedures used by adversaries. Ability to develop and maintain threat detection rules and use cases. Preferred skill sets Strong communication skills, both written and oral. Experience with SMB and large enterprise clients. Good understanding of ITIL processes (Change Management, Incident Management, Problem Management). Strong expertise in multiple SIEM tools and other SOC environment devices. Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Understanding of raw log formats of various security devices. Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Relevant certifications (CEH, CISA, CISM, etc.). Strong work ethic and time management skills. Coachability and dedication to consistent improvement. Ability to mentor and encourage junior teammates. Knowledge of regex and parser creation. Ability to deploy SIEM solutions in customer environments. Years of experience required 2 12 + years Education qualification B.Tech Education Degrees/Field of Study required Bachelor of Technology Degrees/Field of Study preferred Required Skills SoCs Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Azure Data Factory, Communication, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture, Security Compliance Management, Security Control, Security Incident Management, Security Monitoring {+ 3 more} No

Not Applicable Specialism Risk Management Level Associate & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisations security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purposeled and valuesdriven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations & Summary A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats Experience in conducting IT risk assessments. Sound understanding of ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Knowledge on application infrastructure architecture. Knowledge on SaaS application architecture. Knowledge on database and middleware communication. Knowledge on API security. Good communication skills. Good team player. Good presentation skills and senior stakeholder management. Certifications CISA, CISSP, CCNP, CCSP, CISM, CRISC etc. Mandatory Skill Sets IT Risk , ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Preferred Skill Sets Stakeholder Management , Team Management Years of Experience Required 3 + Years Education Qualification BE, B.Tech , M.Tech , MCA, MBA graduates . Education Degrees/Field of Study required Bachelor of Technology, Master of Business Administration, Master of Engineering Degrees/Field of Study preferred Required Skills Information Technology (IT) Risk Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Cloud Security, Communication, Conducting Research, Cyber Defense, Cyber Threat Intelligence, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Malware Analysis, Malware Detection Tools, Malware Intelligence Gathering, Malware Research, Malware Reverse Engineering, Malware Sandboxing {+ 11 more} No

Not Applicable Specialism Risk Management Level Associate & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisations security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purposeled and valuesdriven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations & Summary A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations , partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats. Strong communication , presentation skills with stakeholder management Good Information Security background both technical and functional. Technical background managing network security, endpoint security, threat intelligence, and risk and incident management. Experience with compliance frameworks and standards, such as PCI DSS, NIST, ISO27001, etc. Prior IT risk management experience a must Have experience with ISO 27001 implementation engagements. Experience with NIST CSF assessments. Exposure to data privacy assessments Plan, evaluate, and direct complex security programs covering multiple and inparallel projects. Understand key Cyber Security considerations including key Cyber Security Risks and projects and innovations Track projects/remediation activities Work independently and prioritize multiple tasks and adapt to needed changes Handle and track remediation of open findings/action items with relevant teams Good to have requirements Prior Big4 experience a plus Certifications such as CISSP, CISM,CISA , ISO 27001 , a plu s Mandatory Skill Sets Experience on network security, endpoint security, threat intelligence, and risk and incident management. Compliance frameworks and standards, such as PCI DSS, NIST, ISO27001, etc. Prior IT risk management ISO 27001 implementation NIST CSF assessment D ata privacy assessments Preferred Skill Sets Prior Big4 experience a plus Certifications such as CISSP, CISM,CISA , ISO 27001 , a plu s Years of Experience Required 3 + Years Education Qualification Bachelor s degree in C omputer S cience , Information Technology, Cybersecurity, or a related field Advanced degrees and relevant professional certifications are highly desirable. Education Degrees/Field of Study required Bachelor of Technology Degrees/Field of Study preferred Required Skills Information Technology General Controls (ITGC) Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Cloud Security, Communication, Conducting Research, Cyber Defense, Cyber Threat Intelligence, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Malware Analysis, Malware Detection Tools, Malware Intelligence Gathering, Malware Research, Malware Reverse Engineering, Malware Sandboxing {+ 11 more} No

Exp: 5+ yrs Industry: only Fintech or Financial Institute Job Description: Cybersecurity Officer BB Bharat Pvt. Ltd. is an aspiring global financial services firm with presence in the Gift City in Gujarat, India. The entity is able to leverage the expertise of Policies, Brand, Expertise and clientele from other related on-going financial services entities head-quartered in Singapore. We facilitate the opening of bank accounts, enable their ongoing management, and ensure their reliable, secure, and efficient cross-border fund flows. We achieve this through an extensive network of global partner banks, a robust in-house open banking platform, and our competent team that delivers knowledgeable private banking experience of proactive, high quality customer service across time zones. We are looking for an experienced and enterprising Cybersecurity Officer to join an international team of experts in banking, compliance, and corporate account management to drive our growing operations. Job description and responsibilities: Key Responsibilities: * Develop, maintain, and enforce cybersecurity policies, procedures, and protocols. * Monitor systems, investigate threats, and manage incident response and recovery. * Conduct audits, vulnerability assessments, and penetration testing. * Implement and maintain firewalls, antivirus, encryption, and other security tools. * Collaborate with cross-functional teams to ensure organization-wide security. * Lead employee training and awareness on cybersecurity best practices. * Stay updated on emerging threats and evolving technologies. * Ensure compliance with frameworks (ISO 27001, NIST, GDPR, etc.). * Support risk assessments and business continuity planning. Required Skills & Qualifications: * Strong knowledge of NIST, GDPR, AWS Well-Architected Framework, CIS Benchmarks, ISO 27001, PCI-DSS, BCP/DR, MAS TRM, MAS Cyber Hygiene, and BNM-RMIT. * Certifications: CISSP, CISO, CEH, CISA, or CISM. * Experience in developing and reviewing IS policies, procedures, guidelines, and SOPs. * Over 5 years of experience in cybersecurity or IT security roles, including 2+ years focused on Information Security or Enterprise Risk (preferably within the financial services sector). * Background in IT Security, Cybersecurity, Governance, Risk, or Audit is a plus. * Familiarity with secure-by-design implementations. * Proficient in network/system security, firewalls, IDS, and encryption. * Strong analytical, communication, and project management skills. * Able to manage multiple priorities in high-pressure environments. * Experience with ISO 20022 (optional).

locationsBangalore, Indiaposted onPosted 11 Days Ago job requisition id30648 FICO (NYSEFICO) is a leading global analytics software company, helping businesses in 100+ countries make better decisions. Join our world-class team today and fulfill your career potential! The Opportunity FICO is seeking Cyber Security Engineer to join our growing GRC Team. This is a full-time regular position (hybrid), and a great opportunity for an individual with strong PCI, ISO 27001, SOC2 audit skills or great interest in security Compliance and Risk Management frameworks and grow in exciting field of GRC". Cyber Security - Director What Youll Contribute A pplicable work experience, in performing and running audits, certification programs and control assessments, including but not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, mapping issues to risks and socializing results. Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings. Strong knowledge of common security legal and regulatory requirements. (e.g., PCI, SOC, CSA STAR, NIST, ISO/IEC 27001, COBIT, etc.) Work on compliance initiatives to ensure operational effectiveness with applicable laws and regulations, as well as internal policies and procedures. Monitor activities of assigned IT areas to ensure compliance with internal policies and standards. Assist Corporate Compliance and the Business with all required compliance/security-related documentation. Facilitate for external audits to ensure compliance with all industry-mandated regulations. Participate in the development and implementation of new business initiatives to ensure functionality required to support compliance. Provide guidance to business functions on compliance/security-related matters. Good understanding of IT concepts, including Cloud hosting, containerization, encryption, networking, operating systems, databases, middleware, and applications. Knowledge of or experience working with, Cloud technologies/environments, AWS or other related cloud experience is required. Ability to effectively communicate to all levels of the organization, including senior management, and other stakeholders that influence the security and compliance posture of FICO. Ability to assess the nature of controls and identify automation opportunities for increased monitoring and scaling coverage. What Were Seeking Bachelors degree in the field of Information Security, Computer Science or discipline and/or certifications. (e.g., ISO 27001 LI/LA, ISA/QSA, CISSP, CISA, CISM, and related GIAC.) Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues. Experience implementing cloud security and compliance standards, frameworks, and controls (ISO/IEC 27001, SOC 2, PCI, NIST) for cloud service delivery models (IaaS, PaaS, SaaS). AWS Certifications (added advantage). Experience or understanding of governance, risk and compliance (GRC) processes and solutions. Background in security controls, auditing, network and system security. Ability to express technical concepts in business terms. Able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently. Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change. Regularly interact with all levels of management to present and discuss audit results and obtain gap remediation status. Our Offer to You An inclusive culture strongly reflectingourcore valuesAct Like an Owner, DelightOurCustomers and Earn the Respect of Others. The opportunitytomake an impact and develop professionally by leveraging yourunique strengths and participating in valuable learning experiences. Highly competitive compensation, benefits and rewards programs that encourageyoutobring yourbest every day and be recognized for doing so. An engaging, people-first work environmentoffering work/life balance, employee resource groups, and social eventstopromote interaction and camaraderie. Why Make a Move to FICO At FICO, you can develop your career with a leading organization in one of the fastest-growing fields in technology today Big Data analytics. Youll play a part in our commitment to help businesses use data to improve every choice they make, using advances in artificial intelligence, machine learning, optimization, and much more. FICO makes a real difference in the way businesses operate worldwide Credit Scoring FICO Scores are used by 90 of the top 100 US lenders. Fraud Detection and Security 4 billion payment cards globally are protected by FICO fraud systems. Lending 3/4 of US mortgages are approved using the FICO Score. Global trends toward digital transformation have created tremendous demand for FICOs solutions, placing us among the worlds top 100 software companies by revenue. We help many of the worlds largest banks, insurers, retailers, telecommunications providers and other firms reach a new level of success. Our success is dependent on really talented people just like you who thrive on the collaboration and innovation thats nurtured by a diverse and inclusive environment. Well provide the support you need, while ensuring you have the freedom to develop your skills and grow your career. Join FICO and help change the way business thinks! Learn more about how you can fulfil your potential at FICO promotes a culture of inclusion and seeks to attract a diverse set of candidates for each job opportunity. We are an equal employment opportunity employer and were proud to offer employment and advancement opportunities to all candidates without regard to race, color, ancestry, religion, sex, national origin, pregnancy, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Research has shown that women and candidates from underrepresented communities may not apply for an opportunity if they dont meet all stated qualifications. While our qualifications are clearly related to role success, each candidates profile is unique and strengths in certain skill and/or experience areas can be equally effective. If you believe you have many, but not necessarily all, of the stated qualifications we encourage you to apply. Information submitted with your application is subject to theFICO Privacy policy at

>> JOB DESCRIPTION ROLE & RESPONSIBILTY: • Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. • Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. • Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. • Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. • Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. • Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. • Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments. REQUIREMENTS: • Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields. • A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. • Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. • Profound knowledge of cybersecurity frameworks, industry standards, and best practices. • Proficiency in using various security assessment and techniques. • Strong analytical and problem-solving skills, with the ability to think critically and strategically. • Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. • Demonstrated experience in project management and handling multiple assessments simultaneously. • A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. • Network Security, infrastructure assessment and network architecture design review. • Conceptual knowledge of OT Security/ISA 62443 standard is preferable.

The position will be primarily responsible for implementation and / or assessment of ISO 27001:2022, 27002, SOC 2 standard for clients. The position will work independently or with senior consultants for the implementation and management of information security compliance and/or other best practices. Key Performance Indicators Experience in ISO 27001/27002 controls verification and compliance: Assist Clients to get ISO 27001 certification by identification and implementation of appropriate controls in the Audit scope. Conduct Risk assessment of activities and coordinate with stakeholders till closure signoff / risk acceptance. Define, Develop and review information security policies, procedures, guidelines, forms and templates as per best practice Create and review baseline standards for OS, Database, webservers and applications and recommend improvements Support post implementation and continuous audits for ISO 27001:2013 and ensure compliance. Create organizational information security awareness program and conduct awareness. Assist and recommend measures to ensure compliance with Security standards (ISO, NIST, CIS, PCI DSS etc) or any best practices. Skills: Information Technology and/or Cybersecurity skills: Information Technology and/or Cybersecurity skills a solid IT foundation, ability to communicate technical information verbally and through written documentation, Knowledge of security areas such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, or web services is preferred Presales skills: Excellent communication, problem-solving, client-facing, ability to work as a team Competence: ISO 27001 / Cybersecurity Certifications. Willingness to obtain the Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) designations.

-Support for Tisax audit -Audits from customers (Quarterly audit tasks from customers) -Basic Security Guidelines - Corporate IT quartely review

cum Position Title: Incident Compliance Analyst (Deputy Manager/Assistant Manager) About the Role We are seeking a proactive, detail-oriented, and versatile professional to join our Information Security team as an Incident Compliance Analyst . This role combines the responsibilities of managing information security incidents and ensuring compliance with cybersecurity frameworks and regulatory requirements. The selected candidate will act as a liaison with government agencies, handle information security incidents, strengthen the organization s cyber posture, and ensure timely communication of updates and learnings. Key Responsibilities Incident Management and Analysis: Investigate reported information security incidents to determine their scope, impact, and root cause. Identify responsible individuals or processes contributing to incidents and suggest corrective actions. Document findings, create detailed incident reports, and communicate learnings to stakeholders. Compliance Coordination and Stakeholder Management: Act as a liaison with government agencies (e.g., NCSCC, NCIIPC, CERT-IN, NTRO/DOT) to share and receive critical information related to cyber and information security incidents. Maintain a repository of communications, advisories, and updates from regulatory bodies for the organization. Ensure timely and accurate reporting of incidents to relevant stakeholders and authorities. Cybersecurity Posture Strengthening: Identify key areas for improvement in the organization s cyber and information security posture. Collaborate with internal teams to implement measures that address identified gaps and enhance security. Monitor and evaluate the effectiveness of implemented measures and recommend further improvements. Routine Information Security Management: Manage exceptional usage requests, ensuring compliance with organizational policies. Oversee information asset gate entry and access management to ensure secure handling of assets. Maintain records of access and usage approvals, ensuring proper documentation and traceability. Strategic Communication and Reporting: Prepare detailed management summaries of incidents for strategic communication and decision-making. Support preparations for Management Incident Summary Forum (MISF) meetings. Present periodic reports on incident statistics, root causes, preventive actions, and compliance updates. Provide training and guidance to employees on incident prevention, compliance, and security best practices. Qualifications and Skills Education: Bachelor s degree in Information Technology, Computer Science, Cybersecurity, or a related field. Work Experience: 3-5 years of total experience, with at least 2 years in information security incident handling, compliance coordination, IT operations, or a related field. Experience in liaising with government agencies or regulatory bodies is a strong advantage. Certifications (Preferred): ISO 27001 Lead Auditor/Implementer CISSP (Certified Information Systems Security Professional) / CISA (Certified Information Systems Auditor) / CRISC (Certified in Risk and Information Systems Control) or similar Technical Skills: Strong knowledge of cyber security frameworks, standards, and regulatory requirements. Familiarity with incident response frameworks, methodologies, and tools (e.g., SIEM, IDS/IPS etc.). Understanding of IT infrastructure, security controls proficiency in root cause analysis problem-solving. Soft Skills: Excellent communication and interpersonal skills for effective coordination with stakeholders. Strong analytical critical thinking abilities for attention to detail ability to prepare concise accurate reports. Proactive approach to identifying and addressing compliance and security issues.

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. A Bachelors degree in engineering and approximately 2 -6 years of related work experience; or a master s or MBA degree in business, computer science, information systems, engineeringExpertise in coding skills (e.g., Java, C++, C, SQL, Oracle)Experience in performing IT audits of banking/financial sector applicationsGood to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g., NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.)Technical Knowledge of IT Audit ToolsExperience in carrying out OS/DB/Network reviewsExposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantageExperience in performing technical code reviews (understanding code logic based on business requirement) Strong project management, communication (written and verbal) and presentation skillsA team playerStrong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalismPreferred Certifications - CISA/CISSP//CISMExposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantageProficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their colour, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability, or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavour for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Skills Required: Risk Based IT Internal Audit for Financial Services EntitiesIT SOX 404 Controls Testing, Quality AssuranceInternal Financial Controls related to IT General Controls as part of Financial Statements AuditsIT Risk Control Self-Assessment Business Systems Controls / IT Application Controls Auditing Emerging Technologies such as Cloud Security, Intelligent Automation, RPA, IoT etc.Working knowledge of programming languages(C/C++/Java/SQL) Role: Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables. Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status.Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster RecoveryPerform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk Control Matrix. Perform business process walkthrough and controls testing for IT Audits.Performing planning and executing audits, including: Information Security reviews Information Technology Infrastructure reviews Application reviews Use knowledge of the current IT environment and industry IT trends to identify the engagement and client service issues and communicate this information to the project manager.Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables.Demonstrate a thorough understanding of complex information systems and apply it to client situations. Use extensive knowledge of the clients business/industry to identify technological developments and evaluate impacts on the work to be performedRisk Based IT Internal Audit for Financial Services EntitiesIT SOX 404 Controls Testing, Quality AssuranceInternal Financial Controls related to IT General Controls as part of Financial Statements AuditsIT Risk Control Self-Assessment Business Systems Controls / IT Application ControlsAuditing Emerging Technologies such as Cloud Security, Intelligent Automation, RPA, IoT etc.Working knowledge of programming languages(C / C++ / Java / SQL)Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project s progress.Monitoring and Tracking for Budget and Time Estimates on engagements.Conducting IT audits, IT Internal Audit, Robotics Process Automation (RPA) AuditsConducting SOX audits, Third Party Security audits Conducting controls assessment in manual/ automated environmentInformation Security AssessmentsConducting OS/DB/Network reviewsPrepare/Review of Policies, Procedures, SOPs

About the Role We are seeking a detail-oriented and proactive Information Security Auditor to join our team. The role involves conducting information security audits and related activities for internal external stakeholders, including vendors, dealers, and technology partners. It also encompasses activities to ensure organization s compliance with information security standards, conducting internal audits, and supporting the ISO 27001 recertification process. The ideal candidate will play a crucial role in ensuring compliance with information security standards, identifying risks, and recommending actionable improvements. Key Responsibilities Information Security Audits: Plan, execute, and document information security audits within company across all verticals and for external stakeholders, including vendors, dealers, and technology partners. Assess compliance with relevant information security policies, standards, and frameworks (e.g., ISO 27001, NCRF, NIST, GDPR, JAMA-JAPIA Guidelines etc.). ISO 27001 Compliance and Recertification: Lead and coordinate the company s ISO 27001 recertification audit process with third-party auditors. Ensure compliance with ISO 27001 standards and maintain required documentation. Collaborate with internal stakeholders to address audit findings and implement corrective actions. Risk Assessment and Mitigation: Evaluate third-party risks and recommend practical measures to mitigate identified risks. Collaborate with stakeholders to ensure the implementation of corrective actions and improvements. Policy and Compliance Monitoring: Ensure that stakeholders adhere to organizational information security policies and regulatory requirements. Assist in the development, review, and improvement of information security policies, procedures, and guidelines. Stakeholder Engagement: Serve as the primary point of contact for external stakeholders during audits. Communicate audit findings and recommendations effectively through detailed reports and presentations. Continuous Improvement: Stay updated on emerging information security threats, technologies, and industry trends. Contribute to the enhancement of the organizations information security framework and processes. Qualifications and Skills Education: Bachelor s degree in information technology, Computer Science, Cybersecurity, or a related field. Work Experience: 3-5 years of experience in information security auditing, IT risk management, or a related field. Hands-on experience with third-party/vendor audits is highly desirable. Certifications (Preferred): ISO 27001 Lead Auditor/Implementer CISSP (Certified Information Systems Security Professional) / CISA (Certified Information Systems Auditor) / CRISC (Certified in Risk and Information Systems Control) or similar Technical Skills: Strong knowledge of information security frameworks and standards (e.g., ISO 27001, NCRF etc.). Familiarity with IT systems, networks, and security controls. Proficiency in using auditing tools and techniques. Soft Skills: Excellent communication and interpersonal skills to interact with external stakeholders. Strong analytical and problem-solving abilities. Attention to detail and ability to work independently. Strong organizational and time management skills.

As passionate about our people as we are about our mission. What We re All About : Q2 is proud of delivering our mobile banking platform and technology solutions, globally, to more than 22 million end users across our 1,300 financial institutions and fintech clients. At Q2, our mission is simple: Build strong, diverse communities by strengthening their financial institutions. We accomplish that by investing in the communities where both our customers and employees serve and live. What Makes Q2 Special Being as passionate about our people as we are about our mission. We celebrate our employees in many ways, including our Circle of Awesomeness award ceremony and day of employee celebration among others! We invest in the growth and development of our team members through ongoing learning opportunities, mentorship programs, internal mobility, and meaningful leadership relationships. We also know that nothing builds trust and collaboration like having fun. We hold an annual Dodgeball for Charity event at our Q2 Stadium in Austin, inviting other local companies to play, and community organizations we support to raise money and awareness together. This position is an individual contributor within the Internal Audit Team responsible for leading and executing high-impact, risk-based IT audit engagements aligned with regulatory frameworks (e.g., SOX, FFIEC, NIST) and organizational priorities. The ideal candidate will have experience auditing complex IT environments and a deep understanding of cybersecurity, IT governance, and technology risk. This role contributes to the annual IT audit plan by assessing risk, planning and scoping audits, and delivering assurance and advisory services across areas including financial reporting, cloud computing, data protection, third-party risk, and IT operations. The Senior IT Internal Auditor will collaborate with stakeholders across Accounting, Technology, Information Security, Risk, and Compliance to drive risk mitigation and control improvement efforts. Responsibilities Execute SOX IT and information systems testing program, including conducting walkthroughs, analyzing audit evidence, executing controls testing, identifying and defining issues, and documenting business processes and procedures. Support the creation of status reports and planning materials assist with overall and collaborate closely with internal and external stakeholders for the IT Program. Perform the end-to-end planning, execution, and reporting with the IT Internal Audit Manager of risk-based IT audit engagements across domains such as: Information Security Program Network System Security Business Continuity and Disaster Recovery (BC/DR) Change Management and Software Development Lifecycle (SDLC) Third-Party Risk Management (TPRM) Identity Access Management (IAM) IT Operations and Asset Management Privacy and Data Protection Cloud and Outsourced Services Evaluate IT risks, control maturity, and alignment with regulatory expectations. Provide risk advisory and control consultation to IT and business leadership on strategic technology initiatives, regulatory obligations, and emerging threats. Collaborate closely with cross-functional stakeholders, including Accounting, Information Security, Compliance, Legal, and Engineering teams, to understand business processes and evaluate control effectiveness. Develop and deliver clear, concise, risk-focused audit reports dealing with complex and sensitive issues, including findings, root cause analysis, and actionable, in a timely manner for internal and external audiences.. Complete assigned responsibilities following audit standards. Partner with internal and external audit teams to ensure a timely and efficient testing approach and issue resolution. Monitor and validate the implementation of management action plans and ensure sustainable remediation of control issues. Support new system implementations and ensure compliance with existing policies Conduct risk assessments, including the identification of controls and testing attributes. Contribute to the development and evolution of the IT audit program, including risk assessment methodology, audit universe updates, and use of data analytics. Act as a key liaison to internal and external auditors, examiners, and other assurance functions to ensure coordinated risk coverage and alignment. Take initiative and suggest alternatives for process improvements Duties may change and Team Members may be required to perform other duties as assigned Minimum Experience and Knowledge Bachelor s degree in Information Technology, Accounting, Finance, or a related field Five or more years of experience in IT audit, internal audit, cybersecurity, financial services, or a related business function Thorough understanding of internal controls, IT risk, and regulatory requirements including SOX, FFIEC, and financial compliance frameworks Strong knowledge of internal audit methodologies, including experience leading audit projects in accordance with the Institute of Internal Auditors (IIA) Global Standards Demonstrated ability to independently plan, execute, and manage complex audit engagements with minimal supervision Proven ability to communicate complex concepts clearly across both technical and non-technical stakeholders Experience operating as a subject matter expert in key areas such as IT General Controls (ITGCs), IT Application Controls, agile software development practices, NIST frameworks, and/or GAAP Strong project management skills with the ability to manage multiple priorities simultaneously while maintaining attention to detail and accuracy Advanced proficiency in Microsoft Excel, Word, Outlook, and data analysis tools used for issue identification and trend monitoring Highly self-motivated, results-driven, and committed to delivering high-quality work in a dynamic environment Excellent time management and organizational skills, with the ability to support multiple projects, work both independently and collaboratively within the team and effectively prioritize and manage a large volume of work Superior interpersonal, written, and verbal communication skills, with the ability to create thorough documentation and interface effectively with individuals at various levels Ability to remain organized, pay strict attention to detail, and meet critical deadlines within a high volume, fast-paced environment Analytical with strong problem-solving abilities and creative resolution skills Demonstrated discretion and trustworthiness when working with confidential financial, operational, or employee data Holds an active CIA, CISA, or CPA designation or evidenced plans to pursue Preferred Experience and Knowledge 3+ years of direct experience in IT Audit for a SaaS company or equivalent IT audit experience at a top-tier firm (Big 4, RSM, Protiviti, etc.) 2 or more years of experience leading end-to-end engagements and/or leadership experience within the information technology or security fields Demonstrated knowledge of internal controls, business risks and audit techniques in a large SaaS organization Demonstrated knowledge of SOC1 and SOC2 requirements Knowledge of data analytics tools such as ACL, Power BI, or Tableau Experience with AuditBoard or other audit engagement support tools Maintains other designations including Certified Management Accountant (CMA), Certified Fraud Examiner (CFE), Certified Information Security Systems Professional (CISSP), Certified Financial Services Auditor (CFSA), or other relevant business designation. #LI-RR This position requires fluent written and oral communication in English. Health Wellness Hybrid Work Opportunities Flexible Time Off Career Development Mentoring Programs Health Wellness Benefits, including competitive health insurance offerings and generous paid parental leave for eligible new parents Community Volunteering Company Philanthropy Programs Employee Peer Recognition Programs - You Earned it

POSITION SUMMARY STATEMENT: This role is a global role that will support the Internal Controls and SOX Compliance Sr. Director in the scoping, design, and support of IT related controls. This position will be key in supporting Herbalife s integrated approach to the internal control environment. Candidates must possess a strong knowledge of the underlying principles for scoping and designing controls including a solid working knowledge of the COBIT, COSO, and NIST frameworks. Candidates must be excellent communicators skilled at influencing without authority and partnering with key stakeholders across the business. DETAILED RESPONSIBILITIES/DUTIES: Assist in the completion of the annual enterprise IT risk assessment to ensure appropriate scoping and risk mitigation and support the enterprise s integrated internal control environment. Work with application owners to document IT SOX narratives and related workflow diagrams. Work with control owners to identify, design and conduct the management assessment of IT application controls, Key Reports and General IT Controls. Support control owners in the preparation and execution of the annual SOX testing plan. Review, assess, and evaluate reported deficiencies, root causes, and planned corrective actions. Review and assess significance of reported deficiencies and identify compensating controls. Coordinate with the IT system owners in the implementation and improvement of controls and processes including the design, update and streamlining of the IT control environment. Provide support and assistance to groups performing SOX functions throughout the Company. Establish and maintain good working relationship with business groups and help address internal control related issues. Assess processes, risks, and controls to identify control gaps and improvement opportunities. Support process improvement and control optimization projects. Providing advice and counsel to management on internal controls including SOX and cybersecurity. Skills: Required Solid understanding of SOX testing methodologies, risk assessment practices, and the COBIT, COSO, and NIST frameworks Experience in Oracle Ability to effectively work in cross functional teams Solid ability to analyze problems to identify the root cause and propose workable solutions Strong oral and written communication skills Able to multi-task and organize Able to prioritize and meet (formal and self-imposed) due dates with minimal supervision Self-reliant and has initiative to carry out assigned tasks or improve processes Able to independently solve practical problems Strong proficiency in Excel, Word, PowerPoint and Visio Able to work in team environment Maintain positive attitude and influence Able to maintain professionalism at all times Experience: Required 5+ years SOX, internal or external audit Big 4 Accounting or publicly traded company International or Fortune 500 company Experience in planning, project management, and analysis Strong work ethic and capacity, ability to work collaboratively with a sense of urgency and commitment Education: Bachelor s Degree in Information Systems, Accounting, Finance, or equivalent CISA

Job Summary Grow with the best. Join a smart, creative, and inspired team that works behind the scenes to support operational excellence. Our functional services teams (FSTs) provide services to 32,000 employees in over 450 locations across 6 continents. Bringing together individuals with diverse backgrounds, talents, and expertise, our FSTs are vital to making our Company stronger. Explore opportunities in Financial Services. Stantec s Internal Audit department is evolving and growing to meet the company s assurance needs. Internal Audit team members can make a difference in improving Stantec s business and financial processes. We have a well-established SOX program which offers an excellent opportunity to learn about the major financial reporting processes of the company. We also have an evolving internal audit program which provides opportunities to learn about other key areas of Stantec s business. Those services are delivered within a dynamic company - recent exciting developments include continued domestic growth and expansion into international markets. We are seeking a Senior Internal Auditor who will provide value added advisory, assurance and consulting services. This will be accomplished by collaborating with various business teams to understand, analyze and resolve business process and internal control issues with the goal of achieving business center and corporate compliance to mandated standards. Reporting to a Manager, Internal Audit, a Senior Internal Auditor is responsible for completing SOX compliance work and assisting in the performance of internal audits. This involves the ability to: Work independently with only limited direction and guidance and provides appropriate direction to other team members. Plan and perform SOX, internal audit and consulting projects, including complex and sensitive engagements. Think strategically to effectively establish the appropriate audit objectives and scope to meet client expectations. Demonstrate the ability to identify potential issues, evaluate risks and develop solutions to address the issues in a timely and effective manner. Evaluate findings in the context of the implications for the entire organization (i.e., big picture ). Review files to ensure that a high level of quality is maintained and that auditing standards are followed. Can successfully lead exit meetings with the audit client to present the results and garner management support for the audit report and its recommendations. Establish and monitor targets for internal auditors (where applicable), ensuring both quality and productivity. Recognize and defuse potentially confrontational situations. Manage group dynamics and interpersonal relationships within and across teams. Perform multiple projects, working with various team members to meet budgets and deadlines. Build positive working relationships with stakeholders including clients, management and the external auditor. Keep abreast of emerging issues and external regulatory requirements that have assurance implications. Contribute to a team-oriented and continuous improvement environment within Stantec. A minimum of 10% domestic and international travel will be required, 1-2 weeks in duration each trip. This description is not a comprehensive listing of activities, duties or responsibilities that may be required of the employee and other duties, responsibilities and activities may be assigned or may be changed at any time with or without notice. . The successful candidate shall be located in Pune. Stantec is a global leader in sustainable engineering, architecture, and environmental consulting. The diverse perspectives of our partners and interested parties drive us to think beyond what s previously been done on critical issues like climate change, digital transformation, and future-proofing our cities and infrastructure. We innovate at the intersection of community, creativity, and client relationships to advance communities everywhere, so that together we can redefine what s possible. The Stantec community unites approximately 32,000 employees working in over 450 locations across 6 continents. Qualifications: A professional degree in accounting or finance. 3-6 years of relevant post-designation experience within a large, complex environment in some or all the following areas: public accounting, internal auditing and/or SOX compliance. Certification in auditing or fraud examination is considered an asset (e.g., Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or Certified Fraud Examiner (CFE)) - if candidate does not have a certification, then candidate must commence the process to obtain a certification within the first year. Excellent understanding of internal auditing standards: International Professional Practices Framework (IPPF), COSO and risk assessment practices. Superior skills in project management, analysis, problem solving and oral and written communication. Confidence and the ability to work with all levels of staff and management within a large international company. Ability to tie details to the big picture . Sound judgment. Has led and/or supervised a team. Qualifications: A professional degree in accounting or finance. 3-6 years of relevant post-designation experience within a large, complex environment in some or all the following areas: public accounting, internal auditing and/or SOX compliance. Certification in auditing or fraud examination is considered an asset (e.g., Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or Certified Fraud Examiner (CFE)) - if candidate does not have a certification, then candidate must commence the process to obtain a certification within the first year. Excellent understanding of internal auditing standards: International Professional Practices Framework (IPPF), COSO and risk assessment practices. Superior skills in project management, analysis, problem solving and oral and written communication. Confidence and the ability to work with all levels of staff and management within a large international company. Ability to tie details to the big picture . Sound judgment. Has led and/or supervised a team.

About TripleLift Were TripleLift, an advertising platform on a mission to elevate digital advertising through beautiful creative, quality publishers, actionable data and smart targeting. Through over 1 trillion monthly ad transactions, we help publishers and platforms monetize their businesses. Our technology is where the worlds leading brands find audiences across online video, connected television, display and native ads. Brand and enterprise customers choose us because of our innovative solutions, premium formats, and supportive experts dedicated to maximizing their performance. As part of the Vista Equity Partners portfolio, we are NMSDC certified, qualify for diverse spending goals and are committed to economic inclusion. Find out how TripleLift raises up the programmatic ecosystem at triplelift.com . The Role TripleLift is seeking a Security Engineer to join our team full time. We are an established company in the advertising technology sector, trying to tackle some of the most challenging problems facing the industry. You will be joining a rapidly growing and complex environment and will work as part of a small team that will be responsible for developing, evangelizing, and executing our security roadmap. You ll help drive improvements in our security operations capability and support critical projects enhancing our detect-and-respond capabilities. Responsibilities Support and enhance the organizations global security compliance efforts aligned with frameworks like NIST CSF and CIS Controls Monitor and triage security alerts and incidents using SIEM, EDR, and other monitoring tools; escalate and support investigations as needed Manage and maintain endpoint security tools (e.g., CrowdStrike, Microsoft Defender, SentinelOne) across corporate devices and servers Coordinate with IT to ensure consistent endpoint hardening, patching, and policy enforcement Contribute to the vulnerability management process by validating, tracking, and helping remediate findings across infrastructure and endpoints Assist in the creation and maintenance of detection rules, security dashboards, and runbooks Perform initial threat-hunting activities and collaborate with senior engineers on deeper investigations Support identity and access management practices (e.g., user provisioning/deprovisioning, privileged access reviews) Participate in incident response, including documentation, coordination, and root cause analysis Create and maintain security documentation, procedures, and knowledge base articles Collaborate cross-functionally with engineering, IT, and compliance teams to support secure operations Desired Skills and Attributes 4+ years of experience in a security engineering or security operations role Proven track record working in information security operations, engineering, architecture, or security consulting Understanding of security fundamentals with relation to various cybersecurity and compliance frameworks, particularly NIST CSF, but any of: PCI, SOC2, HITRUST, ISO 27001/2, or similar Deep understanding of the AWS Cloud, it s services, technologies and APIs Hands-on experience managing endpoint security platforms (EDR, antivirus, MDM) in a corporate environment Able to design and evaluate general security controls, as well as how to design effective compensating controls where necessary Experience managing tools in a Security Operations Center environment, i.e., monitoring and reacting to SIEM alerts/events Deep understanding of how to securely manage cloud-native environments and ability to deploy tools in these environments Experience with managing identity and access solutions at scale for a large corporation e.g. Okta Practical experience with coding and scripting languages (e.g., Python, Bash, PowerShell) to support automation and tooling Strong communication and documentation skills Strives for continued learning opportunities to build upon craft Holds a Cybersecurity certification, e.g. CISSP, CISA, Security+, etc. Education Requirement A Bachelor s degree in a technical subject is preferred, although candidates with relevant experience who hold other degrees will be considered. Experience Requirement At least four years of experience working within a security role or related/adjacent role Location Pune #LI-CS1 Life at TripleLift At TripleLift, we re a team of great people who like who they work with and want to make everyone around them better. This means being positive, collaborative, and compassionate. We hustle harder than the competition and are continuously innovating. Learn more about TripleLift and our culture by visiting our LinkedIn Life page. Establishing People, Culture and Community Initiatives At TripleLift, we are committed to building a culture where people feel connected, supported, and empowered to do their best work. We invest in our people and foster a workplace that encourages curiosity, celebrates shared values, and promotes meaningful connections across teams and communities. We want to ensure the best talent of every background, viewpoint, and experience has an opportunity to be hired, belong, and develop at TripleLift. Through our People, Culture, and Community initiatives, we aim to create an environment where everyone can thrive and feel a true sense of belonging. Privacy Policy Please see our Privacy Policies on our TripleLift and 1plusX websites. TripleLift does not accept unsolicited resumes from any type of recruitment search firm. Any resume submitted in the absence of a signed agreement will become the property of TripleLift and no fee shall be due.

Role & responsibilities At least 7+ years of relevant experience into IT Risk Audit, ITGC, etc CA / B.Tech / MBA (IT) / CISA / DISA Preferred candidate profile ITRA Roles & Responsibilities: Responsible for managing audit engagements with a focus on IT risks Manages a team of IT audit professionals involved in evaluating and testing ITGCs, conduct business and IT process reviews, IT Application Controls tests, IPEs. third party assurance (SOC1&2) and related areas; Is seen as a subject matter expert either on specific technology platforms (SAP, Oracle etc.) or industry (FS, Manufacturing, Retail etc.) Supports leadership in developing the ITRA team by coaching, providing technical guidance during audit engagements, ensuring completion of work within tight deadlines and delivers high quality audit results consistent with the firms expectations. Is well versed with latest technology updates in the field and encourages team members to constantly learn and adapt. Engages with the client senior management in articulating IT audit findings and can convince them his point of view Engages with firms internal stakeholders on how the findings relating to IT audits have a bearing on the financial reporting and internal controls. Supports the firms quality agenda and ensures zero defect audits during internal/external quality reviews Is viewed as a trusted advisor by the team and the clients alike Actively establish & strengthen client and internal relationships. Assists leaders in developing new methodologies and internal initiatives. Identify & escalate potential business opportunities for the firm on existing client engagements. Should be a team player with a proactive and result oriented approach. Ability to prioritize, work on multiple assignments, and manage ambiguity. Should have excellent presentation & communication skills. High on personal integrity and work ethics and can be trusted without micro-level supervision from leaders Qualified CA, MBA, BTech/BE. / BSc IT (Preferred CISA or equivalent certifications)