1032 Cobit Jobs - Page 12

A career within Internal Audit services, will provide you with an opportunity to gain an understanding of an organisation’s objectives, regulatory and risk management environment, and the diverse needs of their critical stakeholders. We focus on helping organisations look deeper and see further considering areas like culture and behaviours to help improve and embed controls. In short, we seek to address the right risks and ultimately add value to their organisation. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. Responsibilities As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: Invite and give in the moment feedback in a constructive manner. Share and collaborate effectively with others. Identify and make suggestions for improvements when problems and/or opportunities arise. Handle, manipulate and analyse data and information responsibly. Follow risk management and compliance procedures. Keep up-to-date with developments in area of specialism. Communicate confidently in a clear, concise and articulate manner - verbally and in the materials I produce. Build and maintain an internal and external network. Seek opportunities to learn about how PwC works as a global network of firms. Uphold the firm's code of ethics and business conduct. Essential Duties And Responsibilities Manage the work streams related to IT SOX compliance covering ITGC and IT Dependencies (ITAC, Interfaces, IPE’s). Thorough understanding around ITGC domains such as Logical Access, Change Management, SDLC and Computer Operations. Exposure of testing IT Application Controls (Configurable, Non-configurable), Interfaces, IPE’s, Data Migration and Platform Reviews. Provide technical support in the assessment, design, and implementation of ITGC requirements. Review control evidence for adherence to accuracy, completeness, and precision of control execution for all ITGC. Develop, implement, and test controls for new acquisitions and in-scope entities Work with control owners and operators to ensure quality, consistency, and operability of new and existing controls. Collaborate and build long-term relationships with key stakeholders in a fast-paced and matrixed work environment. Review test findings, facilitate the remediation of ITGC control gaps, and escalate possible critical issues to senior management within IT. Mentors and develops peer and Associates, monitors their work, and takes corrective action when necessary Builds and maintains strong peer relationships within the team and across the organization Coordinates work with External Auditors. Interpersonal Skills Ability to work independently under general supervision with latitude for initiative and independent judgment Effective verbal and written communications, including active listening skills Ability to establish and maintain effective working relationships with co-workers and external contactors/auditors Detail-oriented Comfortable working on multiple projects simultaneously Individuals would be expected to cultivate a strong team environment and promote a positive working relationship amongst their team. Excellent Communication, written and verbal would be expected. In addition to being an exceptional individual contributor, manage engagements and relevant Teams allocated for the same. Managing predominantly offshore engagements and relevant PwC Territory teams. Ensure client service delivery in accordance with the quality guidelines & methodologies. Build and maintain client relationships by understanding and being responsive to client needs and ensuring high quality of deliverables. Demonstrate strong analytical thinking and communication skills including the ability to research and understand complex processes and effectively communicate them to interested parties Client Management Develop strong working relationships with the client and onshore client teams. Maintain excellent rapport and proactive communication with the stakeholders and client. Operational Excellence Suggest ideas on improving engagement productivity and identify opportunities for improving client service. Ensure compliance with engagement plans and internal quality & risk management procedures. People Related Display teamwork, integrity, and leadership. Work with team members to set goals and responsibilities for specific engagements. Foster teamwork and innovation. Utilize technology & tools to continually learn and innovate, share knowledge with team members and enhance service delivery. Conduct workshops and technical training sessions for team members. Contribute to the learning & development agenda and knowledge harnessing initiatives Minimum Qualifications Bachelor’s degree in Information Systems, Computer Science Engineering, or Finance Preferred B.E., B. TECH, M. TECH, MCA, BCA, CA, MBA Experience in technology audit, risk management, compliance, consulting, or information security Excellent knowledge of IT General Controls, automated and security controls. Knowledge of security measures and auditing practices within various operating systems, databases, and applications Experience in auditing financial applications, cyber security practices, privacy, and various infrastructure platforms such as Unix, Linus, Windows, SQL Server, Oracle Databases Knowledge and concepts of auditing of cloud platforms (AWS, Azure and Google Cloud) Experience designing continuous auditing and monitoring tools and techniques is a plus. Good understanding of CoBIT 5 Domains of Access Management, SLDC & Change and Computer Operations and Control Design and Testing of SOX IT General Controls (ITGC) and/or IT Application Controls (ITAC) Experience in identifying control gaps and communicating audit findings and control redesign recommendations to Management/Clients Knowledge of regulations impacting privacy, integrity, and availability of clients PII. Functional knowledge of major ERP suites (like SAP, Dynamics, Oracle EBS) Understanding of audit concepts and regulations Required overall experience in testing/reviewing and implementation of ITGC controls, CoBit 5 and developing COSO framework Candidates with 3-5 years of relevant experience in similar role, preferably with a “Big 4” or equivalent Chartered Accountant (would be added advantage) Certification(s) Preferred CISA / CISM / CRISC / CISSP / ISO 27001 LA certifications

Location: Gurugram, Haryana Time type: Full time Job level: Senior Associate Job type: Regular Category: Transaction Advisory ID: JR112910 About us We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. About the Company: The RSM USI supports RSM U.S. risk consulting, transaction advisory, technical accounting, financial consulting, technology and management consulting, tax and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. RSM’s vision is to be the first-choice advisor to middle market leaders globally. You will work directly with clients, key decision makers and business owners across various industries and geographies to deliver a top-quality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual, mentored as a future leader, and recognized for your accomplishments. Job Description/What You Will Do: Analyze technology (IT and Cybersecurity) implications for active M&A transactions. Review client investment thesis, company profile and information concerning the business technology environment including but not limited to business applications, IT infrastructure, cybersecurity controls, and privacy related regulatory compliance requirements. Research niche technologies, applicable regulatory obligations and latest technology trends to guide analysis. Participate in discussions with company executives to understand business processes, approach to leveraging technology and strategy to build resiliency against cybersecurity threats. Analyze commercial off the shelf and/or custom developed applications used by a business for sufficiency (e.g., license counts), scalability (e.g., version, implementation model), and maintainability (e.g., support model). Analyze a company’s IT infrastructure to determine adequacy of hosting model, hardware inventory, network architecture and business continuity procedures. Analyse technology vendor contracts and compute IT spend through the review of contracts and other financial documents provided by the Company. Analyze the company’s cybersecurity maturity through review of cybersecurity governance program/procedures, exposure to regulatory compliance requirements and preventative technical controls. Develop workbooks and reports to capture diligence observations/analysis. Who We Are Looking For: Ability to conceptualize and summarize key findings in a clear and meaningful way with expertise in drafting critical sections of the technology DD report. Knowledge of and experience with key IT frameworks (e.g. CMMI, ITIL, ISO 27000, SSAE-18 SOC reporting, NIST Cybersecurity Framework). Knowledge of and experience with key cybersecurity frameworks (e.g. COBIT, ISO 27001, NIST). Highly proficient with Microsoft office Suite (e.g., PowerPoint, Excel, Word, Visio) Strong skills in critical thinking, problem solving, and process improvement. Excellent interpersonal and communication skills in order to interact effectively with internal team members and external clients of the firm. Demonstrates willingness to invest time in cross-time zone communication with U.S. based teams. Ability to be a self-starter and drive successful client delivery. Able to manage deadlines and take ownership of getting the job done in a timely manner Evaluated as an exceptional performer in current position. Development Opportunity/What’s in It for You: Opportunity to interface with US based private equity and executive level leadership. Develop expertise in technology related M&A disciplines. Grow a strategic mindset and develop executive level perspective on investment towards operational technology. Experience M&A across a variety of industries and option to develop specific industry expertise. Gain an understanding of the approach towards post-acquisition value creation, integration, separation and risk remediation. Minimum Qualifications: Academic Qualification: B.Tech. and MBA from leading technology/business schools. Relevant experience of 2-3 years at a Big 4 or equivalent Advisory Services practice. Knowledge of Microsoft powered AI products such as Microsoft CoPilot or any other GenAI tools is preferred. Preferred Qualifications: Preferred industry experience in one or more of the following: manufacturing, distribution, consumer products, business services, healthcare, financial services, business services, or technology. Knowledge of US based regulatory and compliance frameworks such as FFIEC, NERC CIP, PCI DSS, HIPAA, GLBA, and HITECH is a plus. ERP or supply chain applications implementation experience; functional expertise in IT and supporting front/back-office operations preferred At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

Finance Location Gurugram, India Job Title: IT Internal Auditor II Job Description CL – 9B Location - Gurugram Experience – 6+ years of IT Audit experience in Big 4 audit firm or industry. Big 4 experience is preferable. Concentrix is a leading business services company. We focus on customer engagement and improving business outcomes for over 450 global clients across six continents. Our 300,000+ staff delivers technology-infused, omni-channel customer experience management, marketing optimization, digital, consulting, analytics, and back office solutions in 40+ languages from 125+ delivery centers. We serve automotive; banking and financial services; insurance; healthcare; technology; consumer electronics; media and communications; retail and e-commerce; travel and transportation; and energy and public sector clients. Visit www.concentrix.com to learn more. Looking for detail-oriented, hands-on, results-driven individual with proven management, audit, and communication skills, as well a strong work ethic to work in a challenging, fast-paced, energetic environment with responsibilities that include evaluating the design and operational effectiveness of IT internal controls for both Technology Solutions and Concentrix, either as part of an audit, consultation, or SOX assessment Job Description – Operates as an IT Internal Auditor on progressively more complex audits, consultations, Sarbanes-Oxley assessments, and related projects, which may occur concurrently. Documents and evaluates the design adequacy of internal controls via a variety of methods, including flowcharting, walkthroughs, best practices benchmarking, as well as detailed test work. Plans, executes, and reports results of risk-based projects, which assess the design and effectiveness of IT infrastructure, financial, operational, and compliance processes for both manual and automated controls, which may be on first time topics within established or emerging business processes. Testing responsibilities will generally include IT General Controls, including logical access, security reviews, change management, and IT operations, IT application controls, IT report controls, and user access reviews. Documents the results of projects, including identification of internal control weaknesses and/or improvement opportunities via detailed issue logs and executive summaries. Partners with management to determine appropriate remediation steps and ensure corrective action is carried out. Facilitates work of external auditors. Provides direct assistance to external auditors (performs work on the behalf of external auditors and is supervised directly by external auditors). Manages internal projects involving liaison with various stakeholders, execution and suggest mitigation in line with industry best practices. Skills and Abilities: Strong ability to quickly gain knowledge of changing business and system environments. Experience in managing small to medium sized teams Proven experience identifying problems and developing solutions (via core audit knowledge, and conceptual and analytical thinking) as well as established experience managing time, resources and projects. Advanced risk/controls, finance/accounting and/or information technology/operations knowledge. Strong oral and written communications skills, including process flowcharting. Proven track record of effectively building relationships with all levels of management in a positive and proactive manner. Demonstrated understanding of compliance standards and proven experience keeping up to date with industry and regulatory changes and professional standards. Proficient in MS Office applications including Word, Excel, PowerPoint and Visio. Robust skill in reviewing JAVA and SQL scripts. Knowledge: Knowledge and experience in testing IT General Controls across platform (Application, OS, DB) for following areas: Change management User access management Backup and Recovery management Batch job Management Problem and Incident management Strong understanding of fundamental IT and Business processes, risk, controls, security controls and Risk management. Working knowledge of Hosted applications and cloud application with processes and controls understanding. Knowledge of IT Security aspects towards key areas like IT General Controls, SDLC, Database Management systems, Network Security, SOX/ICFR, COBIT, COSO, SSAE 16/18 etc. Knowledge of generally accepted audit standards and corporate internal audit standards Qualification : Combination of Graduate/Post Graduate Degree (in Computer Applications, Management Information systems, Computer Science Engineering or related field) and/or certifications (e.g. CPA, CGA, CISA, CIA, etc.) and 6+ years of related experience from Big 4 audit firm or Industry. Big 4 experience is preferred. Location: IND Gurgaon - Bld 14 IT SEZ Unit 1, 17th C & D and Gd Flr D Language Requirements: Time Type: Full time If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the Job Applicant Privacy Notice for California Residents

Job Title: IT Internal Auditor II Job Description CL – 9B Location - Gurugram Experience – 6+ years of IT Audit experience in Big 4 audit firm or industry. Big 4 experience is preferable. Concentrix is a leading business services company. We focus on customer engagement and improving business outcomes for over 450 global clients across six continents. Our 300,000+ staff delivers technology-infused, omni-channel customer experience management, marketing optimization, digital, consulting, analytics, and back office solutions in 40+ languages from 125+ delivery centers. We serve automotive; banking and financial services; insurance; healthcare; technology; consumer electronics; media and communications; retail and e-commerce; travel and transportation; and energy and public sector clients. Visit www.concentrix.com to learn more. Looking for detail-oriented, hands-on, results-driven individual with proven management, audit, and communication skills, as well a strong work ethic to work in a challenging, fast-paced, energetic environment with responsibilities that include evaluating the design and operational effectiveness of IT internal controls for both Technology Solutions and Concentrix, either as part of an audit, consultation, or SOX assessment Job Description – Operates as an IT Internal Auditor on progressively more complex audits, consultations, Sarbanes-Oxley assessments, and related projects, which may occur concurrently. Documents and evaluates the design adequacy of internal controls via a variety of methods, including flowcharting, walkthroughs, best practices benchmarking, as well as detailed test work. Plans, executes, and reports results of risk-based projects, which assess the design and effectiveness of IT infrastructure, financial, operational, and compliance processes for both manual and automated controls, which may be on first time topics within established or emerging business processes. Testing responsibilities will generally include IT General Controls, including logical access, security reviews, change management, and IT operations, IT application controls, IT report controls, and user access reviews. Documents the results of projects, including identification of internal control weaknesses and/or improvement opportunities via detailed issue logs and executive summaries. Partners with management to determine appropriate remediation steps and ensure corrective action is carried out. Facilitates work of external auditors. Provides direct assistance to external auditors (performs work on the behalf of external auditors and is supervised directly by external auditors). Manages internal projects involving liaison with various stakeholders, execution and suggest mitigation in line with industry best practices. Skills and Abilities: Strong ability to quickly gain knowledge of changing business and system environments. Experience in managing small to medium sized teams Proven experience identifying problems and developing solutions (via core audit knowledge, and conceptual and analytical thinking) as well as established experience managing time, resources and projects. Advanced risk/controls, finance/accounting and/or information technology/operations knowledge. Strong oral and written communications skills, including process flowcharting. Proven track record of effectively building relationships with all levels of management in a positive and proactive manner. Demonstrated understanding of compliance standards and proven experience keeping up to date with industry and regulatory changes and professional standards. Proficient in MS Office applications including Word, Excel, PowerPoint and Visio. Robust skill in reviewing JAVA and SQL scripts. Knowledge: Knowledge and experience in testing IT General Controls across platform (Application, OS, DB) for following areas: Change management User access management Backup and Recovery management Batch job Management Problem and Incident management Strong understanding of fundamental IT and Business processes, risk, controls, security controls and Risk management. Working knowledge of Hosted applications and cloud application with processes and controls understanding. Knowledge of IT Security aspects towards key areas like IT General Controls, SDLC, Database Management systems, Network Security, SOX/ICFR, COBIT, COSO, SSAE 16/18 etc. Knowledge of generally accepted audit standards and corporate internal audit standards Qualification : Combination of Graduate/Post Graduate Degree (in Computer Applications, Management Information systems, Computer Science Engineering or related field) and/or certifications (e.g. CPA, CGA, CISA, CIA, etc.) and 6+ years of related experience from Big 4 audit firm or Industry. Big 4 experience is preferred. Location: IND Gurgaon - Bld 14 IT SEZ Unit 1, 17th C & D and Gd Flr D Language Requirements: Time Type: Full time If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the Job Applicant Privacy Notice for California Residents R1417068

Hiring TPRM (third party risk management) risk assessment In a world of growing cyber threats and regulatory demands, role of a TPRM Analyst has never been more vital We are seeking Governance, Risk, and Compliance (GRC) to implement robust frameworks that integrate risk management, compliance, and governance processes into our business strategy. Experience - 4 -7Years Location - Bengaluru Work Mode - Hybrid Certifications: ISO 27001 LA/LI, ISC2 CC, Security+, CTPRP, CTPRA, CISA, CISM, CRISC, CISSP (any one is preferable ) Information Security Governance, Compliance and Security Assessment, experience, with a focus on IT and IS Risk Assessments and program reviews / establishment. Familiarity with and demonstrated experience assessing against the BS ISO/IEC/SIG 27002:2005 BS 7799 standard domains, BS 25999 including Risk Assessment; Security policy; Organization of Information Security; Asset Management; HR Security; Physical and Environmental Security; Communications and Operations Management; Access Control; IS Acquisition, Development and Maintenance; IS Incident Management; Business Continuity Management; and Compliance. Broad understanding of Information Security trends, services and disciplines and experience applying them in dynamic environments. Were ready to fast-track your application if youre available to start! Think youre a perfect fit? Drop your resume bhumika.soni@weareams.com or Share this with someone you know who fits the bill.

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. About The Company The RSM USI supports RSM U.S. risk consulting, transaction advisory, technical accounting, financial consulting, technology and management consulting, tax and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. RSM’s vision is to be the first-choice advisor to middle market leaders globally. You will work directly with clients, key decision makers and business owners across various industries and geographies to deliver a top-quality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual, mentored as a future leader, and recognized for your accomplishments. Job Description/What You Will Do Analyze technology (IT and Cybersecurity) implications for active M&A transactions. Review client investment thesis, company profile and information concerning the business technology environment including but not limited to business applications, IT infrastructure, cybersecurity controls, and privacy related regulatory compliance requirements. Research niche technologies, applicable regulatory obligations and latest technology trends to guide analysis. Participate in discussions with company executives to understand business processes, approach to leveraging technology and strategy to build resiliency against cybersecurity threats. Analyze commercial off the shelf and/or custom developed applications used by a business for sufficiency (e.g., license counts), scalability (e.g., version, implementation model), and maintainability (e.g., support model). Analyze a company’s IT infrastructure to determine adequacy of hosting model, hardware inventory, network architecture and business continuity procedures. Analyse technology vendor contracts and compute IT spend through the review of contracts and other financial documents provided by the Company. Analyze the company’s cybersecurity maturity through review of cybersecurity governance program/procedures, exposure to regulatory compliance requirements and preventative technical controls. Develop workbooks and reports to capture diligence observations/analysis. Manage and develop members of the RSM USI team. Who We Are Looking For Ability to conceptualize and summarize key findings in a clear and meaningful way with expertise in drafting critical sections of the technology DD report. Expertise and working knowledge of infrastructure management, network architecture, virtualization, application and data hosting architectures (data center, on-premise, public cloud), and business continuity/disaster recovery (BCDR) best practices. Knowledge of and experience with key IT frameworks (e.g. CMMI, ITIL, ISO 27000, SSAE-18 SOC reporting, NIST Cybersecurity Framework). Knowledge of and experience with key cybersecurity frameworks (e.g. COBIT, ISO 27001, NIST). Exposure to various sectors such as financial services, healthcare, life sciences, power and utility, energy, retail and hospitality, business services and technology. An experience across a wide spectrum of IT and security pillars including IT Strategy, Infrastructure, Business Applications, Cybersecurity, Spend Analysis, etc. Highly proficient with Microsoft office Suite (e.g., PowerPoint, Excel, Word, Visio) Strong skills in critical thinking, problem solving, and process improvement. Excellent interpersonal and communication skills in order to interact effectively with internal team members and external clients of the firm. Demonstrates willingness to invest time in cross-time zone communication with U.S. based teams. Ability to be a self-starter and drive successful client delivery. Able to manage deadlines and take ownership of getting the job done in a timely manner. Evaluated as an exceptional performer in current position. Development Opportunity/What’s In It For You Opportunity to interface with US based private equity and executive level leadership. Develop expertise in technology related M&A disciplines. Grow a strategic mindset and develop executive level perspective on investment towards operational technology. Experience M&A across a variety of industries and option to develop specific industry expertise. Gain an understanding of the approach towards post-acquisition value creation, integration, separation and risk remediation. Minimum Qualifications Academic Qualification: B.Tech. and MBA from leading technology/business schools. Relevant experience of 4-7 years at a Big 4 or equivalent Advisory Services practice. Knowledge of Microsoft powered AI products such as Microsoft CoPilot or any other GenAI tools is preferred. Preferred Qualifications Deal experience with onshore team including data room management, document request list preparation, management meeting preparation, workbook analysis, quality of earnings, due diligence reports, client calls and engagement team calls. Experience with post-acquisition/carve-out integration and separation related engagements. Preferred industry experience in one or more of the following: manufacturing, distribution, consumer products, business services, healthcare, financial services, business services, or technology. Knowledge of US based regulatory and compliance frameworks such as FFIEC, NERC CIP, PCI DSS, HIPAA, GLBA, and HITECH is a plus. ERP or supply chain application implementation experience; functional expertise in IT and supporting front/back-office operations preferred IT and cyber related certifications (CISSP, CISM, HITECH, PCI DSS QSA, CEH, Azure, AWS) At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. About The Company The RSM USI supports RSM U.S. risk consulting, transaction advisory, technical accounting, financial consulting, technology and management consulting, tax and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. RSM’s vision is to be the first-choice advisor to middle market leaders globally. You will work directly with clients, key decision makers and business owners across various industries and geographies to deliver a top-quality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual, mentored as a future leader, and recognized for your accomplishments. Job Description/What You Will Do Analyze technology (IT and Cybersecurity) implications for active M&A transactions. Review client investment thesis, company profile and information concerning the business technology environment including but not limited to business applications, IT infrastructure, cybersecurity controls, and privacy related regulatory compliance requirements. Research niche technologies, applicable regulatory obligations and latest technology trends to guide analysis. Participate in discussions with company executives to understand business processes, approach to leveraging technology and strategy to build resiliency against cybersecurity threats. Analyze commercial off the shelf and/or custom developed applications used by a business for sufficiency (e.g., license counts), scalability (e.g., version, implementation model), and maintainability (e.g., support model). Analyze a company’s IT infrastructure to determine adequacy of hosting model, hardware inventory, network architecture and business continuity procedures. Analyse technology vendor contracts and compute IT spend through the review of contracts and other financial documents provided by the Company. Analyze the company’s cybersecurity maturity through review of cybersecurity governance program/procedures, exposure to regulatory compliance requirements and preventative technical controls. Develop workbooks and reports to capture diligence observations/analysis. Who We Are Looking For Ability to conceptualize and summarize key findings in a clear and meaningful way with expertise in drafting critical sections of the technology DD report. Knowledge of and experience with key IT frameworks (e.g. CMMI, ITIL, ISO 27000, SSAE-18 SOC reporting, NIST Cybersecurity Framework). Knowledge of and experience with key cybersecurity frameworks (e.g. COBIT, ISO 27001, NIST). Highly proficient with Microsoft office Suite (e.g., PowerPoint, Excel, Word, Visio) Strong skills in critical thinking, problem solving, and process improvement. Excellent interpersonal and communication skills in order to interact effectively with internal team members and external clients of the firm. Demonstrates willingness to invest time in cross-time zone communication with U.S. based teams. Ability to be a self-starter and drive successful client delivery. Able to manage deadlines and take ownership of getting the job done in a timely manner Evaluated as an exceptional performer in current position. Development Opportunity/What’s In It For You Opportunity to interface with US based private equity and executive level leadership. Develop expertise in technology related M&A disciplines. Grow a strategic mindset and develop executive level perspective on investment towards operational technology. Experience M&A across a variety of industries and option to develop specific industry expertise. Gain an understanding of the approach towards post-acquisition value creation, integration, separation and risk remediation. Minimum Qualifications Academic Qualification: B.Tech. and MBA from leading technology/business schools. Relevant experience of 2-3 years at a Big 4 or equivalent Advisory Services practice. Knowledge of Microsoft powered AI products such as Microsoft CoPilot or any other GenAI tools is preferred. Preferred Qualifications Preferred industry experience in one or more of the following: manufacturing, distribution, consumer products, business services, healthcare, financial services, business services, or technology. Knowledge of US based regulatory and compliance frameworks such as FFIEC, NERC CIP, PCI DSS, HIPAA, GLBA, and HITECH is a plus. ERP or supply chain applications implementation experience; functional expertise in IT and supporting front/back-office operations preferred At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

About The Role Project Role : Security Delivery Lead Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Must have skills : Security Compliance Management Good to have skills : Security Architecture DesignMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled and detail-oriented Security Architect/ Security Compliance professional specialized in ITGC and Control Testing Professional to join our team. The ideal candidate will have a strong background in IT audit, internal controls, and risk management. The primary responsibility of this role is to evaluate and test IT General Controls (ITGC) as well as specific application controls to ensure compliance with regulatory requirements, company policies, and industry standards. Roles & Responsibilities:1. Conduct comprehensive assessments of IT General Controls (ITGC) including but not limited to access controls, change management, system development, and operations controls.2. Perform detailed control testing procedures to evaluate the design and effectiveness of IT controls across various platforms, applications, and technologies.3. Collaborate with cross-functional teams including IT, internal audit, compliance, and business units to identify control deficiencies, gaps, and areas for improvement.4. Develop and maintain documentation of control objectives, testing methodologies, and test results in accordance with established standards and frameworks.5. Participate in risk assessment activities to identify and prioritize key IT risks, and contribute to the development of risk mitigation strategies.6. Provide guidance and support to IT teams in implementing remediation plans and corrective actions to address control deficiencies.7. Stay informed about emerging technologies, regulatory changes, and industry best practices related to IT controls and compliance requirements.8. Prepare clear and concise reports summarizing control testing results, findings, and recommendations for management review and audit committee presentations. Professional & Technical Skills: - Solid understanding of IT General Controls (ITGC) frameworks (e.g., COBIT, COSO) and control testing methodologies.Strong understanding of IT General Controls across areas such as access management, change management, data backup, and logical security.Experience in conducting ITGC assessments in support of internal audits, external audits, and regulatory requirements (e.g., SOX, SSAE 18/SOC 1, SOC 2).Familiarity with COBIT, COSO, NIST, or similar IT control and governance frameworks.Hands-on knowledge of identity and access management (IAM) practices, user provisioning/deprovisioning, and role-based access control.Understanding of system development life cycle (SDLC) and related controls.Proficiency in reviewing IT infrastructure controls, including network, server, and database environments.Ability to interpret and analyze audit logs, system configurations, and change control documentation.Skilled in using tools like ServiceNow, SailPoint, Archer GRC, or equivalent GRC platforms.Experience in working with ERP systems (e.g., SAP, Oracle) to review control effectiveness.Strong documentation, reporting, and communication skills, with the ability to present findings to both technical and non-technical stakeholders.Ability to work cross-functionally with internal audit, IT, and business teams to remediate control gaps.Relevant certifications preferred:CISA, CISM, CRISC, CIA, or equivalent. Additional Information:1. Minimum of 15 Years of full time education/ Bachelors degree in Information Technology, Computer Science, Accounting, or related field. Advanced degree or professional certification (e.g., CISA, CISSP, CIA) is a plus.2. 6-8 years of experience in IT audit, internal controls, or compliance-related roles, preferably within a regulated industry such as finance, healthcare, or manufacturing3. This role is based at Delhi/NCR/ Bangalore/ and other Accenture locations in India. Qualification 15 years full time education

This role will be responsible for supporting the Third-Party Technology Risk Management team in identifying and evaluating potential/ recognized risks related to Information Security, Business Continuity and Physical Security. The 3rd Party Security Risk Assessor, reporting to the Manager, Third Party Risk Management team that performs security assessments of vendors, service providers and 3rd party companies that manage systems or information for BNP Paribas Responsibilities Direct Responsibilities As a Third-Party Technology Risk Assessor, you will perform third-party information and cyber security assessment to identify, monitor, remediate, and manage third party risks across the third-party lifecycle. Risk Assessor role requires good risk experience technology expertise (areas of information and cyber security, business continuity, incident management, compliance, and human resource security) in accurately scoring the inherent risk profile of 3rd parties, making sure the risk assessments are completed on time with quality. In addition, the role requires the ability to prioritize and drive workload. Evaluating control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to review of: ISO 27001, SIG (Shared Assessments), TruSight, SOC / equivalent reports, as well as knowledge of controls related to Privacy, Compliance, Business Resiliency, Cyber and other risk domains. Work with Line of business partners, by navigating them through the different stages of the risk assessment life cycle and making sure that they are being compliant to the organization requirements. Communicate assessment findings and recommendations to internal stakeholders, including senior management, legal, and compliance teams as applicable. Monitor and track the identified findings as part of the assessment lifecycle. Contributing Responsibilities Actively participate in identifying process gap and should be ready to own and update/ document relevant TPTRM policies and procedures Support Internal and external TPTRM audit requirements Compile and generate Weekly/Monthly/Quarterly dashboard on KPI Technical Behavioral Competencies Ideally in financial services with minimum of 5+ years of experience in TPRM or Risk management background. Bachelor's degree with professional certification in Information, Cyber, Network and Cloud Security. Experience with industry recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT, SOC 2 etc. Experience in one or more risk disciplines an advantage i.e., Information Security, Business Continuity, Data Privacy etc. Experience in Governance, Risk Compliance (GRC) tools an advantage. Experience in providing stakeholders with specialist risk knowledge and monitoring its execution. Strong self-motivated multi-tasker who can prioritize competing tasks and stakeholders. Ability to work independently in a fast adapting and agile work environment. Proactive and deliverable focused, with a dedication to delivering against hard deadlines. Excellent analysis skills with keen eye for detail. Strong capabilities in Microsoft Excel, PowerPoint, and Word. Familiarity with vendor management, procurement, and contract negotiation. Ability to communicate effectively with both technical and non-technical stakeholders. Strong analytical and problem-solving skills. Specific Qualifications (if required) Skills Referential Behavioural Skills : (Please select up to 4 skills) Ability to collaborate / Teamwork Communication skills - oral written Attention to detail / rigor Creativity Innovation / Problem solving Transversal Skills: Ability to develop and adapt a process Ability to understand, explain and support change Ability to develop others improve their skills Education Level: Bachelor Degree or equivalent Experience Level At least 5 years

Senior Specialist, Release Management Coordinate seamless ERP releases across global platforms Are you ready to play a key role in one of the most ERP transformations in the industry? NKT is unifying three SAP ECC platforms into a single, streamlined S/4HANA system—and we’re looking for a Senior Specialist, Release Management to ensure smooth, timely, and secure deployments across all phases of this journey. This is a unique opportunity to join a newly established team at the very beginning of a global transformation. You’ll be at the heart of coordinating release activities, managing dependencies, and ensuring technical readiness across platforms. Do you want to be part of a team that’s building the digital backbone of a greener tomorrow? Plan, coordinate and lead ERP release cycles As Sr. Specialist, Release Management, you will be responsible for planning and coordinating release activities across multiple workstreams and technical platforms. You’ll work closely with internal teams and external partners to ensure readiness, mitigate risks, and maintain a clear release calendar. Your role is essential to our One ERP transformation and the long-term stability of our digital infrastructure. Your responsibility will be to: Coordinate release windows and cycles across portfolios and components Plan and execute deployment activities and runbooks Maintain release calendars and documentation for all workstreams Monitor third-party updates, infrastructure changes, and defect backlogs Ensure smooth handover to operational maintenance teams You will report to the Senior Manager, S/4 Architecture and collaborate with global teams and partners. The position is based in Chennai , with approximately 10–20 travel days per year. Organized and collaborative release management professional You are a motivated and structured professional who thrives in environments. You enjoy working with diverse stakeholders, aligning complex schedules, and ensuring that every release is executed with precision. Your effective planning and communication skills help you build trust and clarity across teams. You also have: 5+ years of experience in release or operations management in complex enterprise environments. Experience in coordinating large-scale transformation programs. Comprehensive knowledge of release planning, risk mitigation, and deployment processes. Experience with SAP S/4HANA or similar ERP platform. Proficient organizational and documentation skills. Certifications in ITIL, PRINCE2, or COBIT is nice to have. Build the backbone of a greener ERP future NKT is committed to supporting a diverse organization and a culture where people from different backgrounds can thrive and are inspired to perform at their best. We believe that a diverse organization enables sustainable performance, and that an inclusive and welcoming culture makes for a better place to work. At NKT, you’ll be part of a collaborative and international team where your skills are valued and your development is supported. This role offers the opportunity to grow your skills in a global setting, contribute to a major digital transformation, and help build a secure foundation for a greener tomorrow. Join us and be part of a company that connects a sustainable energy future. Read more about our offer and listen to some voices of NKT Connectors here! We will review applications continuously, but we recommend you apply no later than 3 1st July 2025. Be aware that personality and cognitive tests might be included in the recruitment process. For inquiries about the recruitment process, please reach out to Girija.rajendran@nkt.com . Please note that due to the GDPR regulations we cannot accept any applications via e-mail. Be a Connector of the green tomorrow! About NKT NKT connects a greener world with high-quality power cable technology and takes centre stage as the world moves towards green energy. NKT designs, manufactures and installs low-, medium- and high-voltage power cable solutions enabling sustainable energy transmission. Since 1891, NKT has innovated the power cable technology building the infrastructure for the first light bulbs to the megawatts created by renewable energy today. NKT is headquartered in Denmark and employs 6,000 people. NKT is listed on Nasdaq Copenhagen and realised a revenue of EUR 3.3 billion in 2024. We connect a greener world. www.nkt.com

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Control & Risk Assessment Leader Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust. Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value. The opportunity The Technology Assurance, Risk, and Policy (TARP) function within Information Security strives to create and promote a holistic Governance, Risk, and Compliance (GRC) program by creating a robust, resilient, and proactive governance framework, supported by a strategic risk management approach and stringent compliance structures. It aims to integrate and align its GRC initiatives in line with the global firm's objectives and emerging threats within the cybersecurity landscape. Furthermore, the Policy, Risk, and Controls (PRC) Enablement & Awareness team aims to establish policies and procedures that reflect the value we place on safeguarding our digital environment, while ensuring that these policies are effectively communicated and enforced across all levels of the organization. The Control & Risk Assessment team sits within PRC Enablement & Awareness and aims to directly enables the GRC program by designing control testing and risk assessment methodology to measure and quantify compliance to policies and control objectives. Your Key Responsibilities The Control & Risk Assessment Leader will be responsible for building and owning a control testing and risk assessment program, following the model for 1st line and 2nd line testing best-practice strategies, that routinely tests and assesses the effectiveness and efficiency of Information Security controls put in place to mitigate risks to determine if they are supporting the desired business outcomes. They will need to rank and prioritize Information Security and Information Technology controls based on their risk profiles and design testing plans, inclusive of testing procedures, which will be used to measure effectiveness while, simultaneously looking for opportunities to enhance and improve EY’s control landscape. In certain instances, they will need to plan and execute risk assessments to quantify assumptions over the risk profiles. The Control & Risk Assessment Leader is responsible for building a team of experienced professionals to assist in executing the strategic vision and objectives of the Control & Risk Assessment testing and assessment program. The Control & Risk Assessment team will work collectively to support the Information Security Program in the areas of risk assessment methodology development and execution of risk assessments, control testing design and execution, and identification of gaps and areas of improvement utilizing testing and assessment results. Collaboration with other Information Security groups and external stakeholders across EY is key to this role. The Control & Risk Assessment Leader will need to build a network of multi-departmental and multi-level stakeholders inclusive of, but not limited to Information Security, Client and Enterprise Technology, Data Protection, Global and Enterprise Risk Management, Internal Audit, Area and Regional Risk & Data teams, Service Line Quality Leaders, etc Skills And Attributes For Success Own and build multi-year roadmap to establish and mature the Control & Risk Assessment program. This includes development of the team’s charter, identification of resource needs, ongoing monitoring systems and tool requirements, performance metrics, and workstream prioritization. Build and manage control testing and risk assessment service offerings aimed at identifying potential risks and validates mitigation controls by conducting regular and systematic assessments of the organization's IT infrastructure, including networks, systems, applications, and data processes. Based on results of assessments and testing, assist control owners with the design and implementation of their controls in the organization's IT environment. Strategize on the appropriate amount of preventive, detective, or corrective controls which will have the most impact on reducing overall risk for the firm. Create a 1st Line Testing framework that can be shared with control owners that will enhance security culture and support control ownership roles and responsibilities. Conduct training and awareness campaigns to facilitate the adoption of the framework. Appropriately balance firm security needs with business impact and benefit when recommending advancements in policy and control objectives and directing those efforts to completion. Think strategically to assist with the development of a long-term vision for Information Security’s Technology Assurance, Risk, and Policy direction inclusive of its program improvement, technology adoption, and integration of security solutions into business objectives. Act as a thought leader in the firm, staying informed of changes in information security, regulatory requirements, audit standards, and industry trends, adjusting strategies, as necessary. Build and maintain appropriate relationships with internal and external leaders to ensure awareness and understanding of potential strategic directions. Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change. Outstanding management, interpersonal, communication, organizational, and decision-making skills. Ability to understand and integrate cultural differences and motives and to lead cross cultural teams. Demonstrate integrity and judgment within a professional environment. Evaluate, counsel, mentor and provide feedback on performance of others. Plan the training and development of staff to develop their skills and maintain state-of-the-art knowledge in information security. To qualify for the role you must have 12+ years of experience in the Information Technology, Information Security and/or Risk Management field(s). Audit experience or a demonstrated ability to design and test technology controls. 5+ years of experience in managing and mentoring junior and senior level staff. Experience leading global and virtual teams. High proficiency in technical and general writing skills in English. An advanced degree in Computer Science, Information Security, or a related field; equivalent work experience will be considered on a case-by-case basis. One or more of the following or equivalent certifications preferred: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT. Ideally, you’ll also have A working knowledge of external control standards like ISO 27001, NIST 800-53, COBIT, etc and regulatory requirements like GDPR and SOX. Skilled in Microsoft Office and M365 products; primarily Word, Excel, PowerPoint, SharePoint, PowerApps, and PowerBI. Experience with RSA Archer or other GRC tools. Flexibility to work outside of normal business hours when engaging with team members and stakeholders in various time zones. What We Offer As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer: Continuous learning: You will develop the mindset and skills to navigate whatever comes next. Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way. Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs. We ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodations. EY is committed to being an inclusive employer, and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Control & Risk Assessment Leader Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust. Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value. The opportunity The Technology Assurance, Risk, and Policy (TARP) function within Information Security strives to create and promote a holistic Governance, Risk, and Compliance (GRC) program by creating a robust, resilient, and proactive governance framework, supported by a strategic risk management approach and stringent compliance structures. It aims to integrate and align its GRC initiatives in line with the global firm's objectives and emerging threats within the cybersecurity landscape. Furthermore, the Policy, Risk, and Controls (PRC) Enablement & Awareness team aims to establish policies and procedures that reflect the value we place on safeguarding our digital environment, while ensuring that these policies are effectively communicated and enforced across all levels of the organization. The Control & Risk Assessment team sits within PRC Enablement & Awareness and aims to directly enables the GRC program by designing control testing and risk assessment methodology to measure and quantify compliance to policies and control objectives. Your Key Responsibilities The Control & Risk Assessment Leader will be responsible for building and owning a control testing and risk assessment program, following the model for 1st line and 2nd line testing best-practice strategies, that routinely tests and assesses the effectiveness and efficiency of Information Security controls put in place to mitigate risks to determine if they are supporting the desired business outcomes. They will need to rank and prioritize Information Security and Information Technology controls based on their risk profiles and design testing plans, inclusive of testing procedures, which will be used to measure effectiveness while, simultaneously looking for opportunities to enhance and improve EY’s control landscape. In certain instances, they will need to plan and execute risk assessments to quantify assumptions over the risk profiles. The Control & Risk Assessment Leader is responsible for building a team of experienced professionals to assist in executing the strategic vision and objectives of the Control & Risk Assessment testing and assessment program. The Control & Risk Assessment team will work collectively to support the Information Security Program in the areas of risk assessment methodology development and execution of risk assessments, control testing design and execution, and identification of gaps and areas of improvement utilizing testing and assessment results. Collaboration with other Information Security groups and external stakeholders across EY is key to this role. The Control & Risk Assessment Leader will need to build a network of multi-departmental and multi-level stakeholders inclusive of, but not limited to Information Security, Client and Enterprise Technology, Data Protection, Global and Enterprise Risk Management, Internal Audit, Area and Regional Risk & Data teams, Service Line Quality Leaders, etc Skills And Attributes For Success Own and build multi-year roadmap to establish and mature the Control & Risk Assessment program. This includes development of the team’s charter, identification of resource needs, ongoing monitoring systems and tool requirements, performance metrics, and workstream prioritization. Build and manage control testing and risk assessment service offerings aimed at identifying potential risks and validates mitigation controls by conducting regular and systematic assessments of the organization's IT infrastructure, including networks, systems, applications, and data processes. Based on results of assessments and testing, assist control owners with the design and implementation of their controls in the organization's IT environment. Strategize on the appropriate amount of preventive, detective, or corrective controls which will have the most impact on reducing overall risk for the firm. Create a 1st Line Testing framework that can be shared with control owners that will enhance security culture and support control ownership roles and responsibilities. Conduct training and awareness campaigns to facilitate the adoption of the framework. Appropriately balance firm security needs with business impact and benefit when recommending advancements in policy and control objectives and directing those efforts to completion. Think strategically to assist with the development of a long-term vision for Information Security’s Technology Assurance, Risk, and Policy direction inclusive of its program improvement, technology adoption, and integration of security solutions into business objectives. Act as a thought leader in the firm, staying informed of changes in information security, regulatory requirements, audit standards, and industry trends, adjusting strategies, as necessary. Build and maintain appropriate relationships with internal and external leaders to ensure awareness and understanding of potential strategic directions. Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change. Outstanding management, interpersonal, communication, organizational, and decision-making skills. Ability to understand and integrate cultural differences and motives and to lead cross cultural teams. Demonstrate integrity and judgment within a professional environment. Evaluate, counsel, mentor and provide feedback on performance of others. Plan the training and development of staff to develop their skills and maintain state-of-the-art knowledge in information security. To qualify for the role you must have 12+ years of experience in the Information Technology, Information Security and/or Risk Management field(s). Audit experience or a demonstrated ability to design and test technology controls. 5+ years of experience in managing and mentoring junior and senior level staff. Experience leading global and virtual teams. High proficiency in technical and general writing skills in English. An advanced degree in Computer Science, Information Security, or a related field; equivalent work experience will be considered on a case-by-case basis. One or more of the following or equivalent certifications preferred: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT. Ideally, you’ll also have A working knowledge of external control standards like ISO 27001, NIST 800-53, COBIT, etc and regulatory requirements like GDPR and SOX. Skilled in Microsoft Office and M365 products; primarily Word, Excel, PowerPoint, SharePoint, PowerApps, and PowerBI. Experience with RSA Archer or other GRC tools. Flexibility to work outside of normal business hours when engaging with team members and stakeholders in various time zones. What We Offer As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer: Continuous learning: You will develop the mindset and skills to navigate whatever comes next. Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way. Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs. We ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodations. EY is committed to being an inclusive employer, and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Control & Risk Assessment Leader Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust. Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value. The opportunity The Technology Assurance, Risk, and Policy (TARP) function within Information Security strives to create and promote a holistic Governance, Risk, and Compliance (GRC) program by creating a robust, resilient, and proactive governance framework, supported by a strategic risk management approach and stringent compliance structures. It aims to integrate and align its GRC initiatives in line with the global firm's objectives and emerging threats within the cybersecurity landscape. Furthermore, the Policy, Risk, and Controls (PRC) Enablement & Awareness team aims to establish policies and procedures that reflect the value we place on safeguarding our digital environment, while ensuring that these policies are effectively communicated and enforced across all levels of the organization. The Control & Risk Assessment team sits within PRC Enablement & Awareness and aims to directly enables the GRC program by designing control testing and risk assessment methodology to measure and quantify compliance to policies and control objectives. Your Key Responsibilities The Control & Risk Assessment Leader will be responsible for building and owning a control testing and risk assessment program, following the model for 1st line and 2nd line testing best-practice strategies, that routinely tests and assesses the effectiveness and efficiency of Information Security controls put in place to mitigate risks to determine if they are supporting the desired business outcomes. They will need to rank and prioritize Information Security and Information Technology controls based on their risk profiles and design testing plans, inclusive of testing procedures, which will be used to measure effectiveness while, simultaneously looking for opportunities to enhance and improve EY’s control landscape. In certain instances, they will need to plan and execute risk assessments to quantify assumptions over the risk profiles. The Control & Risk Assessment Leader is responsible for building a team of experienced professionals to assist in executing the strategic vision and objectives of the Control & Risk Assessment testing and assessment program. The Control & Risk Assessment team will work collectively to support the Information Security Program in the areas of risk assessment methodology development and execution of risk assessments, control testing design and execution, and identification of gaps and areas of improvement utilizing testing and assessment results. Collaboration with other Information Security groups and external stakeholders across EY is key to this role. The Control & Risk Assessment Leader will need to build a network of multi-departmental and multi-level stakeholders inclusive of, but not limited to Information Security, Client and Enterprise Technology, Data Protection, Global and Enterprise Risk Management, Internal Audit, Area and Regional Risk & Data teams, Service Line Quality Leaders, etc Skills And Attributes For Success Own and build multi-year roadmap to establish and mature the Control & Risk Assessment program. This includes development of the team’s charter, identification of resource needs, ongoing monitoring systems and tool requirements, performance metrics, and workstream prioritization. Build and manage control testing and risk assessment service offerings aimed at identifying potential risks and validates mitigation controls by conducting regular and systematic assessments of the organization's IT infrastructure, including networks, systems, applications, and data processes. Based on results of assessments and testing, assist control owners with the design and implementation of their controls in the organization's IT environment. Strategize on the appropriate amount of preventive, detective, or corrective controls which will have the most impact on reducing overall risk for the firm. Create a 1st Line Testing framework that can be shared with control owners that will enhance security culture and support control ownership roles and responsibilities. Conduct training and awareness campaigns to facilitate the adoption of the framework. Appropriately balance firm security needs with business impact and benefit when recommending advancements in policy and control objectives and directing those efforts to completion. Think strategically to assist with the development of a long-term vision for Information Security’s Technology Assurance, Risk, and Policy direction inclusive of its program improvement, technology adoption, and integration of security solutions into business objectives. Act as a thought leader in the firm, staying informed of changes in information security, regulatory requirements, audit standards, and industry trends, adjusting strategies, as necessary. Build and maintain appropriate relationships with internal and external leaders to ensure awareness and understanding of potential strategic directions. Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change. Outstanding management, interpersonal, communication, organizational, and decision-making skills. Ability to understand and integrate cultural differences and motives and to lead cross cultural teams. Demonstrate integrity and judgment within a professional environment. Evaluate, counsel, mentor and provide feedback on performance of others. Plan the training and development of staff to develop their skills and maintain state-of-the-art knowledge in information security. To qualify for the role you must have 12+ years of experience in the Information Technology, Information Security and/or Risk Management field(s). Audit experience or a demonstrated ability to design and test technology controls. 5+ years of experience in managing and mentoring junior and senior level staff. Experience leading global and virtual teams. High proficiency in technical and general writing skills in English. An advanced degree in Computer Science, Information Security, or a related field; equivalent work experience will be considered on a case-by-case basis. One or more of the following or equivalent certifications preferred: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT. Ideally, you’ll also have A working knowledge of external control standards like ISO 27001, NIST 800-53, COBIT, etc and regulatory requirements like GDPR and SOX. Skilled in Microsoft Office and M365 products; primarily Word, Excel, PowerPoint, SharePoint, PowerApps, and PowerBI. Experience with RSA Archer or other GRC tools. Flexibility to work outside of normal business hours when engaging with team members and stakeholders in various time zones. What We Offer As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer: Continuous learning: You will develop the mindset and skills to navigate whatever comes next. Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way. Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs. We ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodations. EY is committed to being an inclusive employer, and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

We are seeking a detail-oriented and proactive IT Manager and Internal Auditor to oversee the organization’s IT infrastructure, ensure the integrity and security of its IT systems, and perform audits to ensure compliance with internal policies and external regulations. The ideal candidate will be responsible for managing IT operations and leading internal audits to assess risk, control effectiveness, and ensure efficient systems are in place to safeguard the company's information assets. Key Responsibilities IT Management Responsibilities: IT Infrastructure Management: Oversee the organization’s IT infrastructure, including servers, networks, and systems. Ensure the availability, reliability, and scalability of IT services to support business operations. Manage IT budgets and procurement of hardware/software to ensure cost-effective solutions. Ensure systems are protected against unauthorized access, data breaches, and cyber threats. Systems Administration & Maintenance: Supervise the daily operations and maintenance of internal IT systems, including hardware, software, and network resources. Manage IT support teams and ensure timely resolution of user issues. Oversee disaster recovery and business continuity planning. Cybersecurity: Develop and implement cybersecurity policies to safeguard company assets. Regularly assess and test security measures, and recommend improvements. Perform vulnerability assessments and manage security incident response. Technology Strategy: Collaborate with senior management to define the company's technology strategy and alignment with business goals. Lead the implementation of new IT initiatives and projects. Ensure proper integration of new technologies to improve business processes. Internal Audit Responsibilities: Audit Planning & Execution: Develop, implement, and execute the annual internal audit plan for IT systems, processes, and controls. Conduct audits on IT operations, financial systems, data management, and regulatory compliance. Evaluate the effectiveness of internal controls, risk management, and governance processes. Risk Management: Identify and assess key risks related to IT infrastructure, data security, and system access. Recommend risk mitigation measures to improve operational efficiency and reduce exposure to risks. Compliance and Regulatory Audits: Ensure IT systems comply with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, SOX). Perform internal audits to assess compliance with internal policies and external regulatory requirements. Collaborate with external auditors for periodic audits and assessments. Reporting and Documentation: Prepare detailed audit reports and communicate audit findings to senior management. Track and follow up on audit recommendations and corrective actions. Maintain clear, accurate, and well-organized audit records and documentation. Continuous Improvement: Identify areas for improvement in IT controls, processes, and systems based on audit findings. Recommend process improvements to ensure that the organization is continually enhancing its internal controls and cybersecurity measures. Qualifications Education: Bachelor’s degree in Computer Science, Information Systems, Accounting, Finance, or related field. Professional certifications such as CISA (Certified Information Systems Auditor) , CISM (Certified Information Security Manager) , CISSP (Certified Information Systems Security Professional) , or CIA (Certified Internal Auditor) are highly desirable. Experience: 5+ years of experience in IT management, including infrastructure management, cybersecurity, and system administration. 3+ years of experience in internal auditing, particularly in auditing IT systems and processes. Experience with auditing frameworks (e.g., COBIT, ITIL, NIST) and IT governance best practices. Skills: Strong knowledge of IT infrastructure, cloud solutions, databases, and network security. Proficiency in conducting risk assessments, compliance audits, and security audits. Excellent communication skills to present findings to senior management. Ability to handle multiple projects and priorities with attention to detail. Clearly layout and enforce materials and processes as per new age relevant IT control and risk practices within the company and team Additional Skills (Preferred): Knowledge of ERP systems and IT operations in a corporate environment. Familiarity with privacy regulations (e.g., GDPR, CCPA) and cybersecurity standards (e.g., ISO 27001, NIST). Strong analytical skills, problem-solving abilities, and a proactive approach to technology challenges. Personal Attributes: Strong organizational skills and attention to detail. Ability to think critically and strategically. Excellent problem-solving and decision-making skills. Strong interpersonal skills, with the ability to interact with both technical and non-technical stakeholders.

A career within Internal Audit services, will provide you with an opportunity to gain an understanding of an organisation’s objectives, regulatory and risk management environment, and the diverse needs of their critical stakeholders. We focus on helping organisations look deeper and see further considering areas like culture and behaviours to help improve and embed controls. In short, we seek to address the right risks and ultimately add value to their organisation. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. Responsibilities As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: Invite and give in the moment feedback in a constructive manner. Share and collaborate effectively with others. Identify and make suggestions for improvements when problems and/or opportunities arise. Handle, manipulate and analyse data and information responsibly. Follow risk management and compliance procedures. Keep up-to-date with developments in area of specialism. Communicate confidently in a clear, concise and articulate manner - verbally and in the materials I produce. Build and maintain an internal and external network. Seek opportunities to learn about how PwC works as a global network of firms. Uphold the firm's code of ethics and business conduct. Essential Duties And Responsibilities Manage the work streams related to IT SOX compliance covering ITGC and IT Dependencies (ITAC, Interfaces, IPE’s). Thorough understanding around ITGC domains such as Logical Access, Change Management, SDLC and Computer Operations. Exposure of testing IT Application Controls (Configurable, Non-configurable), Interfaces, IPE’s, Data Migration and Platform Reviews. Provide technical support in the assessment, design, and implementation of ITGC requirements. Review control evidence for adherence to accuracy, completeness, and precision of control execution for all ITGC. Develop, implement, and test controls for new acquisitions and in-scope entities Work with control owners and operators to ensure quality, consistency, and operability of new and existing controls. Collaborate and build long-term relationships with key stakeholders in a fast-paced and matrixed work environment. Review test findings, facilitate the remediation of ITGC control gaps, and escalate possible critical issues to senior management within IT. Mentors and develops peer and Associates, monitors their work, and takes corrective action when necessary Builds and maintains strong peer relationships within the team and across the organization Coordinates work with External Auditors. Interpersonal Skills Ability to work independently under general supervision with latitude for initiative and independent judgment Effective verbal and written communications, including active listening skills Ability to establish and maintain effective working relationships with co-workers and external contactors/auditors Detail-oriented Comfortable working on multiple projects simultaneously Individuals would be expected to cultivate a strong team environment and promote a positive working relationship amongst their team. Excellent Communication, written and verbal would be expected. In addition to being an exceptional individual contributor, manage engagements and relevant Teams allocated for the same. Managing predominantly offshore engagements and relevant PwC Territory teams. Ensure client service delivery in accordance with the quality guidelines & methodologies. Build and maintain client relationships by understanding and being responsive to client needs and ensuring high quality of deliverables. Demonstrate strong analytical thinking and communication skills including the ability to research and understand complex processes and effectively communicate them to interested parties Client Management Develop strong working relationships with the client and onshore client teams. Maintain excellent rapport and proactive communication with the stakeholders and client. Operational Excellence Suggest ideas on improving engagement productivity and identify opportunities for improving client service. Ensure compliance with engagement plans and internal quality & risk management procedures. People Related Display teamwork, integrity, and leadership. Work with team members to set goals and responsibilities for specific engagements. Foster teamwork and innovation. Utilize technology & tools to continually learn and innovate, share knowledge with team members and enhance service delivery. Conduct workshops and technical training sessions for team members. Contribute to the learning & development agenda and knowledge harnessing initiatives Minimum Qualifications Bachelor’s degree in Information Systems, Computer Science Engineering, or Finance Preferred B.E., B. TECH, M. TECH, MCA, BCA, CA, MBA Experience in technology audit, risk management, compliance, consulting, or information security Excellent knowledge of IT General Controls, automated and security controls. Knowledge of security measures and auditing practices within various operating systems, databases, and applications Experience in auditing financial applications, cyber security practices, privacy, and various infrastructure platforms such as Unix, Linus, Windows, SQL Server, Oracle Databases Knowledge and concepts of auditing of cloud platforms (AWS, Azure and Google Cloud) Experience designing continuous auditing and monitoring tools and techniques is a plus. Good understanding of CoBIT 5 Domains of Access Management, SLDC & Change and Computer Operations and Control Design and Testing of SOX IT General Controls (ITGC) and/or IT Application Controls (ITAC) Experience in identifying control gaps and communicating audit findings and control redesign recommendations to Management/Clients Knowledge of regulations impacting privacy, integrity, and availability of clients PII. Functional knowledge of major ERP suites (like SAP, Dynamics, Oracle EBS) Understanding of audit concepts and regulations Required overall experience in testing/reviewing and implementation of ITGC controls, CoBit 5 and developing COSO framework Candidates with 3-5 years of relevant experience in similar role, preferably with a “Big 4” or equivalent Chartered Accountant (would be added advantage) Certification(s) Preferred CISA / CISM / CRISC / CISSP / ISO 27001 LA certifications

The ITAM Change Management Lead is responsible for overseeing the change management processes within the IT Asset Management domain. You will be tasked with managing changes to IT assets, ensuring alignment with organizational goals, and minimizing risk to business operations. Your role will require a deep understanding of ITAM, change management methodologies, and leadership in driving process improvements. With 12 years of experience, you are expected to bring advanced expertise and a strategic vision to the role. Lead and manage the ITAM change management process, ensuring all changes to IT assets are documented, evaluated, and approved in alignment with company policies. Collaborate with IT, operations, and other departments to ensure smooth implementation of changes, minimizing disruption to business processes. Establish and enforce governance around change management to ensure compliance with internal policies and external regulations. Develop, implement, and continuously improve change management processes within the ITAM framework. Identify and address gaps in the current change management processes to enhance efficiency and effectiveness. Lead initiatives to automate and streamline change management workflows using ITAM tools and platforms. Assess the impact of proposed changes on the IT environment, identifying and mitigating risks associated with asset changes. Develop and maintain a risk assessment framework for evaluating the potential impact of changes to IT assets. Ensure proper risk controls are in place and that all changes are communicated effectively to stakeholders. Act as the primary liaison between ITAM and other departments, ensuring alignment and understanding of change management processes. Facilitate communication between technical teams, business stakeholders, and leadership to ensure successful change implementation. Provide training and guidance to stakeholders on change management best practices and procedures. Develop and deliver regular reports on change management activities, including metrics on change success rates, impact analysis, and areas for improvement. Use data analytics to identify trends, forecast potential issues, and provide actionable insights to leadership. Monitor key performance indicators (KPIs) related to change management and implement corrective actions as needed. Provide leadership and mentoring to a team of change management professionals, fostering a culture of continuous improvement and learning. Lead by example, demonstrating best practices in change management and ITAM processes. Drive the adoption of change management tools and methodologies across the organization. Qualifications: - Bachelor's degree in information technology, Computer Science, Business Administration, or a related field. - 12+ years of experience in IT Asset Management, with a strong focus on change management. - In-depth knowledge of ITAM processes, including software and hardware asset management. - Proven experience in leading change management initiatives in complex IT environments. - Strong understanding of ITIL, COBIT, and other relevant frameworks. - Experience with ITAM tools and platforms (e.g., ServiceNow, Flexera, etc.). - Exceptional communication, leadership, and stakeholder management skills. - Relevant certifications (e.g., ITIL, PMP, Change Management Practitioner) are highly desirable.,

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Role Title : Associate Director-Regional Client Security Assurance Lead Sub Function: Client Security Assurance Objectives of the role The Regional Client Security Assurance Lead, Associate Director, plays a pivotal role in leading a team responding to security risk assessments and due diligence exercises from clients in the IN/MENA region. This position requires extensive collaboration with various global and local functional teams, such as Data Protection, Risk Management, Compliance, Counsel, Procurement, Information Security, Technology, and EY service lines. This role is responsible for leading and supporting client and regulatory inquiries about EY’s Global Information Security program. It assists EY client engagement teams by addressing client requests regarding how EY secures our client information using comprehensive technical controls and governance processes in line with EY Global Information Security requirements. This position involves managing multiple requests and responsibilities while supporting complex security assessments throughout various stages of the engagement life cycle. Additionally, it requires staying current with updates in EY's Information Security posture and technology offerings, thereby contributing to business growth and the development of new business opportunities. Key Responsibilities The Regional Client Security Assurance Lead serves as a dependable client security relationship manager for key EY clients throughout the client engagement lifecycle, aiming to sustain and expand business operations. Furthermore, this position involves leading a team, projects, performing data analytics, and management of operational processes within IN/MENA Client Security Assurance. Team Lead: Lead team members to foster career growth and help them become knowledgeable about the EY Information Security Program and facilitate client security assessments. Implement operating model for the IN/MENA Client Security Assurance team in alignment with our business objectives. Drive the Evolution of Client Security Assurance: Actively participate in the development, implementation, and ongoing enhancement of the Client Security Assurance function in alignment with industry best practices. Facilitate Security Assessments: Act as a key resource for client and engagement teams by providing expert guidance on inbound security assessments related to EY’s Global Information Security Program, fostering trust and confidence in the EY Global Information Security Program, and the controls in place to protect data along with safeguarding the confidentiality of our security controls. This also helps build EY’s reputation and brand in the market. Clearly communicate with clients and their appointed auditors, pertinent and appropriate details of the EY Global Information Security Program. Provide critical support to EY’s approach to winning new business and sustaining existing business relationships. Provide consulting services to account teams related to client security assessments and their Supplier Risk Management framework. Meet with Clients: Participate in client meetings as an Information Security representative, supporting EY account teams by addressing client inquiries related to the EY Global Information Security Program. Support Request for Proposal (RFP) process: Partner with client engagement teams to support the RFP process by addressing information security questions to help secure more business for EY. Engage with Regulators: Support inquiries and assessments from select local regulators, highlighting EY's commitment to transparency and compliance in governance processes, technologies, and information security controls. Support Contractual Compliance: Review and provide strategic commentary on information security requirements in client contracts, aligning with EY’s Information Security Program. Assist EY Legal Counsel and Client Account Teams in negotiating terms that protect both EY and client interests. Qualifications Minimum 15-19 years of recent progressive IT security compliance, risk management or related IT security experience with a large IT organization; preferably within a professional service firm, software product, cloud-based solutions, or other companies serving clients that are highly regulated entities. Bachelor’s degree from an accredited college or university is preferred. A good understanding of cloud infrastructure, networking, modern software development and technical security controls is required. Strong executive presence, negotiation, presentation, and communication skills are required. Excellent analytical and problem-solving skills to assess and solve complex security issues. Ability to work and navigate through EY’s Global firm understanding diverse perspectives and global client requirements. Ability to maintain calm during client assessments and respond to questions consistently and confirming internally the accuracy of responses before presenting them. Proven experience in client-facing roles, particularly in handling security assessments, ideally from client inquiries, but can also be the result of experience performing security assessment of suppliers. Demonstrated ability to adopt and strive for continuous process improvement, particularly in resulting from the innovation and integration of new technologies. Excellent collaboration skills, with the ability to engage effectively with cross-functional teams and stakeholders. Knowledge of various information security frameworks such as ISO27001/2, AICPA System and Organization Controls (SOC) Reports (SOC1, SOC2, and SOC3), NIST, COBIT and relevant regulatory requirements such as GDPR. Certifications such as CISSP, CISM, CISA, ISO 27001 Auditor, CRISC, CIPP are preferred. Keep up to date with industry trends, emerging technologies and best practices. Good understanding in the following concepts and domains: Governance Risk and Compliance: A system that ensures that organizations enforce governance, implement risk management strategies, and ensure regulatory compliance. Multitier Network Architecture: A design separating resources between the Internet and the internal infrastructure, incorporating multiple network layers. For on-premise solutions, this includes a DMZ (Demilitarized Zone) architecture. In cloud environments, it involves a combination of Network Security Groups (NSG), Virtual Networks (VNETs), IP-based restrictions on connections between resources, and Web Application Firewalls (WAF). Cloud security architecture: Cloud security architecture's purpose is to provide a structured framework for securing data, applications, and infrastructure in cloud environments. It includes the definition of security principles and a governance framework for all cloud services and applications from development through production. Distinction of Cloud Service Models such as IaaS, PaaS and SaaS and shared responsibility matrix: Infrastructure as a Service (IaaS): IaaS provides on-demand access to virtualized computing infrastructure, including servers, storage, and networking, allowing subscribers to build and manage their own applications, operating systems, and data while the cloud provider manages the underlying infrastructure. Platform as a Service (PaaS): PaaS offers a platform for developers to build, deploy, and manage applications without the need to manage the underlying operating systems and infrastructure. Software as a Service (SaaS): SaaS delivers software applications to users over the internet, allowing them to access and use the software without installing or managing it on their own devices. We will be dependent on the SaaS providers for the security controls to protect EY and client information. Application security: Measures taken to protect software applications from threats and vulnerabilities that can compromise the confidentiality, integrity, or availability of the data. Identity and access management: Includes use of authentication mechanisms, authorization measures, and privileged account management. Encryption standards: Standards for cryptography, used to protect data-at-rest and data-in-transit as well as provide a means of validating the authenticity, non-repudiation, and integrity of data. Endpoint security capabilities: Standards to protect endpoints such as laptops, desktops, smartphones, and tablets against cyberattacks. Incident response Plan: The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of malicious cyber-attacks against an organization’s information systems(s). Business impact analysis: Predicts the consequences of a disruption to your business, and gathers information needed to develop recovery strategies. Disaster recovery: Understand the disaster recovery plan for the applications used to support our clients. Stakeholder management This role is a combination of technical and business acumen capable of communicating and advocating EY’s brand as it relates to the Information Security Program, across a wide range of stakeholders. This requires communication skills adaptable to the appropriate audiences that address different perspectives, goals, and levels of technical knowledge. It also requires the ability to gain trust and act as a trusted consultant and liaison between clients, account teams and EY internal security functions. Stakeholders include: Product/Application owners – responsible for the full lifecycle of a technology solution that fulfills a business need or objective. Client Security Assurance provide useful feedback from clients to further enhance their products/applications. Architects and Engineers – EY technology leaders who design and build solutions based on business requirements. Information Security Leadership Team – responsible for all matters for security related to the security program. Extended Security Team – responsible for specific domains such as Security Consulting, Application Security Compliance, Supplier Risk Assessment, Cyber Defense, Business Impact Analysis, Information Security Policies related to the security program. EY Partners and Account teams: Ultimately responsible for the relationship with EY clients and the selection and usage of the technology leveraged for their services and deliverables. EY Clients and Client Security Auditors – The ultimate customer for EY’s technology or service delivery who expect EY’s technology solutions to adequately protect their data and maintain appropriate service levels. The Client Security Assurance Senior Consultant will participate in number of client meetings with the engagement team to answer questions and provide clarification on how EY secure client information. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Role Title : Associate Director-Regional Client Security Assurance Lead Sub Function: Client Security Assurance Objectives of the role The Regional Client Security Assurance Lead, Associate Director, plays a pivotal role in leading a team responding to security risk assessments and due diligence exercises from clients in the IN/MENA region. This position requires extensive collaboration with various global and local functional teams, such as Data Protection, Risk Management, Compliance, Counsel, Procurement, Information Security, Technology, and EY service lines. This role is responsible for leading and supporting client and regulatory inquiries about EY’s Global Information Security program. It assists EY client engagement teams by addressing client requests regarding how EY secures our client information using comprehensive technical controls and governance processes in line with EY Global Information Security requirements. This position involves managing multiple requests and responsibilities while supporting complex security assessments throughout various stages of the engagement life cycle. Additionally, it requires staying current with updates in EY's Information Security posture and technology offerings, thereby contributing to business growth and the development of new business opportunities. Key Responsibilities The Regional Client Security Assurance Lead serves as a dependable client security relationship manager for key EY clients throughout the client engagement lifecycle, aiming to sustain and expand business operations. Furthermore, this position involves leading a team, projects, performing data analytics, and management of operational processes within IN/MENA Client Security Assurance. Team Lead: Lead team members to foster career growth and help them become knowledgeable about the EY Information Security Program and facilitate client security assessments. Implement operating model for the IN/MENA Client Security Assurance team in alignment with our business objectives. Drive the Evolution of Client Security Assurance: Actively participate in the development, implementation, and ongoing enhancement of the Client Security Assurance function in alignment with industry best practices. Facilitate Security Assessments: Act as a key resource for client and engagement teams by providing expert guidance on inbound security assessments related to EY’s Global Information Security Program, fostering trust and confidence in the EY Global Information Security Program, and the controls in place to protect data along with safeguarding the confidentiality of our security controls. This also helps build EY’s reputation and brand in the market. Clearly communicate with clients and their appointed auditors, pertinent and appropriate details of the EY Global Information Security Program. Provide critical support to EY’s approach to winning new business and sustaining existing business relationships. Provide consulting services to account teams related to client security assessments and their Supplier Risk Management framework. Meet with Clients: Participate in client meetings as an Information Security representative, supporting EY account teams by addressing client inquiries related to the EY Global Information Security Program. Support Request for Proposal (RFP) process: Partner with client engagement teams to support the RFP process by addressing information security questions to help secure more business for EY. Engage with Regulators: Support inquiries and assessments from select local regulators, highlighting EY's commitment to transparency and compliance in governance processes, technologies, and information security controls. Support Contractual Compliance: Review and provide strategic commentary on information security requirements in client contracts, aligning with EY’s Information Security Program. Assist EY Legal Counsel and Client Account Teams in negotiating terms that protect both EY and client interests. Qualifications Minimum 15-19 years of recent progressive IT security compliance, risk management or related IT security experience with a large IT organization; preferably within a professional service firm, software product, cloud-based solutions, or other companies serving clients that are highly regulated entities. Bachelor’s degree from an accredited college or university is preferred. A good understanding of cloud infrastructure, networking, modern software development and technical security controls is required. Strong executive presence, negotiation, presentation, and communication skills are required. Excellent analytical and problem-solving skills to assess and solve complex security issues. Ability to work and navigate through EY’s Global firm understanding diverse perspectives and global client requirements. Ability to maintain calm during client assessments and respond to questions consistently and confirming internally the accuracy of responses before presenting them. Proven experience in client-facing roles, particularly in handling security assessments, ideally from client inquiries, but can also be the result of experience performing security assessment of suppliers. Demonstrated ability to adopt and strive for continuous process improvement, particularly in resulting from the innovation and integration of new technologies. Excellent collaboration skills, with the ability to engage effectively with cross-functional teams and stakeholders. Knowledge of various information security frameworks such as ISO27001/2, AICPA System and Organization Controls (SOC) Reports (SOC1, SOC2, and SOC3), NIST, COBIT and relevant regulatory requirements such as GDPR. Certifications such as CISSP, CISM, CISA, ISO 27001 Auditor, CRISC, CIPP are preferred. Keep up to date with industry trends, emerging technologies and best practices. Good understanding in the following concepts and domains: Governance Risk and Compliance: A system that ensures that organizations enforce governance, implement risk management strategies, and ensure regulatory compliance. Multitier Network Architecture: A design separating resources between the Internet and the internal infrastructure, incorporating multiple network layers. For on-premise solutions, this includes a DMZ (Demilitarized Zone) architecture. In cloud environments, it involves a combination of Network Security Groups (NSG), Virtual Networks (VNETs), IP-based restrictions on connections between resources, and Web Application Firewalls (WAF). Cloud security architecture: Cloud security architecture's purpose is to provide a structured framework for securing data, applications, and infrastructure in cloud environments. It includes the definition of security principles and a governance framework for all cloud services and applications from development through production. Distinction of Cloud Service Models such as IaaS, PaaS and SaaS and shared responsibility matrix: Infrastructure as a Service (IaaS): IaaS provides on-demand access to virtualized computing infrastructure, including servers, storage, and networking, allowing subscribers to build and manage their own applications, operating systems, and data while the cloud provider manages the underlying infrastructure. Platform as a Service (PaaS): PaaS offers a platform for developers to build, deploy, and manage applications without the need to manage the underlying operating systems and infrastructure. Software as a Service (SaaS): SaaS delivers software applications to users over the internet, allowing them to access and use the software without installing or managing it on their own devices. We will be dependent on the SaaS providers for the security controls to protect EY and client information. Application security: Measures taken to protect software applications from threats and vulnerabilities that can compromise the confidentiality, integrity, or availability of the data. Identity and access management: Includes use of authentication mechanisms, authorization measures, and privileged account management. Encryption standards: Standards for cryptography, used to protect data-at-rest and data-in-transit as well as provide a means of validating the authenticity, non-repudiation, and integrity of data. Endpoint security capabilities: Standards to protect endpoints such as laptops, desktops, smartphones, and tablets against cyberattacks. Incident response Plan: The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of malicious cyber-attacks against an organization’s information systems(s). Business impact analysis: Predicts the consequences of a disruption to your business, and gathers information needed to develop recovery strategies. Disaster recovery: Understand the disaster recovery plan for the applications used to support our clients. Stakeholder management This role is a combination of technical and business acumen capable of communicating and advocating EY’s brand as it relates to the Information Security Program, across a wide range of stakeholders. This requires communication skills adaptable to the appropriate audiences that address different perspectives, goals, and levels of technical knowledge. It also requires the ability to gain trust and act as a trusted consultant and liaison between clients, account teams and EY internal security functions. Stakeholders include: Product/Application owners – responsible for the full lifecycle of a technology solution that fulfills a business need or objective. Client Security Assurance provide useful feedback from clients to further enhance their products/applications. Architects and Engineers – EY technology leaders who design and build solutions based on business requirements. Information Security Leadership Team – responsible for all matters for security related to the security program. Extended Security Team – responsible for specific domains such as Security Consulting, Application Security Compliance, Supplier Risk Assessment, Cyber Defense, Business Impact Analysis, Information Security Policies related to the security program. EY Partners and Account teams: Ultimately responsible for the relationship with EY clients and the selection and usage of the technology leveraged for their services and deliverables. EY Clients and Client Security Auditors – The ultimate customer for EY’s technology or service delivery who expect EY’s technology solutions to adequately protect their data and maintain appropriate service levels. The Client Security Assurance Senior Consultant will participate in number of client meetings with the engagement team to answer questions and provide clarification on how EY secure client information. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

As a Director Technology Testing Specialist at Morgan Stanley, you will play a key role in planning and executing full-scope and other tests related to Technology Risk within the Global 2LOD Non-Financial Risk Testing organization. Your responsibilities will include executing and documenting test activities, attending engagement kickoff meetings, interviewing stakeholders, proposing appropriate test activities, developing test scripts, and preparing test reports. You will be expected to bring to the role at least 8 years of audit/risk/compliance experience in the financial services industry or a regulatory organization, along with expertise in executing/conducting Technology reviews. Knowledge of global regulatory requirements such as GLBA, GDPR, Part 30 Information Security, NYDFS, and technology control standards like NIST, FFIEC, COBIT, CIS is essential. Strong analytical, organizational, and problem-solving skills, as well as investigative skills and the ability to prioritize and work effectively on multiple reviews, are also required. In addition to the technical skills, you must have excellent written and oral communication skills, a high degree of organization and attention to detail, and the ability to work independently as well as in a team. Proficiency with tools like Microsoft Word, Excel, PowerPoint, Adobe, SharePoint, and Bloomberg is expected. Chartered Accountant (CA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) designations are highly desirable. A BA/BS degree with a concentration in Computer Science, Information Technology, or Cyber Security is required, and other relevant industry certifications in the Technology field such as CISSP or cloud certifications are a plus. Your coverage will be Monday to Friday from 11:30 AM to 8:30 PM, with flexibility required based on business needs and during some Indian holidays. You can expect a supportive and inclusive environment at Morgan Stanley, where diversity and inclusion are valued, and employees are encouraged to maximize their full potential. As part of a global leader in financial services, you will have the opportunity to work with trusted colleagues, committed mentors, and a culture that values diverse perspectives and cross-collaboration.,

Location: Gurugram, Haryana Time type: Full time Job level: Senior Associate Job type: Regular Category: Transaction Advisory ID: JR112910 About us We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. About the Company: The RSM USI supports RSM U.S. risk consulting, transaction advisory, technical accounting, financial consulting, technology and management consulting, tax and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. RSM’s vision is to be the first-choice advisor to middle market leaders globally. You will work directly with clients, key decision makers and business owners across various industries and geographies to deliver a top-quality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual, mentored as a future leader, and recognized for your accomplishments. Job Description/What You Will Do: Analyze technology (IT and Cybersecurity) implications for active M&A transactions. Review client investment thesis, company profile and information concerning the business technology environment including but not limited to business applications, IT infrastructure, cybersecurity controls, and privacy related regulatory compliance requirements. Research niche technologies, applicable regulatory obligations and latest technology trends to guide analysis. Participate in discussions with company executives to understand business processes, approach to leveraging technology and strategy to build resiliency against cybersecurity threats. Analyze commercial off the shelf and/or custom developed applications used by a business for sufficiency (e.g., license counts), scalability (e.g., version, implementation model), and maintainability (e.g., support model). Analyze a company’s IT infrastructure to determine adequacy of hosting model, hardware inventory, network architecture and business continuity procedures. Analyse technology vendor contracts and compute IT spend through the review of contracts and other financial documents provided by the Company. Analyze the company’s cybersecurity maturity through review of cybersecurity governance program/procedures, exposure to regulatory compliance requirements and preventative technical controls. Develop workbooks and reports to capture diligence observations/analysis. Who We Are Looking For: Ability to conceptualize and summarize key findings in a clear and meaningful way with expertise in drafting critical sections of the technology DD report. Knowledge of and experience with key IT frameworks (e.g. CMMI, ITIL, ISO 27000, SSAE-18 SOC reporting, NIST Cybersecurity Framework). Knowledge of and experience with key cybersecurity frameworks (e.g. COBIT, ISO 27001, NIST). Highly proficient with Microsoft office Suite (e.g., PowerPoint, Excel, Word, Visio) Strong skills in critical thinking, problem solving, and process improvement. Excellent interpersonal and communication skills in order to interact effectively with internal team members and external clients of the firm. Demonstrates willingness to invest time in cross-time zone communication with U.S. based teams. Ability to be a self-starter and drive successful client delivery. Able to manage deadlines and take ownership of getting the job done in a timely manner Evaluated as an exceptional performer in current position. Development Opportunity/What’s in It for You: Opportunity to interface with US based private equity and executive level leadership. Develop expertise in technology related M&A disciplines. Grow a strategic mindset and develop executive level perspective on investment towards operational technology. Experience M&A across a variety of industries and option to develop specific industry expertise. Gain an understanding of the approach towards post-acquisition value creation, integration, separation and risk remediation. Minimum Qualifications: Academic Qualification: B.Tech. and MBA from leading technology/business schools. Relevant experience of 2-3 years at a Big 4 or equivalent Advisory Services practice. Knowledge of Microsoft powered AI products such as Microsoft CoPilot or any other GenAI tools is preferred. Preferred Qualifications: Preferred industry experience in one or more of the following: manufacturing, distribution, consumer products, business services, healthcare, financial services, business services, or technology. Knowledge of US based regulatory and compliance frameworks such as FFIEC, NERC CIP, PCI DSS, HIPAA, GLBA, and HITECH is a plus. ERP or supply chain applications implementation experience; functional expertise in IT and supporting front/back-office operations preferred At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. JD – Risk Consulting - Protect Tech – Senior (ITGC) Key Responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have Chartered accountant (CA) or Master’s degree in management, Information Systems/ Technology, Computer Science, Business Analytics, Cybersecurity, or a related discipline Passion for technology and an ardent desire to work in risk management. Minimum 5 years of a “Big 4” or professional firm or professional industry experience in risks & controls, with more than 5 years of experience in IT Risk Management, IT Regulatory Compliance, IT Audit and IT Transformation Risk areas such as: Identification of strategic, IT & business risks and Identify control gaps, weaknesses and areas of improvements. Design of IT Risk Controls frameworks and RACMs Design and Implementation of IT general controls, IT application controls, Business Process controls, etc. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. Understanding of IT regulatory compliances such as IT SOX, GDPR, ISO, PCI DSS etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech - Manager - IT Internal Controls The opportunity: your next adventure awaits. Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Protech Tech team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients. This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor Key Responsibilities The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you will: Understand client’s challenges and industry related issues and offer solutions in the areas of IT Risk. Participate in go to market, create proposals and respond to RFPs, client orals etc. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, walkthrough sessions, trainings etc. for existing and new clients. Jointly lead global account relationships along with onshore, manage engagement deliveries, quality and drive the growth agenda on accounts. Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Manage a team of Seniors and Staffs (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment. Play an active role in counselling and mentoring junior consultants within the firm. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 5-7 years of related work experience At least 3-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Consultant/ Senior Consultant/ Assistant Manager/ Manager - Cyber Security- GRC Specialist As part of our Cyber Technology Consulting team, you will handle leading and managing Cyber Governance, Risk, and Compliance (GRC) engagements for clients across the MENA region. You will collaborate closely with stakeholders to assess, develop, and enhance cybersecurity governance frameworks, risk management practices, and compliance programs in line with global standards and regulatory requirements. The client base spans diverse sectors and includes collaboration with other teams across Advisory services. The opportunity We’re looking for consultant/ senior consultant/ assistant manager/ manager with strong consulting background and hands-on expertise in implementing enterprise cyber risk and governance programs. This is an exceptional opportunity to work with senior leadership across industries and influence strategic cybersecurity decision-making at the highest levels. Your Key Responsibilities Lead and deliver end-to-end cyber GRC engagements, including policy and framework development, control assessments, regulatory compliance, and cyber risk assessments. Design and implement cybersecurity governance models, risk management processes, and third-party risk programs aligned with leading standards (e.g., ISO 27001, NIST CSF, COBIT, CSA). Assess client readiness for local and global regulations such as NCA ECC, SAMA, UAE IA, GDPR, and sector-specific guidelines. Manage enterprise cyber risk assessments, maturity assessments, and business impact analyses (BIAs). Advise on the implementation and enhancement of GRC tools and technologies (e.g., eGRC platforms). Support business development by identifying client needs, preparing proposals, and managing relationships. Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice. Develop detailed reports, articulate technical findings, and deliver actionable recommendations to both technical teams and executive stakeholders. Manage multiple engagements, ensuring timely delivery, quality assurance, and adherence to industry best practices. Stay updated with emerging cyber threats, vulnerabilities, and offensive security techniques, and incorporate these insights into client engagements Skills And Attributes For Success Strong understanding of cybersecurity and risk governance principles, regulatory landscapes, and compliance obligations. Experience designing and implementing enterprise-wide GRC programs and policies. In-depth knowledge of control frameworks (e.g., ISO 27001/2, NIST CSF, NIST 800-53, COBIT, PCI DSS, SWIFT CSCF). Familiarity with sector-specific standards (e.g., NCA ECC/SAMA CSF for KSA, UAE IA/NESA, or energy and financial sector mandates). Ability to conduct technology and cybersecurity risk assessments for applications, infrastructure and network assets Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates. Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice. Ability to interpret complex technical results and present insights to business stakeholders. Strong analytical, problem-solving, and critical-thinking skills. Excellent communication and collaboration skills To qualify for the role, you must have A bachelor's or master’s degree in information technology, cyber security etc. Excellent communication skills with a consulting mindset. 2-8 years of experience in GRC and cyber security assessments A valid passport for travel. Excellent communication skills with a consulting mindset. Ideally, you’ll also have Industry-recognized certifications such as CISSP, CISM, CRISC, ISO 27001 LA Experience working with GRC platforms (e.g., Archer, ServiceNow GRC etc.). Familiarity with data privacy regulations (e.g., GDPR, DPD, PDPL). Understanding of cyber risk quantification methods (e.g., FAIR, Monte Carlo simulations). What We Offer We offer a competitive compensation package where you’ll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer: Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next. Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way. Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Consultant/ Senior Consultant/ Assistant Manager/ Manager - Cyber Security- GRC Specialist As part of our Cyber Technology Consulting team, you will handle leading and managing Cyber Governance, Risk, and Compliance (GRC) engagements for clients across the MENA region. You will collaborate closely with stakeholders to assess, develop, and enhance cybersecurity governance frameworks, risk management practices, and compliance programs in line with global standards and regulatory requirements. The client base spans diverse sectors and includes collaboration with other teams across Advisory services. The opportunity We’re looking for consultant/ senior consultant/ assistant manager/ manager with strong consulting background and hands-on expertise in implementing enterprise cyber risk and governance programs. This is an exceptional opportunity to work with senior leadership across industries and influence strategic cybersecurity decision-making at the highest levels. Your Key Responsibilities Lead and deliver end-to-end cyber GRC engagements, including policy and framework development, control assessments, regulatory compliance, and cyber risk assessments. Design and implement cybersecurity governance models, risk management processes, and third-party risk programs aligned with leading standards (e.g., ISO 27001, NIST CSF, COBIT, CSA). Assess client readiness for local and global regulations such as NCA ECC, SAMA, UAE IA, GDPR, and sector-specific guidelines. Manage enterprise cyber risk assessments, maturity assessments, and business impact analyses (BIAs). Advise on the implementation and enhancement of GRC tools and technologies (e.g., eGRC platforms). Support business development by identifying client needs, preparing proposals, and managing relationships. Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice. Develop detailed reports, articulate technical findings, and deliver actionable recommendations to both technical teams and executive stakeholders. Manage multiple engagements, ensuring timely delivery, quality assurance, and adherence to industry best practices. Stay updated with emerging cyber threats, vulnerabilities, and offensive security techniques, and incorporate these insights into client engagements Skills And Attributes For Success Strong understanding of cybersecurity and risk governance principles, regulatory landscapes, and compliance obligations. Experience designing and implementing enterprise-wide GRC programs and policies. In-depth knowledge of control frameworks (e.g., ISO 27001/2, NIST CSF, NIST 800-53, COBIT, PCI DSS, SWIFT CSCF). Familiarity with sector-specific standards (e.g., NCA ECC/SAMA CSF for KSA, UAE IA/NESA, or energy and financial sector mandates). Ability to conduct technology and cybersecurity risk assessments for applications, infrastructure and network assets Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates. Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice. Ability to interpret complex technical results and present insights to business stakeholders. Strong analytical, problem-solving, and critical-thinking skills. Excellent communication and collaboration skills To qualify for the role, you must have A bachelor's or master’s degree in information technology, cyber security etc. Excellent communication skills with a consulting mindset. 2-8 years of experience in GRC and cyber security assessments A valid passport for travel. Excellent communication skills with a consulting mindset. Ideally, you’ll also have Industry-recognized certifications such as CISSP, CISM, CRISC, ISO 27001 LA Experience working with GRC platforms (e.g., Archer, ServiceNow GRC etc.). Familiarity with data privacy regulations (e.g., GDPR, DPD, PDPL). Understanding of cyber risk quantification methods (e.g., FAIR, Monte Carlo simulations). What We Offer We offer a competitive compensation package where you’ll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer: Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next. Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way. Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Consultant/ Senior Consultant/ Assistant Manager/ Manager - Cyber Security- GRC Specialist As part of our Cyber Technology Consulting team, you will handle leading and managing Cyber Governance, Risk, and Compliance (GRC) engagements for clients across the MENA region. You will collaborate closely with stakeholders to assess, develop, and enhance cybersecurity governance frameworks, risk management practices, and compliance programs in line with global standards and regulatory requirements. The client base spans diverse sectors and includes collaboration with other teams across Advisory services. The opportunity We’re looking for consultant/ senior consultant/ assistant manager/ manager with strong consulting background and hands-on expertise in implementing enterprise cyber risk and governance programs. This is an exceptional opportunity to work with senior leadership across industries and influence strategic cybersecurity decision-making at the highest levels. Your Key Responsibilities Lead and deliver end-to-end cyber GRC engagements, including policy and framework development, control assessments, regulatory compliance, and cyber risk assessments. Design and implement cybersecurity governance models, risk management processes, and third-party risk programs aligned with leading standards (e.g., ISO 27001, NIST CSF, COBIT, CSA). Assess client readiness for local and global regulations such as NCA ECC, SAMA, UAE IA, GDPR, and sector-specific guidelines. Manage enterprise cyber risk assessments, maturity assessments, and business impact analyses (BIAs). Advise on the implementation and enhancement of GRC tools and technologies (e.g., eGRC platforms). Support business development by identifying client needs, preparing proposals, and managing relationships. Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice. Develop detailed reports, articulate technical findings, and deliver actionable recommendations to both technical teams and executive stakeholders. Manage multiple engagements, ensuring timely delivery, quality assurance, and adherence to industry best practices. Stay updated with emerging cyber threats, vulnerabilities, and offensive security techniques, and incorporate these insights into client engagements Skills And Attributes For Success Strong understanding of cybersecurity and risk governance principles, regulatory landscapes, and compliance obligations. Experience designing and implementing enterprise-wide GRC programs and policies. In-depth knowledge of control frameworks (e.g., ISO 27001/2, NIST CSF, NIST 800-53, COBIT, PCI DSS, SWIFT CSCF). Familiarity with sector-specific standards (e.g., NCA ECC/SAMA CSF for KSA, UAE IA/NESA, or energy and financial sector mandates). Ability to conduct technology and cybersecurity risk assessments for applications, infrastructure and network assets Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates. Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice. Ability to interpret complex technical results and present insights to business stakeholders. Strong analytical, problem-solving, and critical-thinking skills. Excellent communication and collaboration skills To qualify for the role, you must have A bachelor's or master’s degree in information technology, cyber security etc. Excellent communication skills with a consulting mindset. 2-8 years of experience in GRC and cyber security assessments A valid passport for travel. Excellent communication skills with a consulting mindset. Ideally, you’ll also have Industry-recognized certifications such as CISSP, CISM, CRISC, ISO 27001 LA Experience working with GRC platforms (e.g., Archer, ServiceNow GRC etc.). Familiarity with data privacy regulations (e.g., GDPR, DPD, PDPL). Understanding of cyber risk quantification methods (e.g., FAIR, Monte Carlo simulations). What We Offer We offer a competitive compensation package where you’ll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer: Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next. Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way. Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.