1032 Cobit Jobs - Page 13

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Consultant/ Senior Consultant/ Assistant Manager/ Manager - Cyber Security- GRC Specialist As part of our Cyber Technology Consulting team, you will handle leading and managing Cyber Governance, Risk, and Compliance (GRC) engagements for clients across the MENA region. You will collaborate closely with stakeholders to assess, develop, and enhance cybersecurity governance frameworks, risk management practices, and compliance programs in line with global standards and regulatory requirements. The client base spans diverse sectors and includes collaboration with other teams across Advisory services. The opportunity We’re looking for consultant/ senior consultant/ assistant manager/ manager with strong consulting background and hands-on expertise in implementing enterprise cyber risk and governance programs. This is an exceptional opportunity to work with senior leadership across industries and influence strategic cybersecurity decision-making at the highest levels. Your Key Responsibilities Lead and deliver end-to-end cyber GRC engagements, including policy and framework development, control assessments, regulatory compliance, and cyber risk assessments. Design and implement cybersecurity governance models, risk management processes, and third-party risk programs aligned with leading standards (e.g., ISO 27001, NIST CSF, COBIT, CSA). Assess client readiness for local and global regulations such as NCA ECC, SAMA, UAE IA, GDPR, and sector-specific guidelines. Manage enterprise cyber risk assessments, maturity assessments, and business impact analyses (BIAs). Advise on the implementation and enhancement of GRC tools and technologies (e.g., eGRC platforms). Support business development by identifying client needs, preparing proposals, and managing relationships. Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice. Develop detailed reports, articulate technical findings, and deliver actionable recommendations to both technical teams and executive stakeholders. Manage multiple engagements, ensuring timely delivery, quality assurance, and adherence to industry best practices. Stay updated with emerging cyber threats, vulnerabilities, and offensive security techniques, and incorporate these insights into client engagements Skills And Attributes For Success Strong understanding of cybersecurity and risk governance principles, regulatory landscapes, and compliance obligations. Experience designing and implementing enterprise-wide GRC programs and policies. In-depth knowledge of control frameworks (e.g., ISO 27001/2, NIST CSF, NIST 800-53, COBIT, PCI DSS, SWIFT CSCF). Familiarity with sector-specific standards (e.g., NCA ECC/SAMA CSF for KSA, UAE IA/NESA, or energy and financial sector mandates). Ability to conduct technology and cybersecurity risk assessments for applications, infrastructure and network assets Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates. Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice. Ability to interpret complex technical results and present insights to business stakeholders. Strong analytical, problem-solving, and critical-thinking skills. Excellent communication and collaboration skills To qualify for the role, you must have A bachelor's or master’s degree in information technology, cyber security etc. Excellent communication skills with a consulting mindset. 2-8 years of experience in GRC and cyber security assessments A valid passport for travel. Excellent communication skills with a consulting mindset. Ideally, you’ll also have Industry-recognized certifications such as CISSP, CISM, CRISC, ISO 27001 LA Experience working with GRC platforms (e.g., Archer, ServiceNow GRC etc.). Familiarity with data privacy regulations (e.g., GDPR, DPD, PDPL). Understanding of cyber risk quantification methods (e.g., FAIR, Monte Carlo simulations). What We Offer We offer a competitive compensation package where you’ll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer: Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next. Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way. Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech - Manager - IT Internal Controls The opportunity: your next adventure awaits. Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Protech Tech team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients. This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor Key Responsibilities The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you will: Understand client’s challenges and industry related issues and offer solutions in the areas of IT Risk. Participate in go to market, create proposals and respond to RFPs, client orals etc. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, walkthrough sessions, trainings etc. for existing and new clients. Jointly lead global account relationships along with onshore, manage engagement deliveries, quality and drive the growth agenda on accounts. Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Manage a team of Seniors and Staffs (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment. Play an active role in counselling and mentoring junior consultants within the firm. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 5-7 years of related work experience At least 3-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech - Manager - IT Internal Controls The opportunity: your next adventure awaits. Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Protech Tech team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients. This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor Key Responsibilities The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you will: Understand client’s challenges and industry related issues and offer solutions in the areas of IT Risk. Participate in go to market, create proposals and respond to RFPs, client orals etc. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, walkthrough sessions, trainings etc. for existing and new clients. Jointly lead global account relationships along with onshore, manage engagement deliveries, quality and drive the growth agenda on accounts. Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Manage a team of Seniors and Staffs (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment. Play an active role in counselling and mentoring junior consultants within the firm. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 5-7 years of related work experience At least 3-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech - Manager - IT Internal Controls The opportunity: your next adventure awaits. Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Protech Tech team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients. This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor Key Responsibilities The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you will: Understand client’s challenges and industry related issues and offer solutions in the areas of IT Risk. Participate in go to market, create proposals and respond to RFPs, client orals etc. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, walkthrough sessions, trainings etc. for existing and new clients. Jointly lead global account relationships along with onshore, manage engagement deliveries, quality and drive the growth agenda on accounts. Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Manage a team of Seniors and Staffs (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment. Play an active role in counselling and mentoring junior consultants within the firm. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 5-7 years of related work experience At least 3-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech - Manager - IT Internal Controls The opportunity: your next adventure awaits. Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Protech Tech team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients. This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor Key Responsibilities The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you will: Understand client’s challenges and industry related issues and offer solutions in the areas of IT Risk. Participate in go to market, create proposals and respond to RFPs, client orals etc. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, walkthrough sessions, trainings etc. for existing and new clients. Jointly lead global account relationships along with onshore, manage engagement deliveries, quality and drive the growth agenda on accounts. Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Manage a team of Seniors and Staffs (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment. Play an active role in counselling and mentoring junior consultants within the firm. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 5-7 years of related work experience At least 3-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Consultant/ Senior Consultant/ Assistant Manager/ Manager - Cyber Security- GRC Specialist As part of our Cyber Technology Consulting team, you will handle leading and managing Cyber Governance, Risk, and Compliance (GRC) engagements for clients across the MENA region. You will collaborate closely with stakeholders to assess, develop, and enhance cybersecurity governance frameworks, risk management practices, and compliance programs in line with global standards and regulatory requirements. The client base spans diverse sectors and includes collaboration with other teams across Advisory services. The opportunity We’re looking for consultant/ senior consultant/ assistant manager/ manager with strong consulting background and hands-on expertise in implementing enterprise cyber risk and governance programs. This is an exceptional opportunity to work with senior leadership across industries and influence strategic cybersecurity decision-making at the highest levels. Your Key Responsibilities Lead and deliver end-to-end cyber GRC engagements, including policy and framework development, control assessments, regulatory compliance, and cyber risk assessments. Design and implement cybersecurity governance models, risk management processes, and third-party risk programs aligned with leading standards (e.g., ISO 27001, NIST CSF, COBIT, CSA). Assess client readiness for local and global regulations such as NCA ECC, SAMA, UAE IA, GDPR, and sector-specific guidelines. Manage enterprise cyber risk assessments, maturity assessments, and business impact analyses (BIAs). Advise on the implementation and enhancement of GRC tools and technologies (e.g., eGRC platforms). Support business development by identifying client needs, preparing proposals, and managing relationships. Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice. Develop detailed reports, articulate technical findings, and deliver actionable recommendations to both technical teams and executive stakeholders. Manage multiple engagements, ensuring timely delivery, quality assurance, and adherence to industry best practices. Stay updated with emerging cyber threats, vulnerabilities, and offensive security techniques, and incorporate these insights into client engagements Skills And Attributes For Success Strong understanding of cybersecurity and risk governance principles, regulatory landscapes, and compliance obligations. Experience designing and implementing enterprise-wide GRC programs and policies. In-depth knowledge of control frameworks (e.g., ISO 27001/2, NIST CSF, NIST 800-53, COBIT, PCI DSS, SWIFT CSCF). Familiarity with sector-specific standards (e.g., NCA ECC/SAMA CSF for KSA, UAE IA/NESA, or energy and financial sector mandates). Ability to conduct technology and cybersecurity risk assessments for applications, infrastructure and network assets Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates. Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice. Ability to interpret complex technical results and present insights to business stakeholders. Strong analytical, problem-solving, and critical-thinking skills. Excellent communication and collaboration skills To qualify for the role, you must have A bachelor's or master’s degree in information technology, cyber security etc. Excellent communication skills with a consulting mindset. 2-8 years of experience in GRC and cyber security assessments A valid passport for travel. Excellent communication skills with a consulting mindset. Ideally, you’ll also have Industry-recognized certifications such as CISSP, CISM, CRISC, ISO 27001 LA Experience working with GRC platforms (e.g., Archer, ServiceNow GRC etc.). Familiarity with data privacy regulations (e.g., GDPR, DPD, PDPL). Understanding of cyber risk quantification methods (e.g., FAIR, Monte Carlo simulations). What We Offer We offer a competitive compensation package where you’ll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer: Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next. Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way. Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech - Manager - IT Internal Controls The opportunity: your next adventure awaits. Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Protech Tech team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients. This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor Key Responsibilities The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you will: Understand client’s challenges and industry related issues and offer solutions in the areas of IT Risk. Participate in go to market, create proposals and respond to RFPs, client orals etc. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, walkthrough sessions, trainings etc. for existing and new clients. Jointly lead global account relationships along with onshore, manage engagement deliveries, quality and drive the growth agenda on accounts. Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Manage a team of Seniors and Staffs (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment. Play an active role in counselling and mentoring junior consultants within the firm. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 5-7 years of related work experience At least 3-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech - Manager - IT Internal Controls The opportunity: your next adventure awaits. Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Protech Tech team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients. This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor Key Responsibilities The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you will: Understand client’s challenges and industry related issues and offer solutions in the areas of IT Risk. Participate in go to market, create proposals and respond to RFPs, client orals etc. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, walkthrough sessions, trainings etc. for existing and new clients. Jointly lead global account relationships along with onshore, manage engagement deliveries, quality and drive the growth agenda on accounts. Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Manage a team of Seniors and Staffs (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment. Play an active role in counselling and mentoring junior consultants within the firm. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 5-7 years of related work experience At least 3-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech - Manager - IT Internal Controls The opportunity: your next adventure awaits. Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Protech Tech team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients. This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor Key Responsibilities The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you will: Understand client’s challenges and industry related issues and offer solutions in the areas of IT Risk. Participate in go to market, create proposals and respond to RFPs, client orals etc. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, walkthrough sessions, trainings etc. for existing and new clients. Jointly lead global account relationships along with onshore, manage engagement deliveries, quality and drive the growth agenda on accounts. Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Manage a team of Seniors and Staffs (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment. Play an active role in counselling and mentoring junior consultants within the firm. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 5-7 years of related work experience At least 3-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Consultant/ Senior Consultant/ Assistant Manager/ Manager - Cyber Security- GRC Specialist As part of our Cyber Technology Consulting team, you will handle leading and managing Cyber Governance, Risk, and Compliance (GRC) engagements for clients across the MENA region. You will collaborate closely with stakeholders to assess, develop, and enhance cybersecurity governance frameworks, risk management practices, and compliance programs in line with global standards and regulatory requirements. The client base spans diverse sectors and includes collaboration with other teams across Advisory services. The opportunity We’re looking for consultant/ senior consultant/ assistant manager/ manager with strong consulting background and hands-on expertise in implementing enterprise cyber risk and governance programs. This is an exceptional opportunity to work with senior leadership across industries and influence strategic cybersecurity decision-making at the highest levels. Your Key Responsibilities Lead and deliver end-to-end cyber GRC engagements, including policy and framework development, control assessments, regulatory compliance, and cyber risk assessments. Design and implement cybersecurity governance models, risk management processes, and third-party risk programs aligned with leading standards (e.g., ISO 27001, NIST CSF, COBIT, CSA). Assess client readiness for local and global regulations such as NCA ECC, SAMA, UAE IA, GDPR, and sector-specific guidelines. Manage enterprise cyber risk assessments, maturity assessments, and business impact analyses (BIAs). Advise on the implementation and enhancement of GRC tools and technologies (e.g., eGRC platforms). Support business development by identifying client needs, preparing proposals, and managing relationships. Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice. Develop detailed reports, articulate technical findings, and deliver actionable recommendations to both technical teams and executive stakeholders. Manage multiple engagements, ensuring timely delivery, quality assurance, and adherence to industry best practices. Stay updated with emerging cyber threats, vulnerabilities, and offensive security techniques, and incorporate these insights into client engagements Skills And Attributes For Success Strong understanding of cybersecurity and risk governance principles, regulatory landscapes, and compliance obligations. Experience designing and implementing enterprise-wide GRC programs and policies. In-depth knowledge of control frameworks (e.g., ISO 27001/2, NIST CSF, NIST 800-53, COBIT, PCI DSS, SWIFT CSCF). Familiarity with sector-specific standards (e.g., NCA ECC/SAMA CSF for KSA, UAE IA/NESA, or energy and financial sector mandates). Ability to conduct technology and cybersecurity risk assessments for applications, infrastructure and network assets Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates. Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice. Ability to interpret complex technical results and present insights to business stakeholders. Strong analytical, problem-solving, and critical-thinking skills. Excellent communication and collaboration skills To qualify for the role, you must have A bachelor's or master’s degree in information technology, cyber security etc. Excellent communication skills with a consulting mindset. 2-8 years of experience in GRC and cyber security assessments A valid passport for travel. Excellent communication skills with a consulting mindset. Ideally, you’ll also have Industry-recognized certifications such as CISSP, CISM, CRISC, ISO 27001 LA Experience working with GRC platforms (e.g., Archer, ServiceNow GRC etc.). Familiarity with data privacy regulations (e.g., GDPR, DPD, PDPL). Understanding of cyber risk quantification methods (e.g., FAIR, Monte Carlo simulations). What We Offer We offer a competitive compensation package where you’ll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer: Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next. Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way. Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech - Manager - IT Internal Controls The opportunity: your next adventure awaits. Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Protech Tech team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients. This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor Key Responsibilities The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you will: Understand client’s challenges and industry related issues and offer solutions in the areas of IT Risk. Participate in go to market, create proposals and respond to RFPs, client orals etc. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, walkthrough sessions, trainings etc. for existing and new clients. Jointly lead global account relationships along with onshore, manage engagement deliveries, quality and drive the growth agenda on accounts. Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Manage a team of Seniors and Staffs (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment. Play an active role in counselling and mentoring junior consultants within the firm. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 5-7 years of related work experience At least 3-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Job Area: Finance & Accounting Group, Finance & Accounting Group > IT Internal Audit Qualcomm Overview: Qualcomm is a company of inventors that unlocked 5G ushering in an age of rapid acceleration in connectivity and new possibilities that will transform industries, create jobs, and enrich lives. But this is just the beginning. It takes inventive minds with diverse skills, backgrounds, and cultures to transform 5Gs potential into world-changing technologies and products. This is the Invention Age - and this is where you come in. General Summary: Unique opportunity to join Qualcomm’s Corporate Internal Audit & Advisory Services department within the SOX Program Management Office (PMO) organization to support the IT SOX 404 and 302 Compliance efforts. The department’s activities and services focus on assisting the Audit Committee of the Qualcomm Board of Directors and Management in the evaluation and improvement of processes that identify and manage risks related to achieving Qualcomm’s business objectives. Key responsibilities include: Lead the IT SOX 404 risk assessment and scoping exercise, execute the process and control walkthroughs, assess the design of controls, develop and enhance comprehensive test plans, and perform independent testing Perform deficiency root cause analyses and assist management with the development of remediation plans Offer effective supervision to, and review the work of other auditors, including the company’s co-sourcing audit partners Collaborate with Qualcomm management to identify financial risks, assess business impacts, and present potential solutions (leading practices) As a key member of the SOX PMO, the successful candidate will be a primary interface between IT management and the external auditors to provide guidance, support, training, and project management Collaborate with the external auditors in the planning and execution of SOX 404 requirements and ensure all deadlines are met with high quality deliverables Participate and assists in ad-hoc projects such as system implementations when needed Three to seven years of recent relevant professional experience in IT SOX compliance for a fast-paced global company or a public accounting firm (“Big 4” or mid-tier). Prior SOX PMO experience preferred. Independent and adaptable team player with strong project management skills to comfortably lead and conduct multiple significant projects and tasks with quality, accuracy, and attention to detail. Strong critical thinking with sound judgment and decision-making skills. Self-motivated, positive, and professional attitude. Exceptional prioritization, organization, and time-management skills to consistently meet deadlines with quality deliverables in a fast-paced environment. Strong interpersonal skills (including oral and written communications) with the ability to lead all related interactions with various levels of the organization including middle and senior management. Excellent understanding of internal controls, frameworks (COSO, COBIT), fundamental audit methodology, SOX 302 and 404 requirements. Strong ability to understand IT and business process risks and related controls Experienced with leading practices for business processes, financial accounting, and reporting risks to ensure compliance with GAAP and external reporting requirements Delivers high-quality work products (form and substance) including the ability to prepare written documents (e.g., work papers, PowerPoint presentations, audit reports, etc.) that clearly lay out key messages Professional Certifications (e.g., CPA, CISA, CIA preferred) ERP experience with Oracle EBS a plus Semiconductor business experience or familiarity Fluent English; multi-lingual capability is a plus Strong communication (oral and written) and presentation skills Fast learner with strong, organization, analytical, critical thinking, and problem-solving skills Ability to work in flexible and non-hierarchical team environment Willingness to get things done and take responsibility Ability to recognize and apply a sense of urgency, when necessary Positive attitude, professional maturity, good work ethic Ability to work independently, handle multiple projects simultaneously, and multi-task to meet deadlines with high-quality deliverables Bachelor's degree in Accounting, Business Administration, Management Information Systems, or related field. Applicants Qualcomm is an equal opportunity employer. If you are an individual with a disability and need an accommodation during the application/hiring process, rest assured that Qualcomm is committed to providing an accessible process. You may e-mail myhr.support@qualcomm.com or call Qualcomm's toll-free number found here . Upon request, Qualcomm will provide reasonable accommodations to support individuals with disabilities to be able participate in the hiring process. Qualcomm is also committed to making our workplace accessible for individuals with disabilities. Qualcomm expects its employees to abide by all applicable policies and procedures, including but not limited to security and other requirements regarding protection of Company confidential information and other confidential and/or proprietary information, to the extent those requirements are permissible under applicable law. To all Staffing and Recruiting Agencies: Please do not forward resumes to our jobs alias, Qualcomm employees or any other company location. Qualcomm is not responsible for any fees related to unsolicited resumes/applications. If you would like more information about this role, please contact Qualcomm Careers.

Responsibilities Partner with a qualified global team of cyber security risk management professionals to protect company assets and support security risk initiatives. Work cooperatively with the Risk and other leads to validate appropriateness of procedures and controls (to ensure compliance with regulatory, contractual, and legal requirements). Work collaboratively with Internal Audit, Legal, and business units to track risk reduction over time. Develop and maintain expertise in regulatory trends, client contractual trends, and risk management strategies. Provide monthly, quarterly, bi-annual, and annual metrics to track, validate, and provide continuous improvement to the compliance and risk management programs. Support the development of and enhance a governance framework aligned with ISO27001 to ensure compliance with stated metrics and documented controls. Maintain a risk register aligned with Omnicom s Risk Management Framework as it pertains to regulatory and compliance risks. Measure compliance with policy and standards as part of assessing the overall security risk posture of the enterprise and develop remediation plans as needed. Qualifications Bachelors degree required, preferably in computer science, information systems, engineering, business administration, or related field 5 years of experience required. In-depth understanding of common regulatory frameworks (SOX, HIPAA, PCI, GDPR) Practical knowledge of risk assessment and management approaches and delivery Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and NIST Past Media and Entertainment industry experience Skills/Abilities Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences. Excellent problem solving and analytical skills, individual must be a team player, strategic and analytical thinker, able to think big picture , as well as focus on trends and data coupled with industry themes, and able to multi-task on projects. Ability to build-out risk & compliance strategy aligned with business objectives that will continually improve and enhance cybersecurity within the organization. Demonstrate the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives. Possess a strong technology background with the ability to challenge or validate technology decisions from a position of knowledge and experience. Possess the ability to rapidly assimilate business strategies, coupled with the insight to seize high impact opportunities by applying creative problem-solving solutions. Track record of managing across multiple global locations, with a solid understanding of the challenges and benefits

Manager - Technology Risk Assessment Team - Technology Risk & Compliance ,Compliance Location - Bangalore The PhonePe Technology Risk and Compliance team plays a critical role in the successful execution of the firm's compliance mission. The Tech Risk and Compliance function ensures the development and maintenance of a strong compliance culture by developing and maintaining program infrastructure that identifies, measures and monitors compliance with applicable laws, regulations and rules that govern our business globally. Compliance teams work closely with Engineering, SREs, business, legal and other functions to provide expertise on regulatory compliance matters; assess and measure compliance and related risks and monitor and test the adequacy of the firm's compliance control environment. Roles and Responsibilities: To review PhonePe products, processes and environment from the perspective of security, regulatory compliance and best practices. To conduct due diligence on new and existing technology implementations across business units at PhonePe. To provide support to internal departments in areas of compliance with regulatory bodies (i.e. RBI, NPCI, SEBI, IRDAI, UIDAI), and implementation of security related requirements from circulars issued by regulators. To collaborate with product/business/engineering teams to implement compliance plans to mitigate risks in the early stage of product development To create control frameworks in guidance of the team and conduct gap assessment against security practices, various regulatory guidelines and compliance requirements Must Haves: 7 to 9 years of relevant work experience, B. Tech Prior people management experience. Strong understanding of ITGC domains and business processes. Experience in managing audits and implementing cyber security controls, NIST, PCI DSS standards, ISMS etc., Certifications such as ISO 27001 / CISA / CISM / CISSP preferred. High ethical standards and are able to work diligently to complete your duties. Analytical mind able to see the complexities of procedures and regulations. Demonstrate the ability to plan and execute projects with minimal management support. PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles) Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy Working at PhonePe is a rewarding experience! Great people, a work environment that thrives on creativity, the opportunity to take on roles beyond a defined job description are just some of the reasons you should work with us. Read more about PhonePe on our blog. Life at PhonePe PhonePe in the news

Job Summary GRC Consultant Responsibilities Job Summary We are seeking an experienced IT GRC Manager to lead our Governance Risk and Compliance initiatives The candidate will be responsible for developing and implementing IT GRC strategies ensuring compliance with regulatory requirements and managing risk across the organization This role requires a deep understanding of IT governance frameworks risk management practices and compliance standards Key Responsibilities Governance Develop and maintain IT governance frameworks policies and procedures Ensure alignment of IT strategies with business objectives Oversee the implementation of IT governance initiatives and monitor their effectiveness Risk Management Identify assess and manage IT risks across the organization Develop and implement risk mitigation strategies Conduct regular risk assessments in according with NIST standard and audits to ensure compliance with internal and external standards Compliance Ensure compliance with relevant regulatory requirements eg GDPR HIPAA SOX Develop and maintain compliance documentation and reports Coordinate with internal and external auditors to facilitate compliance audits Leadership Lead and mentor a team of IT GRC professionals Collaborate with crossfunctional teams to promote a culture of risk awareness and compliance Provide regular updates to senior management on IT GRC activities and initiatives Qualifications Strong knowledge of IT governance frameworks eg COBIT ITIL Experience with regulatory compliance standards eg GDPR HIPAA SOX Excellent analytical problemsolving and communication skills Relevant certifications eg CISA CRISC CISM are a plus Skills Strong leadership and team management skills Ability to work collaboratively with crossfunctional teams Proficiency in risk assessment and management tools Excellent organizational and project management skills Strong attention to detail and ability to manage multiple priorities

Audit Analyst II Ways of working – Work from Office, travel requirements (occasional) Location: Bangalore | Karnataka Year of Experience: 3-4 Years About The Team & Role We are seeking a motivated and detail-oriented IT Audit Analyst to join our Audit & Compliance team. The successful candidate will be responsible for planning, executing, and reporting on IT audits across various domains, including IT infrastructure, cloud environments, SaaS applications, and compliance frameworks like ISO 27001, ISO 27701, and PCI DSS. This role involves evaluating the design and effectiveness of IT controls, identifying risks, and recommending practical solutions to improve the organization's IT governance, risk management, and control environment. This role will work independently on moderately complex audits and may assist senior auditors or managers on larger engagements. What will you get to do here? Audit Planning & Execution Assist in the development of risk-based IT audit plans. Plan and execute IT audits covering infrastructure (servers, networks, databases, operating systems), cloud services (AWS focus), and SaaS applications. Develop audit programs and testing procedures to evaluate IT controls related to security, operations, change management, business continuity, and data privacy. Perform control testing through interviews, documentation review, system observation, and data analysis. Plan, execute, and oversee IT audits for e-commerce systems, including cloud infrastructure, payment gateways, and data privacy controls Compliance & Framework Audits Conduct audits and assessments against established IT security and privacy frameworks, including ISO 27001 (Information Security Management System) and ISO 27701 (Privacy Information Management System). Perform audits to assess compliance with PCI DSS (Payment Card Industry Data Security Standard) requirements, focusing on the cardholder data environment. Evaluate the design and operating effectiveness of controls implemented to meet compliance objectives. Review system access controls, data integrity, and cybersecurity measures. Risk Assessment & Analysis Identify IT risks and control weaknesses during audit engagements. Analyze findings, determine root causes, and assess the potential impact on the business. Evaluate the effectiveness of risk mitigation strategies. Reporting & Communication Document audit work performed, findings, and conclusions clearly and concisely in work papers. Prepare draft audit reports detailing findings and practical, value-added recommendations for management. Communicate audit results effectively to IT management and other stakeholders. Track the status of management action plans to address audit findings. Collaboration & Improvement Collaborate with IT personnel, business units, and external auditors as needed. Stay current with emerging technologies, IT security threats, audit techniques, and relevant regulations/standards. Contribute to the continuous improvement of the IT audit function, processes, and methodologies. May provide guidance or mentorship to junior audit staff. What qualities are we looking for? Education: Bachelor’s degree in information systems, Computer Science, Cybersecurity, Business Administration, or a related field. Experience: 3-4 years of progressive experience in IT Audit, Information Security, IT Risk Management, or a related field. Technical Skills Strong understanding of IT infrastructure components (networks, operating systems, databases, servers, virtualization). Solid knowledge of cloud computing concepts and specific experience auditing cloud environments. Understanding of SaaS models and experience assessing controls related to third-party/vendor risk management for SaaS solutions. Knowledge of IT general controls (ITGCs) and application controls. Framework & Standard Knowledge Demonstrated experience with and knowledge of ISO 27001 and/or ISO 27701 standards and auditing practices. Demonstrated experience with and knowledge of PCI DSS requirements and assessment procedures. Familiarity with other relevant frameworks (e.g., NIST Cybersecurity Framework, COBIT, SOX ITGCs) is a plus. Audit Skills Proficiency in IT audit methodologies, risk assessment techniques, and control testing procedures. Strong analytical, problem-solving, and critical-thinking skills. Excellent written and verbal communication skills, with the ability to articulate technical issues to both technical and non-technical audiences. High level of attention to detail and accuracy. Ability to manage multiple tasks and deadlines effectively. Proficiency with standard office software (e.g., Microsoft Office Suite). Professional certification such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), AWS Certified Security – Specialty, or similar. Experience working with GRC (Governance, Risk, Compliance) tools. Experience with data analysis tools used in auditing (e.g., ACL, IDEA, Excel PowerQuery/Pivot). Experience in specific industries (e.g., finance, healthcare, technology) may be advantageous. Visit our tech blogs to learn more about some of the challenging Problem Statements the team works at:- https://bytes.swiggy.com/engineering-challenges-at-swiggy-430dea6c86a3 https://bytes.swiggy.com/the-swiggy-delivery-challenge-part-one-6a2abb4f82f6 https://bytes.swiggy.com/what-serviceability-means-at-swiggy-c94c1aad352a https://bytes.swiggy.com/architecture-and-design-principles-behind-the-swiggys-delivery-partner s-app-4db1d87a048a https://bytes.swiggy.com/swiggy-distance-service-9868dcf613f4 https://bytes.swiggy.com/the-tech-that-brings-you-your-food-1a7926229886 We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, disability status, or any other characteristic protected by the law.

Summary Implements the information security, governance and strategy per the information management framework through business partnering. Perform ISRM compliance activities for a specific area or technology within TT. About the Role Major accountabilities: Deep understanding of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST, GDPR, NIS2. Hands-on experience in GRC tools such as ServiceNow to configure, build and automate controls / assessments logic for the compliance management. Provide input to GRC team on risk and control register business requirements. Aptitude for technology, open-mindedness towards picking up new skills and working in various trending areas such as AI, GenAI, OT, Mobile, Cloud technologies etc. Basic knowledge on industry regulations e.g. SOX, GxP etc. Deliver effective security training and awareness programs and coordinate delivery across functions and countries. Experience in designing and implementing controls and policy framework, laws and regulations and best in class industry standards. Work experience in risk, control, and governance disciplines (e.g., Risk Management, Audit, Information Security, Regulatory Compliance). Establish close collaboration with stakeholders to facilitate alignment with policies, risks as well as internal and external audits. Strong communication to manage various levels of collaboration/working relationship with global teams. Desirable Skills: 8-10 years of experience in various industry framework and GRC tools. Strong presentation, analytical and communication skills. Ability to, influence, work collaboratively and contribute to high performing teams. CISA/CISM and Big 4 experience preferred. Why Novartis: Our purpose is to reimagine medicine to improve and extend people’s lives and our vision is to become the most valued and trusted medicines company in the world. How can we achieve this? With our people. It is our associates that drive us each day to reach our ambitions. Be a part of this mission and join us! Learn more here: https://www.novartis.com/about/strategy/people-and-culture You’ll receive: You can find everything you need to know about our benefits and rewards in the Novartis Life Handbook. https://www.novartis.com/careers/benefits-rewards Commitment to Diversity and Inclusion: Novartis is committed to building an outstanding, inclusive work environment and diverse teams' representative of the patients and communities we serve. Accessibility and accommodation Novartis is committed to working with and providing reasonable accommodation to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the recruitment process, or in order to perform the essential functions of a position, please send an e-mail to diversityandincl.india@novartis.com and let us know the nature of your request and your contact information. Please include the job requisition number in your message Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to hear more about Novartis and our career opportunities, join the Novartis Network here: https://talentnetwork.novartis.com/network Why Novartis: Helping people with disease and their families takes more than innovative science. It takes a community of smart, passionate people like you. Collaborating, supporting and inspiring each other. Combining to achieve breakthroughs that change patients’ lives. Ready to create a brighter future together? https://www.novartis.com/about/strategy/people-and-culture Join our Novartis Network: Not the right Novartis role for you? Sign up to our talent community to stay connected and learn about suitable career opportunities as soon as they come up: https://talentnetwork.novartis.com/network Benefits and Rewards: Read our handbook to learn about all the ways we’ll help you thrive personally and professionally: https://www.novartis.com/careers/benefits-rewards Division Operations Business Unit Universal Hierarchy Node Location India Site Hyderabad (Office) Company / Legal Entity IN10 (FCRS = IN010) Novartis Healthcare Private Limited Functional Area Technology Transformation Job Type Full time Employment Type Regular Shift Work No

Role: Endpoint Security Engineer Location: Mumbai / Hyderabad / Chennai Experience: L1-2+years; L2-7+years; L3-10+years Budget: L1-8LPA; L2-15 LPA; L3-25 LPA Shifts: L1/L2 --24/7 and L3 – 16*5 JD: Knowledge of networking (Firewalls, routing, TCP/IP, Packet flow and analysis), Operating System (MS Windows, Unix/Linux/Ubuntu…), Information Security Concept (Vulnerability, Hardening, OWASP TOP 10, CIA Tried and related controls etc..) Hands-On experience on EndPoint Security (EDR, DAM, NAC, DLP, FIM, IRM, SIEM/SOAR, Active Directory, Web Applications etc.) Good communication, documentations (i.e., presentations, dashboards, HLD/LLD, SOPs, Policies & Configuration etc.) Experience in Incident management, change management, problem, capacity planning, Migration and availability management etc. L2/L3 - Hand-On experience in automation and optimization (i.e. scripting, ansible, rest API etc.) of security tools to minimize manual intervention, human error and faster resolution/response. L2/L3 - Accountable for team building, resource management, skill enhancement, cross function learning and working etc. L2/L3 - M anagerial, and project management skills, should be capable enough to coordinate with different stakeholders. Any relevant certifications i.e Certified Endpoint Protection Professional, CEH, CISM, CISSP, CISA, ITIL, COBIT, ISO 27001 etc. -- Kirti Rustagi kirti.rustagi@raspl.com

The IT Business Senior Analyst is an intermediate-level position responsible for liaising between business users and technologists to exchange information in a concise, logical and understandable way in coordination with the Technology team. The overall objective of this role is to contribute to continuous iterative exploration and investigation of business performance and other measures to gain insight and drive business planning. Responsibilities: Formulate and define systems scope and objectives for complex projects and foster communication between business leaders and IT Consult with users and clients to solve complex system issues/problems through in-depth evaluation of business processes, systems and industry standards and recommends solutions Support system change processes from requirements through implementation and provide input based on analysis of information Consult with business clients to determine system functional specifications and provides user and operational support Identify and communicate risks and impacts, considering business implications of the application of technology to the current business environment Act as advisor or coach to new or lower level analysts and work as a team to achieve business objectives, performing other duties and functions as assigned Has the ability to operate with a limited level of direct supervision. Can exercise independence of judgement and autonomy. Acts as SME to senior stakeholders and /or other team members. Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency. Qualifications: 5-8 years of relevant experience Experience in data analysis with intermediate/advanced Microsoft Office Suite skills Proven interpersonal, data analysis, diplomatic, management and prioritization skills Consistently demonstrate clear and concise written and verbal communication Proven ability to manage multiple activities and build/develop working relationships Proven self-motivation to take initiative and master new tasks quickly Demonstrated ability to work under pressure to meet tight deadlines and approach work methodically with attention to detail Education: Bachelor's degree/University degree or equivalent experience This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required. Position Overview: We are seeking an experienced and dynamic IT Business Senior Analyst (Assistant Vice President) to work on initiatives related to Data Governance and Control Codification projects. The ideal candidate should have a strong understanding of data quality , control frameworks , and codification processes , along with extensive knowledge of the banking and finance domain . This role requires a blend of technical expertise, business acumen, and leadership skills to ensure the successful delivery of data governance initiatives. Key Responsibilities: Senior Analyst in Data Governance and Control Codification projects, ensuring alignment with organizational goals and regulatory requirements. Define and implement data quality frameworks, standards, and processes to ensure the accuracy, consistency, and reliability of data. Collaborate with cross-functional teams to identify, document, and codify controls for critical data elements. Work closely with stakeholders to understand business requirements and translate them into actionable technical solutions. Ensure compliance with data governance policies, regulatory standards, and industry best practices. Drive the adoption of data governance tools and technologies to enhance data quality and control processes. Provide subject matter expertise in banking and finance, ensuring that data governance initiatives align with industry-specific requirements. Monitor and report on the effectiveness of data governance and control frameworks, identifying areas for improvement. Mentor and guide team members, fostering a culture of accountability and continuous improvement. Required Skills and Qualifications: 8+ years of experience in IT Business Analysis, with a focus on Data Governance, Data Quality, and Control Codification. Strong understanding of data quality frameworks, data lineage, and metadata management. Experience in the banking and finance domain, with knowledge of regulatory requirements and industry standards. Proficiency in data governance tools (e.g., Collibra, Informatica, or similar) and data quality tools. Strong analytical and problem-solving skills, with the ability to work with large datasets and complex systems. Excellent communication and stakeholder management skills, with the ability to bridge the gap between technical and business teams. Bachelor's or Master's degree in Computer Science, Information Systems, Finance, or a related field. Preferred Qualifications: Experience with control frameworks such as COSO, COBIT, or similar. Knowledge of data privacy regulations (e.g., GDPR, CCPA) and their impact on data governance. Familiarity with data visualization tools (e.g., Tableau, Power BI) for reporting and analysis. Certifications in data governance or related fields (e.g., CDMP, DGSP). ------------------------------------------------------ Job Family Group: Technology ------------------------------------------------------ Job Family: Business Analysis / Client Services ------------------------------------------------------ Time Type: Full time ------------------------------------------------------ Most Relevant Skills Please see the requirements listed above. ------------------------------------------------------ Other Relevant Skills For complementary skills, please see above and/or contact the recruiter. ------------------------------------------------------ Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View Citi’s EEO Policy Statement and the Know Your Rights poster.

Job Title: Sr GRC Analyst Duration: Full time role Location: Bengaluru (Hybrid) Note: Looking for immediate joiners OR who can join in at least 20-30 days of notice. Job Description: Duties: Perform vendor risk assessments against all security domains Perform technical implementation assessments from a security perspective related to vendor integrations (i.e. API integrations, SFTP integrations, etc.) to validate the secure implementation of the third party service at the client Maintain and expand Customer Trust knowledge base Support customer security assessment requests Support customer audits Skills: Excellent understanding and practical application of industry security frameworks including SANS Critical Security Controls, CIS Controls, ISO 27001, NIST SP 800-53, PCI DSS, and SOC2. Great understanding of IT control frameworks (COBIT) and IT general controls Strong knowledge of information security concepts, risk and controls concepts Strong knowledge of standards such as ISO 27001/2, NIST CSF, NIST 800-53, TSC 2017 (SOC2), PCI DSS, etc. Strong knowledge of security control domains such as Asset Management, Configuration Management, SDLC, Logging and Monitoring, Data Security, Network Security, Security Governance, Identity Access Management, Vulnerability Management, etc. Proficiency in a wide spectrum of technical security controls encompassing logical access control, encryption , data loss prevention, secure coding practices, security architecture, vulnerability management, and network security technologies. Expert in conducting Vendor risk assessments and understand risk exposure of technology deficiencies and translating them to business impact Strong domain experience in security risk assessments Working knowledge of risk treatment and exception processes Strong knowledge of Security architecture design and review including key security controls related to authorization, authentication, and encryption of data in transit/at rest Ability to configure and/or maintain 3rd party customer audit management tools (such as OneTrust Compliance Automation or a similar tool) for automated evidence collection to support customer audits is a plus Ability to configure and/or maintain 3rd party vendor risk management tools (such as OneTrust vendor assessment or a similar tool) for third party risk assessments is a plus One or more certifications such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer Open to learning and working on new domains and technology Good written and spoken communications skills to explain and articulate technical concepts effectively to stakeholders including system engineers, and auditors Strong attention to detail and diligence

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Key Responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

HOURS: 8am CST- 4pm CST (6:30pm IST-2:30am IST) Rate- $13-$18/hr USD Must Have: 4-6 years of hands on SOX/SOC Control Testing experience Extensive knowledge of SOX, SOC1, and SOC 2 compliance requirements and ITGC framework Must have experience designing, executing, and documenting test procedures Expert-level Excel skills (pivot tables, complex formulas) Experience with one of the Big Four (Deloitte, EY, PwC, KPMG) Understanding of ERP, Cloud, and DevOps, and IAM tools for controls testing (SAP, Azure, GitHub, Sailpoint)- MUST have SAP Ability to manage multiple priorities and projects simultaneously Must be familair with COSO/COBIT, NIST, and ISO frameworks with hands on experience with COSO/COBIT Plusses: CISA Certification (Certified Information Systems Auditor) CISSP Certification (Certified Information Systems Security Professional) Extensive scripting experience for automation and data extraction Job Summary: We are seeking a SOX Controls Tester specializing in IT General Controls (ITGC) to assist with SOX monitoring across over 87 systems. The successful candidate will have extensive experience with SOX compliance requirements and the overall ITGC framework. Responsibilities include designing, executing, and documenting control testing procedures, identifying potential control deficiencies, and recommending effective remediation strategies. The ideal candidate must have advanced Excel skills, including complex formulas, pivot tables, and handling large datasets. Proficiency in scripting languages is required to pull and analyze different data sets. Competence in troubleshooting issues within automated scripts and data analysis processes is essential. Excellent verbal and written communication skills are necessary to document findings and collaborate effectively with IT and business stakeholders. Meticulous attention to detail is crucial to ensure thoroughness and precision in testing and documentation.

At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. In IT audit at PwC, you will focus on helping to assess and evaluate the design and effectiveness of an organisation's IT systems and controls to provide compliance with regulations and mitigate risks. Growing as a strategic advisor, you leverage your influence, expertise, and network to deliver quality results. You motivate and coach others, coming together to solve complex problems. As you increase in autonomy, you apply sound judgment, recognising when to take action and when to escalate. You are expected to solve through complexity, ask thoughtful questions, and clearly communicate how things fit together. Your ability to develop and sustain high performing, diverse, and inclusive teams, and your commitment to excellence, contributes to the success of our Firm. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Craft and convey clear, impactful and engaging messages that tell a holistic story. Apply systems thinking to identify underlying problems and/or opportunities. Validate outcomes with clients, share alternative perspectives, and act on client feedback. Direct the team through complexity, demonstrating composure through ambiguous, challenging and uncertain situations. Deepen and evolve your expertise with a focus on staying relevant. Initiate open and honest coaching conversations at all levels. Make difficult decisions and take action to resolve issues hindering team effectiveness. Model and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements. Reporting Position reports to the Group and GTM leads within the Cyber, Risk & Regulatory practice Essential Duties And Responsibilities Manage and lead multiple teams directly involved in the work streams related to IT SOX Compliance covering ITGC and IT Dependencies (ITAC, Interfaces, IPE’s). Individual would be expected to cultivate a strong team environment Managing predominantly offshore engagements and relevant PwC Territory teams. Communication, written and verbal, with these teams would be expected. This communication would include emphasizing the capabilities within the SDC to provide high-quality deliverables to support the PwC Global Offices. Be actively involved in proposal as part of client pursuit and assisting Partners and Directors with relevant and valuable inputs. Manage the overall operations as per the framework/standard laid down by the management for the smooth functioning of business as usual. Ensure diversity within the team and equal opportunities for the team members involved for their progression. Responsible for the overall performance management of the team assigned. Oversee the team members performance of testing in these area, monitoring workload, timelines and budgets for the work being performed. Provide technical support in the assessment, design, and implementation of ITGC requirements. Thorough understanding around ITGC domains such as Logical Access, Change Management, SDLC and Computer Operations. Exposure of testing IT Application Controls (Configurable, Non-configurable), Interfaces, IPE’s, Data Migration and Platform Reviews. Review control evidence for adherence to accuracy, completeness, and precision of control execution for all ITGC. Develop, implement, and test controls for new acquisitions and in-scope entities. Work with control owners and operators to ensure quality, consistency, and operability of new and existing controls as needed. Collaborate and build long-term relationships with key stakeholders in a fast-paced and matrixed work environment. Review test findings and facilitate the remediation of ITGC control gaps and escalate possible critical issues to senior management of client/Onshore teams. Plan and direct the work to team members, monitor their work, and take corrective action when necessary. Coaches, mentors, and develops direct reports, including overseeing new hire onboarding process and providing career development planning and opportunities; maintains a safe, secure, and legal work environment. Builds and maintains strong peer relationships within the team and across the organization. Coordinates work with External Auditors of the client if needed. Manage the Cyber, Risk & Regulatory (Advisory) team and client portfolio to deliver 30,000 to 40,000 of client hours. Interpersonal Skills Ability to work independently under general supervision with latitude for initiative and independent judgment. Effective verbal and written communications, including active listening skills and skill in presenting findings and recommendations. Ability to establish and maintain effective working relationships with co-workers and external contactors/auditors. Detail-oriented & comfortable working on multiple projects simultaneously. Individuals would be expected to cultivate a strong team environment and promote a positive working relationship amongst their team. Excellent communication skills, written and verbal would be expected. Ensure client service delivery in accordance with the quality guidelines & methodologies. Build and maintain client relationships by understanding and being responsive to client needs and ensuring high quality of deliverables. Contribute to people and knowledge development initiatives by developing training material and conducting training. Demonstrate strong analytical thinking and communication skills including the ability to research and understand complex processes and effectively communicate them to interested parties. Demonstrate superior relationship building and relationship management skills. Client Management Develop strong working relationships with the client and onshore teams. Maintain excellent rapport and proactive communication with the stakeholders and clients. Operational excellence Strive to take the business to the next level by identifying and implementing changes for the betterment of business. Suggest ideas on improving engagement productivity and identify opportunities for improving client service. Manage engagement budgets and ensure compliance with engagement plans and internal quality & risk management procedures. People related Display teamwork, integrity, and leadership. Work with team members to set goals and responsibilities for specific engagements. Foster teamwork and innovation. Utilize technology & tools to continually learn and innovate, share knowledge with team members and enhance service delivery. Conduct workshops and technical training sessions for team members. Contribute to the learning & development agenda and knowledge harnessing initiatives Mentor and coach junior team members, enabling them to meet their performance goals and successfully grow their careers. Minimum Qualifications Bachelor’s degree in Information Systems, Computer Science Engineering B.E., B. TECH, M. TECH, MCA, BCA, CA, MBA Experience of business experience in technology audit, risk management, compliance, consulting, or information security including acting in the capacity of a supervisor Excellent knowledge of IT General Controls, automated and security controls Knowledge of security measures and auditing practices within various operating systems, databases, and applications Experience in auditing financial applications, cyber security practices, privacy, and various infrastructure platforms such as Unix, Linus, Windows, SQL Server, Oracle Databases Knowledge and concepts of auditing of cloud platforms (AWS, Azure and Google Cloud) Experience designing continuous auditing and monitoring tools and techniques is a plus. Good understanding of CoBIT 5 Domains of Access Management, SLDC & Change and Computer Operations and Control Design and Testing of SOX IT General Controls (ITGC) and/or IT Application Controls (ITAC) Experience in identifying control gaps and communicating audit findings and control redesign recommendations to Management/Clients Knowledge of regulations impacting privacy, integrity, and availability of clients PII. Functional knowledge of major ERP suites (like SAP, Dynamics, Oracle EBS, Peoplesoft) Understanding of audit concepts and regulations Required overall experience in testing/reviewing and implementation of ITGC controls, CoBit 5 and developing COSO framework Candidates with 11+ years of relevant experience in similar role, preferably with a “Big 4” or equivalent Chartered Accountant (would be added advantage) Certification(s) Preferred CISA / CISM / CRISC / CISSP / ISO 27001 LA certifications

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech – Senior Manager Job location- Bangalore, Gurgaon, Noida, Pune and Kolkata The opportunity: your next adventure awaits. Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Protech Tech team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients. This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor Your Key Roles And Responsibilities Market Leadership and client management Executive-level skills in client relationship management and the hold conversations with senior executives. Partnering with onshore teams to understand client’s business & related industry issues / trends for global clients. Contribute to new solution development basis the industry trends and client’s problem statement. Conduct knowledge sharing discussions & contribute to EY thought leadership. Supports in responding to RFPs Identify buyers, influencers & stakeholders in existing client engagements and build strong relationships. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Assist Partners/Directors in driving the account management agenda by focusing on high impact opportunities. Create innovative insights for clients, adapts methods & practices to fit operational team needs & contributes to thought leadership documents. Represent the firm in various industry conferences and associations – network with individuals, contribute to key discussion items and explore business opportunities. Delivery and Team management Understanding our clients’ overall technology strategy to effectively manage risk while transforming their business. Plan & schedule client engagements. Determine and deploy the right team with adequate skill sets for executing engagements and periodically review status of engagements and work products. Lead large engagements in the areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations) Actively contribute to improving operational efficiency on projects & internal initiatives by leveraging on lessons learned from other projects. Monitor engagement economics & ensure timely billing of invoices & actively follow-up on collections by managers/seniors. Manage a team of Managers and Seniors (across locations) to manage delivery of engagements for multiple processes across clients and conduct comprehensive risk assessments to identify and prioritize potential IT risks against technology strategies, business applications and platforms, and digital transformations. Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Demonstrate subject matter & industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices). Stay up to date with emerging industry trends and technologies, suggest innovative solutions to engagement teams and provide recommendations to clients on potential risks and opportunities. Operational Excellence Suggest ideas on improving engagement productivity and identify opportunities for improving client service. Manage engagement budgets and ensure compliance with engagement plans and internal quality & risk management procedures. People related Display teamwork, integrity and leadership. Work with team members to set goals and responsibilities for specific engagements. Foster teamwork and innovation. Utilize technology & tools to continually learn and innovate, share knowledge with team members and enhance service delivery. Understand EY and its service lines. Actively encourage team members to contribute ideas. Conduct workshops and technical training sessions for team members. Contribute to the learning & development agenda and knowledge harnessing initiatives. Drive campus recruitment initiatives To qualify for the role, you must have Chartered accountant (CA) or Master's degree in Management, Information Systems/ Technology, Computer Science, Business Analytics, Cybersecurity, or a related discipline Passion for technology and an ardent desire to work in risk management. Minimum 10 years of a “Big 4” or professional firm or professional industry experience in risks & controls, with more than 6 years of experience in IT Risk Management, IT Regulatory Compliance, IT Audit, IT Transformation Risk Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) Cognitive problem solving capabilities, quick decision making skills and ability to handle complex situations with a calm demeanor Exceptional interpersonal, written, and verbal communication skills Effective organization and time management skills with the ability to work under pressure and adhere to project deadlines. Globally mobile and flexible to travel to onsite locations Team player with strong interpersonal skills Ability to think differently and innovate Ideally, you’ll also have Responsible for the performance and appraisal of direct reports, including training and developing necessary skill sets to enable them to grow in their careers. Mentor and coach junior team members, enabling them to meet their performance goals and successfully grow their careers. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Technical Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001 Soft Skills Good presentation and report writing skills is mandatory. Excellent communication skills and confident demeanor Experience of working with client stakeholders Good problem-solving skills.