1041 Cobit Jobs - Page 17

Our Exciting Opportunity The position of the Software Asset Manager is to ensure that Ericsson Internal use customers maximize the value of the SW investments and at the same time is license compliant. The Software Asset Manager keeps track of SW licenses and SW installations and works together with Product Owners, Sourcing, outsourcing suppliers and the SW suppliers. You Will: The Software Asset Manager is responsible, for assigned SW suppliers, licenses and associated costs and should: Define a comprehensive license management strategy for each assigned software supplier, including proactive action plans Drive regular connects with SW supplier and build and maintain good relationships Keep track of all SW license investments, maintain license records, current utilization and identify licensing surplus or shortfalls Implement internal SW pricing models. Safeguard SW maintenance and support renewals Ensure all the costs that are purchased through Asset Management are properly reported and recovered from the respective product team Identify savings opportunities for renewals, software licensing, and services. Follow through with product team, sourcing & end users to obtain identified savings Processes Secure SAM involvement in relevant Internal processes Participate in Ericsson relevant steering groups and other internal meetings important to the governance of SW licenses Monitor the SW business environment and best license practices Internal communication to make SAM functions visible for stakeholders and end users Define the interfaces to other internal functions/units and drive efficiency by cross unit collaboration (Sourcing, Prdouct Owner’s etc.) Offer licensing expertise and cost calculations for internal stakeholders Support commercial and legal teams to provide consequence analysis relating to licensing Inform/escalate major license incompliance and/or violations to line management and/or relevant governance body Initiate improvements and corrective actions when deficiencies are identified, including necessary monitoring and escalation until issues or gaps are resolved Ensure to report all the cost that needs to be recovered from the business through proper channels Identify license cost reduction activities together with product owners and Sourcing Ensure accurate reporting for cost allocation on a periodical basis Identify contact persons for all outsourcing suppliers, to manage information received from the SAM team Provide guidance and knowledge to our outsourcing suppliers regarding Ericsson’s license compliance requirements Actively communicate with software supplier's account manager to address license pricing model, usage and support issues, in collaboration with Sourcing Organizational Interfaces The Software Asset Manager should establish relationships to: Product Owners - to understand actual SW use and plans for the applications Sourcing - to get knowledge of existing license agreements and to support Sourcing in negotiations with demands, product selection and volumes etc Finance – for the budget process, follow-up of actual costs, internal cost allocation and reporting SW suppliers – for regular SW supplier governance and operational meetings and to build and maintain good relationships Qualifications & Experience: Experience working with multi-national global decentralized organizations Familiarity with IT cost saving initiatives and reporting Proficiency with software license management and related procurement practices Experience working with software suppliers Working knowledge of software asset optimization planning and scenario planning for buy, transfer and termination strategies for software asset use Certifications on CSAM & ASAM preferable (not mandatory) Knowledge: The Software Asset Manager should have knowledge of: General SW licensing definitions, rules and conditions, including maintenance and support, general software license agreements Standards like ITIL, ISO, CoBIT preferable Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Noida Req ID: 769357

Hi all , we are looking for a role Information Security Risk Specialist experience : 7 -9 years notice period : Immediate - 15 days location : Bengaluru Information Security Risk Specialist Experience: 7 to 9 years Location: Bengaluru Job Summary: We are seeking an experienced Information Security Risk Manager to join our team at Daimler Truck Innovation Center India, Bengaluru. The ideal candidate will lead the risk management and coordination efforts related to the overall security of enterprise systems, ensuring the development, implementation, and oversight of strategies that safeguard the information assets from cybersecurity threats, vulnerabilities, and attacks. This role requires strong collaboration across internal teams, including engineering, IT, legal, and regulatory bodies, as well as with external partners, such as suppliers and industry organizations. The ideal candidate will have a deep understanding of cybersecurity risk management methodologies, and the ability to oversee multiple initiatives aimed at strengthening the risk management practices at Daimler Truck Key Responsibilities: Develop, implement, and maintain an enterprise-wide information security risk management program. Identify, assess, and document information security risks, ensuring alignment with business objectives. Perform risk assessments, vulnerability analyses, and impact evaluations on IT systems and processes. Collaborate with cross-functional teams to establish risk mitigation strategies and action plans. Monitor, track, and report on risk metrics and key performance indicators (KPIs). Stay updated on regulatory requirements and ensure compliance with standards such as ISO 27001, NIST, GDPR, etc. Develop and maintain comprehensive process documentation and generate reports tailored to the needs of various stakeholders. Drive security awareness programs and train employees on risk management practices. Prepare and present detailed risk assessment reports to senior management. Lead incident response planning and participate in cybersecurity investigations when necessary. Qualifications: Education: Bachelors degree in Information Security, Cyber Security, Computer Science, Information Science, or a related field. Advanced degrees (e.g., Masters) or certifications (e.g., CISSP, CRISC, CISM, CEH) are a plus. Experience: 5+ years of experience in information security, risk management, or related domains. Skills and Competencies: Comprehensive understanding of frameworks such as ISO 27001, NIST Cybersecurity Framework, COSO, and COBIT. Proven analytical expertise in evaluating and prioritizing risks effectively. Advanced proficiency in utilizing security tools for risk assessment and mitigation. Strong preference for candidates with certifications like CISSP, CISM, CRISC, or equivalent. Exceptional communication and presentation skills, with a proven ability to collaborate effectively across diverse teams. Demonstrated problem-solving capabilities, including critical thinking and informed decision-making under pressure. Skilled in leading security initiatives and managing projects across global teams. A strategic mindset paired with keen attention to detail. • Resourceful and decisive under high-pressure situations. An effective team player with exceptional interpersonal and collaboration skills.

Job Title: Divisional Risk and Control Location: Pune, India Corporate Title: AVP Role Description The 1st line Tech Risk and controls function at Deutsche sits within the Group Technology Infrastructure (GTI) for Deutsche Bank Group. GTI has the largest footprint within the Technology, Data and Innovation division and is joined by other business-aligned CIO IT divisions. The Tech Risk and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner. As part of the team, you will join the Banks journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction. Specifically, you will bring expertise to Control definition and assessments capability across IT Infrastructure, SDLC and Architecture domains supporting a proactive risk management function. It will therefore also include providing change risk advisory services for transformational change programs undertaken by or impacting GTI. You will liaise with other risk and control functions, on a management level to assure the integration of risk initiatives and projects. You will also support Regulatory Adherence and Policy Management function within TDI Risk Management. Its purpose is to provide oversight and supervision of new & changed material regulation impacting TDI, including full traceability to derived DB-specific Policies, Procedures, Key Operating Documents and Supporting Documents. Your key responsibilities Risk & Control Management Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present findings and proposals for risk mitigation measures. Support the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments. Work closely with teams in and out of the division to understand risks impacting the group. Align internal Deutsche Bank policies/procedures against industry recognized framework to strengthen the control framework and its implementation for both within the Bank and our 3rd party vendor relationships Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums Regulatory Adherence and Policy Management Coordination of regulatory adherence assessments across sub-divisions within TDI and management and review of Policies, Procedures, Key Operating Documents, Supporting Documents within TDI. Engage with stakeholders across TDI and other (e.g. 2nd line of defence) divisions in reviewing, assessing, and documenting the impact of regulations and ensuring remedial actions are established and monitored. Steer and support the publication of a consistent set of global and local Policies, Procedures, Key Operating Documents and Supporting Documents relating to Information Technology from laws, rules, and regulations. Risk remediation and Change Risk Advisory Support the Head of TDI GTI Risk Management in assessing risks related to strategic changes within the GTI Organization Proactively monitor risk landscape shift within the industry to identify transformation project opportunities to insulate Deutsche Bank from any potential risk exposure e.g., Production design life cycle, application and infrastructure architecture and its resilience Stakeholder Management Identify, Partner and Collaborate Work with relevant stakeholders to identify and assess controls gaps related to technology risk - measure and mitigate them in a timely manner Align with COO Division Control Office (DCO) team and NFRM (2nd LoD) ensuring successful and consistent implementation of the established control framework. Promote and support proactive IT risk culture at the Bank. Your skills and experience Desired experience Minimum 5 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework or IT Audit in a global organization. Experience in a regulatory oversight, assurance, or policy management function within technology. Or have suitable compliance or audit background within infrastructure (and preferably IT & Information Security). Extensive experience regarding development, training and implementation of IT Policies, Procedures, Key Operating Documents and Supporting Documents. Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 Other professional qualifications and certifications in Technology risk management Desired behaviors A strong team player comfortable in a cross-cultural and diverse operating environment Result oriented and ability to deliver under tight timelines Ability to successfully resolve conflicts in a globally matrix driven organization Excellent communication and collaboration skills Desire to learn about new and emerging technologies and continuous upskilling Must be comfortable with navigating ambiguity to extract meaningful risk insights

When you join Verizon You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love — driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together — lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the #VTeamLife. What You’ll Be Doing... You'll be part of the "Verizon Global Infrastructure (VGI), Network & Information Security” group working on security and automation tools to protect against cyber threats within the VGS Technology organization. You will work with a team of cybersecurity engineers with network & infrastructure background, threat intelligence analysts and risk management personnel to align common technologies and practices that fortify our applications, systems, IT network and infrastructure. Some of your daily responsibilities would be the following. What You’ll Be Doing… Infrastructure Security Governance Implement IT infrastructure governance policies and procedures. Ensure compliance with relevant industry standards and regulations (e.g., ISO 27001, GDPR). Establish and maintain a control framework for infrastructure management Identify, implement and operationalize metrics, dashboards, scorecards, and tracking to consistently measure the current state of cybersecurity across VGS Infrastructure, leveraging industry best practices and standards where possible Ensure effectiveness and coverage of the Security Policies and Controls of VGS Infrastructure, prioritizing by risk level Instill ownership and accountability for security-based metrics and drive increased maturity, visibility, and subject-matter expertise for all segments Develop action plans jointly with all stakeholders to remediate deviations, providing necessary support to close on all key items Champion a highly collaborative work model with an aptitude of building and maintaining relationships across different teams at multiple senior levels, internally and externally Develop awareness, training & compliance programs focused on Infrastructure Cybersecurity practices, leveraging the Mavens program - a team of security professionals who facilitate adoption of security by design Ensure Security posture of VGS Infrastructure, e.g., access management, vulnerabilities remediation, etc. Coordinate necessary activities with our VCS organization: pen testing, incident response, data collection, etc. Identify and evaluate potential threats and vulnerabilities. Develop mitigation strategies and track remediation efforts What We’re Looking For... You'll need to have: Bachelor’s degree or four or more years of work experience. Four or more years of relevant work experience. Seven or more years of relevant work experience in Security, IT, and/or Network Experience in managing enterprise scale server infrastructure Experience in managing public/private cloud infrastructure Understanding of network fundamentals, switching, routing protocols, load balancers, web proxies, firewalls and software defined networking solutions. Understanding of security fundamentals Confidentiality, Integrity, Availability, access control, Authentication, Authorization, Auditing secure design concepts like Experience in design and implementation of network security solutions like firewalls, intrusion detection and prevention systems, VPN , web proxies etc using vendor products like Cisco, Juniper, Checkpoint, Palo Alto etc Knowledge of IT governance frameworks and standards (e.g., COBIT, ITIL) Relevant certifications such as CISSP, CISM, CRISC or CompTIA Security+ Even better if you have one or more years of work experience: Bachelor’s degree in cybersecurity, network, engineering, computer science or related discipline. Ability to thrive in a dynamic environment while managing multiple high-priority projects. Industry relevant security certifications Security+, OSCP, CEH, CISSP, GIAC etc Strong expertise in at least one operating system Window or Linux. Cloud relevant certifications CCSP, CCSK #NtwSec Where you’ll be working In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. Scheduled Weekly Hours 40 Equal Employment Opportunity Verizon is an equal opportunity employer. We evaluate qualified applicants without regard to race, gender, disability or any other legally protected characteristics.

Inside Sales Executive Learn and understand Progressive’s portfolio of IT services and solutions. Conduct research to identify potential clients and key decision makers. Reach out to prospects via phone, email, and LinkedIn to generate interest. Set up introductory calls and meetings for senior sales or technical teams. Maintain records of interactions and lead status in the CRM system. Follow up with prospects to keep the conversation active. Work with marketing teams to follow up on inbound leads and campaign responses. Assist in preparing presentations, proposals, and documentation as needed. Participate in training sessions to build product knowledge and sales skills About Company Progressive Tech Serve is a leading provider of Transformation Services which spans across Cloud, Digital and Operations. We have been reinventing ourselves to remain relevant to the global marketplace and bring significant value to our clients engagements. With its robust delivery process and Integrated Quality Management System certified for ISO 9001:2008, ISO 20000-1:2005, as well as ISO 27001: 2005 standards and Governance models based on COBIT, Progressive is constantly redefining the way services are being delivered and consumed by our clients across the globe with assurance on sharper experience and superior outcomes. Founded in the year 1998, Progressives presence has grown to over 130+ locations with 1200+ associates spread across India, USA and the Middle East. Progressive Infotech also has ventured into international market through subsidiaries in USA and Middle East, to cater to the North America, Middle East, and African markets. For its globally distributed customers, Progressive has set up a state-of-the-art Hybrid NOC at its sprawling facility in NOIDA, the National Capital Region of Delhi. With over 27 years of experience across various Industry verticals, Progressive has traversed the journey from being a large VAR to a Cloud, Digital and Operations Transformation Services Company today. Our focus is to help our customers maximize returns on their existing IT investments, help manage the IT as well Transform IT to align with the constantly changing demands of their business. We differentiate through our agile, flexible, and razor-sharp focus on customer experience.

Noida,Uttar Pradesh,India Job ID 769357 Our Exciting Opportunity The position of the Software Asset Manager is to ensure that Ericsson Internal use customers maximize the value of the SW investments and at the same time is license compliant. The Software Asset Manager keeps track of SW licenses and SW installations and works together with Product Owners, Sourcing, outsourcing suppliers and the SW suppliers. You Will: The Software Asset Manager is responsible, for assigned SW suppliers, licenses and associated costs and should: Define a comprehensive license management strategy for each assigned software supplier, including proactive action plans Drive regular connects with SW supplier and build and maintain good relationships Keep track of all SW license investments, maintain license records, current utilization and identify licensing surplus or shortfalls Implement internal SW pricing models. Safeguard SW maintenance and support renewals Ensure all the costs that are purchased through Asset Management are properly reported and recovered from the respective product team Identify savings opportunities for renewals, software licensing, and services. Follow through with product team, sourcing & end users to obtain identified savings Processes Secure SAM involvement in relevant Internal processes Participate in Ericsson relevant steering groups and other internal meetings important to the governance of SW licenses Monitor the SW business environment and best license practices Internal communication to make SAM functions visible for stakeholders and end users Define the interfaces to other internal functions/units and drive efficiency by cross unit collaboration (Sourcing, Prdouct Owner’s etc.) Offer licensing expertise and cost calculations for internal stakeholders Support commercial and legal teams to provide consequence analysis relating to licensing Inform/escalate major license incompliance and/or violations to line management and/or relevant governance body Initiate improvements and corrective actions when deficiencies are identified, including necessary monitoring and escalation until issues or gaps are resolved Ensure to report all the cost that needs to be recovered from the business through proper channels Identify license cost reduction activities together with product owners and Sourcing Ensure accurate reporting for cost allocation on a periodical basis Identify contact persons for all outsourcing suppliers, to manage information received from the SAM team Provide guidance and knowledge to our outsourcing suppliers regarding Ericsson’s license compliance requirements Actively communicate with software supplier's account manager to address license pricing model, usage and support issues, in collaboration with Sourcing Organizational Interfaces The Software Asset Manager should establish relationships to: Product Owners - to understand actual SW use and plans for the applications Sourcing - to get knowledge of existing license agreements and to support Sourcing in negotiations with demands, product selection and volumes etc Finance – for the budget process, follow-up of actual costs, internal cost allocation and reporting SW suppliers – for regular SW supplier governance and operational meetings and to build and maintain good relationships Qualifications & Experience: Experience working with multi-national global decentralized organizations Familiarity with IT cost saving initiatives and reporting Proficiency with software license management and related procurement practices Experience working with software suppliers Working knowledge of software asset optimization planning and scenario planning for buy, transfer and termination strategies for software asset use Certifications on CSAM & ASAM preferable (not mandatory) Knowledge: The Software Asset Manager should have knowledge of: General SW licensing definitions, rules and conditions, including maintenance and support, general software license agreements Standards like ITIL, ISO, CoBIT preferable Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply?

Job Title : Security GRC Consultant & Security Lead Experience: 10+ Years Location: [Thrissur / Cochin] Type: [Full-Time/Onsite] Industry : Information Security / Cybersecurity / Risk & Compliance Job Summary: A seasoned Security GRC (Governance, Risk, and Compliance) Consultant and Security Lead with over 10 years of experience in implementing, managing, and optimizing cybersecurity governance frameworks. Adept at bridging business and technology risk, ensuring regulatory compliance, and leading cross-functional teams to uphold enterprise security posture. Proven ability to drive enterprise risk programs, security audits, and compliance initiatives in diverse industries including finance, healthcare, and technology. Key Responsibilities: Governance, Risk, and Compliance (GRC): • Develop, implement, and manage enterprise-wide GRC strategies aligned with business and regulatory requirements (e.g., ISO 27001, NIST, SOC 2, HIPAA, GDPR, PCI-DSS). • Lead security risk assessments, third-party vendor evaluations, and business impact analyses (BIA). • Design and implement risk treatment plans, control testing programs, and continuous monitoring processes. • Maintain and enhance GRC platforms such as Archer, ServiceNow GRC, or LogicGate. Security Leadership & Strategy: • Act as the primary liaison between business stakeholders, technical teams, and executive leadership on cybersecurity initiatives. • Lead the development and execution of information security programs, policies, and procedures. • Provide expert guidance on security architecture, incident response, and data protection strategies. • Conduct security awareness training and culture-building across the organization Audit & Compliance: • Prepare organizations for internal and external audits; respond to audit findings and ensure timely remediation. • Manage and maintain documentation for control evidence, risk registers, and compliance reports. • Engage with regulatory bodies and customers during compliance reviews and assessments. Project Management & Team Leadership: • Lead or participate in cross-functional projects including cloud security assessments, privacy impact assessments (PIAs), and IT risk projects. • Mentor and lead junior security professionals; contribute to internal knowledge bases and best practices. • Manage project timelines, stakeholder expectations, and deliverables in Agile and Waterfall environments. Required Skills & Qualifications: • Bachelor’s or Master’s degree in Cybersecurity, Information Systems, or related field. • Professional certifications: CISSP, CISA, CRISC, CISM, ISO 27001 Lead Implementer/Auditor, or similar. • Strong knowledge of GRC frameworks (ISO, NIST CSF, COBIT), data protection laws (GDPR, CCPA), and industry standards. • Experience with security tools and platforms like Archer, ServiceNow GRC, Splunk, Tenable, Qualys, etc. • Excellent communication, stakeholder management, and technical writing skills. • Ability to work independently and drive multiple initiatives in complex environments. Preferred Experience: • Hands-on experience in cloud security (AWS, Azure, GCP). • Experience working in highly regulated industries (Finance, Healthcare, Pharma). • Familiarity with DevSecOps, secure SDLC, or CI/CD pipeline security controls.

About This Role Role Description: The Information Security team member will augment the Supply Chain Security team and play an integral part in the development, implementation, and compliance of technical security across the enterprise. The candidate will be key contributor to ongoing security assessments of third-party tools and products and will regularly act as a voice of Information Security to business teams and management, building cyber security confidence in support of business development and governance processes. Responsibilities Perform focused assessments of existing or new service providers, and technologies being introduced into the firm’s environment. Experience in performing cyber security due diligence assessments of third-party service providers and vendors. Provide governance and oversight over existing and new SaaS and IaaS products Influence the overall direction for securing infrastructure, applications and third parties service providers for the firm Communicate risk assessment findings to information security stakeholders or business partners and influences the risk mitigation Provide consultative advice to information security customers that enables them to make informed risk management decisions Performing assessments of new and existing Internet of Things (IoT) Deployments Identify appropriate controls to effectively manage information risks as needed Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk Maintain strong working relationships with individuals and groups involved in managing information risks across the organization Support the documentation of Information Security Policies and Standards Security assessments of third-party software packages deployed on machines Perform vulnerability impact analysis of newly identified vulnerabilities of the firm’s critical service providers Skills Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the skills and competencies necessary to be highly effective in the role. These skills and competencies include: Strong documentation and process-oriented background with experience working on complex technology projects An ability to effectively influence others to account for the plans and collaborative behaviors for results An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners in a way that influences optimum risk mitigation Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one Ability to react to high pressure dynamic changing environments Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization An ability to apply original and innovative thinking to produce new ideas and create innovative products, solutions, or approaches A discipline and interpersonal skills to work well in a global environment, complementing teams in multiple remote locations Experience Degree in Business, Computer Engineering, Computer Science, Information Security, or a related field Working knowledge of data analysis techniques, including Excel, Python and basic SQL skills Experience with agile project management Knowledge of Azure security, AWS security, web security, including API and token security 5+ years Information Security experience 3+ years with risk advisory and senior management communication, metrics, collaboration to drive risk-based results 3+ years of experience with documenting, project management, written analysis for Information Security risk assessments 3+ years of experience in an Enterprise Risk Management and/or assessing controls within a Technology and/or Financial Services firm Experience with information security management frameworks (e.g., IS027001, COBIT, NIST 800, SOC 2 Type 2) Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA) AWS, GCP, or Azure security certifications are a plus Our Benefits To help you stay energized, engaged and inspired, we offer a wide range of benefits including a strong retirement plan, tuition reimbursement, comprehensive healthcare, support for working parents and Flexible Time Off (FTO) so you can relax, recharge and be there for the people you care about. Our hybrid work model BlackRock’s hybrid work model is designed to enable a culture of collaboration and apprenticeship that enriches the experience of our employees, while supporting flexibility for all. Employees are currently required to work at least 4 days in the office per week, with the flexibility to work from home 1 day a week. Some business groups may require more time in the office due to their roles and responsibilities. We remain focused on increasing the impactful moments that arise when we work together in person – aligned with our commitment to performance and innovation. As a new joiner, you can count on this hybrid model to accelerate your learning and onboarding experience here at BlackRock. About BlackRock At BlackRock, we are all connected by one mission: to help more and more people experience financial well-being. Our clients, and the people they serve, are saving for retirement, paying for their children’s educations, buying homes and starting businesses. Their investments also help to strengthen the global economy: support businesses small and large; finance infrastructure projects that connect and power cities; and facilitate innovations that drive progress. This mission would not be possible without our smartest investment – the one we make in our employees. It’s why we’re dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive. For additional information on BlackRock, please visit @blackrock | Twitter: @blackrock | LinkedIn: www.linkedin.com/company/blackrock BlackRock is proud to be an Equal Opportunity Employer. We evaluate qualified applicants without regard to age, disability, family status, gender identity, race, religion, sex, sexual orientation and other protected attributes at law.

Line of Service Internal Firm Services Industry/Sector Not Applicable Specialism Operations Management Level Senior Associate Job Description & Summary At PwC, our people in business application consulting specialise in consulting services for a variety of business applications, helping clients optimise operational efficiency. These individuals analyse client needs, implement software solutions, and provide training and support for seamless integration and utilisation of business applications, enabling clients to achieve their strategic objectives. In ServiceNow consulting at PwC, you will gain extensive experience in ServiceNow applications and assist clients in optimising operational efficiency through analysis, implementation, training, and support tailored to ServiceNow software. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. Job Description & Summary: PwC is driving major change across technology including the building of a centralized model to deliver and manage technology services across the entire network of member firms. A career in PwC’s Technology and Security Operations, within Internal Firm Services, will provide opportunity to develop and support our global technology service delivery, both internally and externally. ServiceNow is the enterprise platform that enables Service Management at PwC. Using the ServiceNow platform, our team helps Internal Firm Services transform how they manage services to the business, and how the business manages services to our clients. If you are seeking an exciting career with the scope to grow your ServiceNow skills through major change on a global scale, then PwC Technology will empower you to do so. Responsibilities: What a Business Analyst does A ServiceNow Business Analyst focuses on analysing, designing, and implementing business processes within the ServiceNow platform. They bridge the gap between business needs and technical solutions, working with stakeholders to gather requirements, document processes, and ensure successful implementation and optimization of ServiceNow solutions. Their responsibilities include analysing business processes, translating requirements into actionable specifications, collaborating on solution design, and supporting users during and after implementation. · Conducting stakeholder interviews, workshops, and analysis of existing processes to understand business needs. · Documenting requirements, creating use cases, and developing process diagrams. · Translating business needs into functional and technical specifications for ServiceNow development. · Solution Design and Implementation: o Collaborating with IT teams and stakeholders to design and implement ServiceNow solutions. o Performing gap analysis and recommending solutions to optimize business processes within ServiceNow. o Ensuring alignment of solutions with business goals and objectives. o Participating in testing and validation of delivered solutions. · Ensure support items are rapidly triaged and managed Building and maintaining positive relationships with stakeholders. · Communicating effectively with stakeholders throughout the project lifecycle. · Providing support and guidance to users during and after implementation. · Identifying areas for improvement in business processes and recommending solutions using ServiceNow. · Staying up-to-date with new ServiceNow releases and features to continuously improve solutions. · Conducting audits to ensure proper tool usage and adherence to ITIL processes. · Planning and prioritizing tasks using agile methodologies. · Working with suppliers to prioritize requests and manage day-to-day operations. · Providing timely status reports to project managers. · Collaborate with other ServiceNow administrators and developers to develop effectively with a global focus · Be diligent in maintaining consistency in code alignment across instances and in clean code in update sets · Proactively identify system deficiencies in the ServiceNow instances and provide solutions to remediate · Ensure that configuration is consistent across development, testing, and production environments. Mandatory skill sets: 5+ years of experience working in a BA role for a ServiceNow Applications. ● 3+ years of experience as a ServiceNow administrator. ● Experience in transitioning technology from locally focused to centralized technology service organization. ● Experience with ITSM, ITBM, HRSD, Integration Hub or Service Portal modules within ServiceNow ● Understanding of RESTful Web Service and APIs. ● IT and Security management best practice (ITIL, COBIT, ISO standards). ● Experience developing workflows and supporting service technology teams ● Experience in developing solutions in JavaScript and Glide Preferred skill sets: Desired Certifications: · ITIL Foundations Certification · ServiceNow Developer Certification(s) Skills - · Strong understanding of business analysis principles and methodologies. · Proficiency in ServiceNow platform and its various modules (ITSM, ITOM, etc.). · Experience with requirements gathering, documentation, and process modeling. · Excellent communication, collaboration, and problem-solving skills. · Familiarity with ITIL framework and best practices. · Ability to work independently and as part of a team. Years of experience required: 5+ yrs Education qualification: Bachelors Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor Degree Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills ServiceNow Platform Optional Skills Accepting Feedback, Active Listening, Agile Methodology, Analytical Thinking, Application Security, Communication, Configuration Management (CM), Creativity, Cybersecurity, Embracing Change, Emotional Regulation, Empathy, Enterprise Architecture, Human Resources (HR) Consulting, Inclusion, Intellectual Curiosity, IT Change Management, Learning Agility, Optimism, Risk Compliance, Self-Awareness, ServiceNow Customer Service Management (CSM), ServiceNow Ticketing Tool, Teamwork, Well Being Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date

Role Description The 1st line Tech Risk and controls function at Deutsche sits within the Group Technology Infrastructure (GTI) for Deutsche Bank Group. GTI has the largest footprint within the Technology, Data and Innovation division and is joined by other business-aligned CIO IT divisions. The Tech Risk and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner. As part of the team, you will join the Banks journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction. Specifically, you will bring expertise to Control definition and assessments capability across IT Infrastructure, SDLC and Architecture domains supporting a proactive risk management function. It will therefore also include providing change risk advisory services for transformational change programs undertaken by or impacting GTI. You will liaise with other risk and control functions, on a management level to assure the integration of risk initiatives and projects. You will also support Regulatory Adherence and Policy Management function within TDI Risk Management. Its purpose is to provide oversight and supervision of new & changed material regulation impacting TDI, including full traceability to derived DB-specific Policies, Procedures, Key Operating Documents and Supporting Documents. Your key responsibilities Risk & Control Management Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present findings and proposals for risk mitigation measures. Support the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments. Work closely with teams in and out of the division to understand risks impacting the group. Align internal Deutsche Bank policies/procedures against industry recognized framework to strengthen the control framework and its implementation for both within the Bank and our 3rd party vendor relationships Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums Regulatory Adherence and Policy Management Coordination of regulatory adherence assessments across sub-divisions within TDI and management and review of Policies, Procedures, Key Operating Documents, Supporting Documents within TDI. Engage with stakeholders across TDI and other (e.g. 2nd line of defence) divisions in reviewing, assessing, and documenting the impact of regulations and planning remedial actions. Steer and support the publication of a consistent set of global and local Policies, Procedures, Key Operating Documents and Supporting Documents relating to Information Technology from laws, rules, and regulations. Risk remediation and Change Risk Advisory Support the Head of TDI GTI Risk Management in assessing risks related to strategic changes within the GTI Organization Proactively monitor risk landscape shift within the industry to identify transformation project opportunities to insulate Deutsche Bank from any potential risk exposure e.g., Production design life cycle, application and infrastructure architecture and its resilience Stakeholder Management Identify, Partner and Collaborate Work with relevant stakeholders to identify and assess controls gaps related to technology risk - measure and mitigate them in a timely manner Align with COO Division Control Office (DCO) team and NFRM (2nd LoD) ensuring successful and consistent implementation of the established control framework. Promote and support proactive IT risk culture at the Bank. Your skills and experience Desired experience Minimum 5 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework or IT Audit in a global organization. Experience in a regulatory oversight, assurance, or policy management function within technology. Or have suitable compliance or audit background within infrastructure (and preferably IT & Information Security). Extensive experience regarding development, training and implementation of IT Policies, Procedures, Key Operating Documents and Supporting Documents. Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 Other professional qualifications and certifications in Technology risk management Desired behaviors A strong team player comfortable in a cross-cultural and diverse operating environment Result oriented and ability to deliver under tight timelines Ability to successfully resolve conflicts in a globally matrix driven organization Excellent communication and collaboration skills Desire to learn about new and emerging technologies and continuous upskilling Must be comfortable with navigating ambiguity to extract meaningful risk insights.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Role Title : Associate Director-Regional Client Security Assurance Lead Sub Function: Client Security Assurance Objectives of the role The Regional Client Security Assurance Lead, Associate Director, plays a pivotal role in leading a team responding to security risk assessments and due diligence exercises from clients in the IN/MENA region. This position requires extensive collaboration with various global and local functional teams, such as Data Protection, Risk Management, Compliance, Counsel, Procurement, Information Security, Technology, and EY service lines. This role is responsible for leading and supporting client and regulatory inquiries about EY’s Global Information Security program. It assists EY client engagement teams by addressing client requests regarding how EY secures our client information using comprehensive technical controls and governance processes in line with EY Global Information Security requirements. This position involves managing multiple requests and responsibilities while supporting complex security assessments throughout various stages of the engagement life cycle. Additionally, it requires staying current with updates in EY's Information Security posture and technology offerings, thereby contributing to business growth and the development of new business opportunities. Key Responsibilities The Regional Client Security Assurance Lead serves as a dependable client security relationship manager for key EY clients throughout the client engagement lifecycle, aiming to sustain and expand business operations. Furthermore, this position involves leading a team, projects, performing data analytics, and management of operational processes within IN/MENA Client Security Assurance. Team Lead: Lead team members to foster career growth and help them become knowledgeable about the EY Information Security Program and facilitate client security assessments. Implement operating model for the IN/MENA Client Security Assurance team in alignment with our business objectives. Drive the Evolution of Client Security Assurance: Actively participate in the development, implementation, and ongoing enhancement of the Client Security Assurance function in alignment with industry best practices. Facilitate Security Assessments: Act as a key resource for client and engagement teams by providing expert guidance on inbound security assessments related to EY’s Global Information Security Program, fostering trust and confidence in the EY Global Information Security Program, and the controls in place to protect data along with safeguarding the confidentiality of our security controls. This also helps build EY’s reputation and brand in the market. Clearly communicate with clients and their appointed auditors, pertinent and appropriate details of the EY Global Information Security Program. Provide critical support to EY’s approach to winning new business and sustaining existing business relationships. Provide consulting services to account teams related to client security assessments and their Supplier Risk Management framework. Meet with Clients: Participate in client meetings as an Information Security representative, supporting EY account teams by addressing client inquiries related to the EY Global Information Security Program. Support Request for Proposal (RFP) process: Partner with client engagement teams to support the RFP process by addressing information security questions to help secure more business for EY. Engage with Regulators: Support inquiries and assessments from select local regulators, highlighting EY's commitment to transparency and compliance in governance processes, technologies, and information security controls. Support Contractual Compliance: Review and provide strategic commentary on information security requirements in client contracts, aligning with EY’s Information Security Program. Assist EY Legal Counsel and Client Account Teams in negotiating terms that protect both EY and client interests. Qualifications Minimum 15-19 years of recent progressive IT security compliance, risk management or related IT security experience with a large IT organization; preferably within a professional service firm, software product, cloud-based solutions, or other companies serving clients that are highly regulated entities. Bachelor’s degree from an accredited college or university is preferred. A good understanding of cloud infrastructure, networking, modern software development and technical security controls is required. Strong executive presence, negotiation, presentation, and communication skills are required. Excellent analytical and problem-solving skills to assess and solve complex security issues. Ability to work and navigate through EY’s Global firm understanding diverse perspectives and global client requirements. Ability to maintain calm during client assessments and respond to questions consistently and confirming internally the accuracy of responses before presenting them. Proven experience in client-facing roles, particularly in handling security assessments, ideally from client inquiries, but can also be the result of experience performing security assessment of suppliers. Demonstrated ability to adopt and strive for continuous process improvement, particularly in resulting from the innovation and integration of new technologies. Excellent collaboration skills, with the ability to engage effectively with cross-functional teams and stakeholders. Knowledge of various information security frameworks such as ISO27001/2, AICPA System and Organization Controls (SOC) Reports (SOC1, SOC2, and SOC3), NIST, COBIT and relevant regulatory requirements such as GDPR. Certifications such as CISSP, CISM, CISA, ISO 27001 Auditor, CRISC, CIPP are preferred. Keep up to date with industry trends, emerging technologies and best practices. Good understanding in the following concepts and domains: Governance Risk and Compliance: A system that ensures that organizations enforce governance, implement risk management strategies, and ensure regulatory compliance. Multitier Network Architecture: A design separating resources between the Internet and the internal infrastructure, incorporating multiple network layers. For on-premise solutions, this includes a DMZ (Demilitarized Zone) architecture. In cloud environments, it involves a combination of Network Security Groups (NSG), Virtual Networks (VNETs), IP-based restrictions on connections between resources, and Web Application Firewalls (WAF). Cloud security architecture: Cloud security architecture's purpose is to provide a structured framework for securing data, applications, and infrastructure in cloud environments. It includes the definition of security principles and a governance framework for all cloud services and applications from development through production. Distinction of Cloud Service Models such as IaaS, PaaS and SaaS and shared responsibility matrix: Infrastructure as a Service (IaaS): IaaS provides on-demand access to virtualized computing infrastructure, including servers, storage, and networking, allowing subscribers to build and manage their own applications, operating systems, and data while the cloud provider manages the underlying infrastructure. Platform as a Service (PaaS): PaaS offers a platform for developers to build, deploy, and manage applications without the need to manage the underlying operating systems and infrastructure. Software as a Service (SaaS): SaaS delivers software applications to users over the internet, allowing them to access and use the software without installing or managing it on their own devices. We will be dependent on the SaaS providers for the security controls to protect EY and client information. Application security: Measures taken to protect software applications from threats and vulnerabilities that can compromise the confidentiality, integrity, or availability of the data. Identity and access management: Includes use of authentication mechanisms, authorization measures, and privileged account management. Encryption standards: Standards for cryptography, used to protect data-at-rest and data-in-transit as well as provide a means of validating the authenticity, non-repudiation, and integrity of data. Endpoint security capabilities: Standards to protect endpoints such as laptops, desktops, smartphones, and tablets against cyberattacks. Incident response Plan: The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of malicious cyber-attacks against an organization’s information systems(s). Business impact analysis: Predicts the consequences of a disruption to your business, and gathers information needed to develop recovery strategies. Disaster recovery: Understand the disaster recovery plan for the applications used to support our clients. Stakeholder management This role is a combination of technical and business acumen capable of communicating and advocating EY’s brand as it relates to the Information Security Program, across a wide range of stakeholders. This requires communication skills adaptable to the appropriate audiences that address different perspectives, goals, and levels of technical knowledge. It also requires the ability to gain trust and act as a trusted consultant and liaison between clients, account teams and EY internal security functions. Stakeholders include: Product/Application owners – responsible for the full lifecycle of a technology solution that fulfills a business need or objective. Client Security Assurance provide useful feedback from clients to further enhance their products/applications. Architects and Engineers – EY technology leaders who design and build solutions based on business requirements. Information Security Leadership Team – responsible for all matters for security related to the security program. Extended Security Team – responsible for specific domains such as Security Consulting, Application Security Compliance, Supplier Risk Assessment, Cyber Defense, Business Impact Analysis, Information Security Policies related to the security program. EY Partners and Account teams: Ultimately responsible for the relationship with EY clients and the selection and usage of the technology leveraged for their services and deliverables. EY Clients and Client Security Auditors – The ultimate customer for EY’s technology or service delivery who expect EY’s technology solutions to adequately protect their data and maintain appropriate service levels. The Client Security Assurance Senior Consultant will participate in number of client meetings with the engagement team to answer questions and provide clarification on how EY secure client information. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

The Resource Utilization Manager plays a crucial role in managing and optimizing the allocation of resources within the Digital and technology department. They are responsible for ensuring that resources, including personnelare efficiently utilized to support the departments objectives and projects. This role involves strategic planning, monitoring, and analysis to ensure that resources are allocated effectively, projects are adequately supported, and budgetary constraints are adhered to. This includes trend analysis and capacity planning and allowing for a fluid deployment of resources across teams based on needs. Ultimately, the Resource Utilization Lead plays a pivotal role in driving Aramex s operational efficiency and maximizing the value of resources within the technology department. Through strategic planning, effective communication, and continuous improvement efforts, they help ensure that the department operates efficiently, delivers projects successfully, and contributes to the organizations overall success. The overall purpose of this role is to: Develop and implement strategies for effective resource management. Tracking the utilization of resources within the function. Align resource allocation with departmental and organizational goals. Capacity planning for near term and medium term. Enhance operational efficiency through continuous improvement initiatives. Foster a culture of collaboration and communication within the technology department. Leverage industry insights and vendor partnerships to optimize resource availability and utilization. Ensure timely and cost-effective delivery of resources to support project success. Implement risk management practices to address potential resource constraints or misallocation. Job Description Resource Allocation and Utilization: Facilitate efficient allocation of resources within the Technology department. Ensure optimal utilization of personnel, hardware, software, and budgetary allocations. Support project success by providing necessary resources in a timely and cost-effective manner. Optimize resource usage to maximize productivity and minimize waste. Communication and Collaboration: Initiate and execute intra-departmental communication and improvement activities within the D&T Division to align Technology deliveries with business priorities. Facilitate effective communication and collaboration between stakeholders. Drive continuous improvement in resource management processes and practices. Vendor Management Cultivate and manage vendor relationships to access supplementary resources as necessary. Ensure that capacity planning includes vendor resources as needed Risk Mitigation: Maintain awareness of industry trends and best practices in resource management. Mitigate risks associated with resource constraints or misallocation. Job Requirements - Experience and Education A university degree in Management Information Systems, computer Science or related field is essential. Minimum 5 - 7 years background in IT with proven experience in resource management, capacity planning, project management, or a related field within a technology environment. Strong understanding of IT Governance, processes and methodologies Knowledge of technology trends and industry best practices related to resource utilization and optimization. Excellent leadership, communication, and analytical skills. Ability to work collaboratively with cross-functional teams. Proficiency in project management tools and software. Experience with IT performance management frameworks (e.g., ITIL, COBIT) Leadership Behaviors Building Outstanding Teams Setting a clear direction Simplification Collaborate & break silos Execution & Accountability Growth mindset Innovation Inclusion External focus Skills

Job Responsibilities: Plan, execute and report all IT and cyber security related audit activities for OakNorth Bank plc Provide independent assurance to senior management that the bank s IT infrastructure is fit for purpose to allow the bank to safely deliver best-in-class services to all its customers Ensure best practice and frameworks are followed to adhere to various audit guidelines and standards A Subject Matter Expert who can build a strong network for himself/herself and execute audit work autonomously all the way through to review whilst having a strong sense of customer service Manage IT related audit activities for the OakNorth Bank plc Delivers at least one audit per quarter: some audits to be delivered alone and others in partnership with the existing OakNorth audit team or empanelled co-sourced partner Document audit fieldwork, findings and prepare audit reports Review audit evidences and track closure of management actions Report on audit activity to senior management Continuously improve the IT audit methodology which suits the highly technical, disruptive, global, and fast-moving environment Supports IA team and colleagues on subject matter whilst keeping in mind team goals, not only individual targets Deliver internal and external certification audits Execute ITGC, network, cyber and cloud security audits Conduct internal audits to provide information whether the firm s Information Security Management System conforms to the Internationally recognised Standards Deliver audits to evaluate the evolving cybersecurity automation ecosystem( best-in-breed ) Perform cloud security assessments for AWS / Azure cloud platforms and other cloud-based solutions Carry out technical security reviews of firewall configurations, DLP, IAM, IPS /IDS and other critical applications Audit the continuously improving IT infrastructure model with newly emerging and flexible work solutions, post Covid-19 Continuously assess and report, how well the Bank assesses internal and external threats including email attacks and vulnerabilities, as well as the fitness for purpose and effectiveness of its strategic and tactical responses Challenge incident, disaster response and business continuity plans and review the test reports, outcomes to verify backup / restore set-ups and RPO / RTO levels Desired Skills: Hunger, fire (10x, momentum) Ability to work with others across teams, geographies, and legal entities (one team) Not a prima donna / ego issue (right ambition) Not highly political or spin doctor (say it as it is) Logical thinking, ability to get to the simplest answer as opposed to a convoluted one (challenge and simplify) An honest person who operates with a high degree of ethics and integrity through any situation (right ambition, say it as it is) Someone with a minimum of 3 years of banking / consulting experience in IT security audits Someone who holds a degree in information technology from a top institute with a consistently good academic record Holds at least one globally recognised IT certification, and working towards a second (IA / Risk or technical) Hands-on experience of working on some of the latest and best auditing / GRC tools A good understanding and knowledge of IT Security Compliance frameworks and industry control standards and, such as NIST, ISO 27001, COSO, COBIT, and ITIL A self-starter and fast learner; someone who can work and learn on his/her own Someone with gravitas and whose opinion matters; someone who is trusted by colleagues across the firm, from the most junior to the most senior A person who focuses on what matters most: outcomes; someone who relentlessly avoids hypothetical risks and verbose

The 1st line Tech Risk and controls function at Deutsche sits within the Group Technology Infrastructure (GTI) for Deutsche Bank Group. GTI has the largest footprint within the Technology, Data and Innovation division and is joined by other business-aligned CIO IT divisions. The Tech Risk and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner. As part of the team, you will join the Banks journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction. Specifically, you will bring expertise to Control definition and assessments capability across IT Infrastructure, SDLC and Architecture domains supporting a proactive risk management function. It will therefore also include providing change risk advisory services for transformational change programs undertaken by or impacting GTI. You will liaise with other risk and control functions, on a management level to assure the integration of risk initiatives and projects. You will also support Regulatory Adherence and Policy Management function within TDI Risk Management. Its purpose is to provide oversight and supervision of new & changed material regulation impacting TDI, including full traceability to derived DB-specific Policies, Procedures, Key Operating Documents and Supporting Documents. This role will report to GTI Control Assessment Lead Your key responsibilities Risk & Control Management Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present findings and proposals for risk mitigation measures. Support the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments. Work closely with teams in and out of the division to understand risks impacting the group. Align internal Deutsche Bank policies/procedures against industry recognized framework to strengthen the control framework and its implementation for both within the Bank and our 3rd party vendor relationships Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums Regulatory Adherence and Policy Management Coordination of regulatory adherence assessments across sub-divisions within TDI and management and review of Policies, Procedures, Key Operating Documents, Supporting Documents within TDI. Engage with stakeholders across TDI and other (e.g. 2nd line of defence) divisions in reviewing, assessing, and documenting the impact of regulations and planning remedial actions. Steer and support the publication of a consistent set of global and local Policies, Procedures, Key Operating Documents and Supporting Documents relating to Information Technology from laws, rules, and regulations. Risk remediation and Change Risk Advisory Support the Head of TDI GTI Risk Management in assessing risks related to strategic changes within the GTI Organization Proactively monitor risk landscape shift within the industry to identify transformation project opportunities to insulate Deutsche Bank from any potential risk exposure e.g., Production design life cycle, application and infrastructure architecture and its resilience Stakeholder Management Identify, Partner and Collaborate Work with relevant stakeholders to identify and assess controls gaps related to technology risk - measure and mitigate them in a timely manner Align with COO Division Control Office (DCO) team and NFRM (2nd LoD) ensuring successful and consistent implementation of the established control framework. Promote and support proactive IT risk culture at the Bank. Your skills and experience Desired experience Minimum 5 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework or IT Audit in a global organization. Experience in a regulatory oversight, assurance, or policy management function within technology. Or have suitable compliance or audit background within infrastructure (and preferably IT & Information Security). Extensive experience regarding development, training and implementation of IT Policies, Procedures, Key Operating Documents and Supporting Documents. Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 Other professional qualifications and certifications in Technology risk management Desired behaviors A strong team player comfortable in a cross-cultural and diverse operating environment Result oriented and ability to deliver under tight timelines Ability to successfully resolve conflicts in a globally matrix driven organization Excellent communication and collaboration skills Desire to learn about new and emerging technologies and continuous upskilling Must be comfortable with navigating ambiguity to extract meaningful risk insights

Lead and Deliver Audits : Plan, execute, and report IT and cyber security audits covering ITGCs, cloud (AWS/Azure), networks, data protection, automation, and digital transformation initiatives. Manage audits independently or with co-sourced partners, ensuring end-to-end delivery. Support GenAI Risk Assurance : Assess risks and controls related to the Bank s adoption of Generative AI covering governance, data integrity, ethical usage, access controls, and operational safeguards. Leverage GenAI tools to enhance audit execution and insight generation. Evaluate Cybersecurity and Resilience : Review threat detection capabilities, cybersecurity controls (e.g., IAM, DLP, IDS/IPS), and response readiness. Challenge business continuity, disaster recovery, and incident response plans, including backup processes and RPO/RTO targets. Stakeholder Engagement and Reporting : Provide clear, actionable reporting to senior management and collaborate with Technology, Risk, and Operations teams to strengthen control environments and drive improvements. Team Development and Methodology Improvement : Guide, coach, and mentor junior auditors; contribute to the evolution of IT audit methodology to reflect emerging technologies, risks, and regulatory expectations. What We re Looking For: Must-Haves: Overall experience of 8 years with Minimum 3 years of experience in IT audit or cyber risk, ideally within banking, fintech, or a Big 4 advisory firm. Degree in Information Technology, Computer Science, or a related field with a strong academic record. At least one globally recognized IT audit/security certification (e.g., CISA, CISSP, ISO 27001 LA); Familiarity with GenAI use cases and associated risks in an enterprise setting. Strong understanding of frameworks like NIST, ISO 27001, COBIT, COSO, and ITIL. Experience using GRC tools and a passion for applying technology in audit work. Preferred Traits: High drive and bias for action brings energy and momentum to audit delivery. Clear and structured communicator who simplifies complexity and delivers insights. A collaborative leader who uplifts others coaches, mentors, and supports junior colleagues. Operates with integrity and directness say it as it is mindset. Trusted and respected by peers and stakeholders at all levels of the organization. Fast learner and problem-solver who thrives in a changing environment.

Chennai, India Hyderabad, India Job ID: R-1070299 Apply prior to the end date: July 19th, 2025 When you join Verizon You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love — driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together — lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the #VTeamLife. What you’ll be doing... You'll be part of the "Verizon Global Infrastructure (VGI), Network & Information Security” group working on security and automation tools to protect against cyber threats within the VGS Technology organization. You will work with a team of cybersecurity engineers with network & infrastructure background, threat intelligence analysts and risk management personnel to align common technologies and practices that fortify our applications, systems, IT network and infrastructure. Infrastructure Security Governance Implementing IT infrastructure governance policies and procedures. Ensuring compliance with relevant industry standards and regulations (e.g., ISO 27001, GDPR). Establishing and maintaining a control framework for infrastructure management Identifying, implementing and operationalize metrics, dashboards, scorecards, and tracking to consistently measure the current state of cybersecurity across VGS Infrastructure, leveraging industry best practices and standards where possible. Ensuring effectiveness and coverage of the Security Policies and Controls of VGS Infrastructure, prioritizing by risk level. Instilling ownership and accountability for security-based metrics and drive increased maturity, visibility, and subject-matter expertise for all segments. Developing action plans jointly with all stakeholders to remediate deviations, providing necessary support to close on all key items. Championing a highly collaborative work model with an aptitude of building and maintaining relationships across different teams at multiple senior levels, internally and externally. Developing awareness, training & compliance programs focused on Infrastructure Cybersecurity practices, leveraging the Mavens program - a team of security professionals who facilitate adoption of security by design. Ensuring Security posture of VGS Infrastructure, e.g., access management, vulnerabilities remediation, etc. Coordinating necessary activities with our VCS organization: pen testing, incident response, data collection, etc. Identifing and evaluating potential threats and vulnerabilities. Develop mitigation strategies and track remediation efforts. What we’re looking for... You'll need to have: Bachelor’s degree or four or more years of work experience in network engineering, computer science, IT infrastructure or related discipline Seven or more years of relevant work experience in Security, IT, and/or Network Experience in managing enterprise scale server infrastructure Experience in managing public/private cloud infrastructure Understanding of network fundamentals, switching, routing protocols, load balancers, web proxies, firewalls and software defined networking solutions. Understanding of security fundamentals Confidentiality, Integrity, Availability, access control, Authentication, Authorization, Auditing secure design concepts like Experience in design and implementation of network security solutions like firewalls, intrusion detection and prevention systems, VPN , web proxies etc using vendor products like Cisco, Juniper, Checkpoint, Palo Alto etc Knowledge of IT governance frameworks and standards (e.g., COBIT, ITIL) Relevant certifications such as CISSP, CISM, CRISC or CompTIA Security+ Even better if you have: Bachelor’s degree in cybersecurity, network, engineering, computer science or related discipline. Ability to thrive in a dynamic environment while managing multiple high-priority projects. Industry relevant security certifications Security+, OSCP, CEH, CISSP, GIAC etc Strong expertise in at least one operating system Window or Linux. Cloud relevant certifications CCSP, CCSK #NtwSec Where you’ll be working In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. Scheduled Weekly Hours 40 Equal Employment Opportunity Verizon is an equal opportunity employer. We evaluate qualified applicants without regard to race, gender, disability or any other legally protected characteristics. Apply Now Save Saved Open sharing options Share Related Jobs Principal-Sec Risk Mgt Save Chennai, India, +1 other location Technology Principal-Ntwk & Info Sec Save Chennai, India, +1 other location Technology Security Consultant IV-Security Risk Management Save Hyderabad, India, +1 other location Technology Shaping the future. Connect with the best and brightest to help innovate and operate some of the world’s largest platforms and networks.

Required Skills & Experience: Monitor, test, and evaluate the effectiveness of IT General Controls (ITGCs) across SAP systems including ECC, S/4HANA, and BW. Conduct control self-assessments and ensure remediation plans are in place for identified deficiencies. Support quarterly and annual audit activities (internal/external) by preparing evidence, walkthroughs, and control assessments. Good knowledge of SAP S/4 Security and SAP GRC Access Control (ARA, ARM, EAM) is an added advantage. Experience with IT General Controls related to access management , change management , and operation controls . Hands-on experience in SOX compliance , audit coordination , and evidence preparation . Familiarity with SAP tools and tables related to user provisioning, role design, and change tracking (e.g., STAD, SUIM, ST03N). Working knowledge of risk and compliance frameworks (SOX, COBIT, NIST, GDPR). Excellent communication , stakeholder management and documentation skills for audit and leadership reporting. Experience : 3- 7 Years Location : Bangalore SAP ITGC and TPA (SOC1, SOC2) SAP ITGC SOX 404, ITGC, TPA (SOC1, SOC2)

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech – Senior - IT audit – General skills Key Responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Job Title: IT Advisory – SOC Assurance Specialist Location: Bengaluru / Kolkata, India Employment Type: Full-Time Department: Special Attestation Reporting (SASS) Key Responsibilities: Manage and execute multiple client engagements related to SOC 1, SOC 2, SOC 3, and HITRUST assessments. Perform IT General Controls (ITGC) testing across applications, ERPs, operating systems, and databases. Conduct Test of Design (ToD) and Test of Operating Effectiveness (ToE) using industry frameworks (COSO, COBIT, ISO, ERM). Monitor engagement timelines, quality standards, and proactively address issues or risks. Prepare detailed reports, client deliverables, and engagement status updates. Ensure adherence to internal quality and risk management procedures. Drive productivity improvement initiatives and contribute to engagement planning. Handle client communications and maintain strong relationships with stakeholders including Partners, Project Managers, and Directors. Assist senior leadership in developing methodologies, training programs, and process enhancements. Mentor junior staff, conduct performance coaching, and contribute to team development. Participate in knowledge-sharing sessions and promote a positive, inclusive team culture. Identify and support business development opportunities within existing engagements. Required Skills & Competencies: Hands-on experience with: SOC 1/2/3 assessments and reporting (SSAE 18) HITRUST and HIPAA-related audits ITGCs across various technology platforms (Applications, OS, ERP, DB) Business Process Control reviews Knowledge of audit frameworks such as COSO, COBIT, ISO, and ERM. Familiarity with internal audit standards (IIA, ICAI, ISACA). Strong documentation, presentation, and stakeholder management skills. Proficiency in Microsoft Office tools – Excel, Word, PowerPoint, Access. Experience working with offshore and onshore delivery models is a plus. Excellent written, verbal communication, and interpersonal skills. Preferred Qualifications: Bachelor’s or Master’s degree in Information Technology, Computer Science, or a related field. Relevant certifications (CISA, CPA, CA, or equivalent) preferred.

When you join Verizon You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love — driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together — lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the #VTeamLife. What You’ll Be Doing... You'll be part of the "Verizon Global Infrastructure (VGI), Network & Information Security” group working on security and automation tools to protect against cyber threats within the VGS Technology organization. You will work with a team of cybersecurity engineers with network & infrastructure background, threat intelligence analysts and risk management personnel to align common technologies and practices that fortify our applications, systems, IT network and infrastructure. Infrastructure Security Governance Implementing IT infrastructure governance policies and procedures. Ensuring compliance with relevant industry standards and regulations (e.g., ISO 27001, GDPR). Establishing and maintaining a control framework for infrastructure management Identifying, implementing and operationalize metrics, dashboards, scorecards, and tracking to consistently measure the current state of cybersecurity across VGS Infrastructure, leveraging industry best practices and standards where possible. Ensuring effectiveness and coverage of the Security Policies and Controls of VGS Infrastructure, prioritizing by risk level. Instilling ownership and accountability for security-based metrics and drive increased maturity, visibility, and subject-matter expertise for all segments. Developing action plans jointly with all stakeholders to remediate deviations, providing necessary support to close on all key items. Championing a highly collaborative work model with an aptitude of building and maintaining relationships across different teams at multiple senior levels, internally and externally. Developing awareness, training & compliance programs focused on Infrastructure Cybersecurity practices, leveraging the Mavens program - a team of security professionals who facilitate adoption of security by design. Ensuring Security posture of VGS Infrastructure, e.g., access management, vulnerabilities remediation, etc. Coordinating necessary activities with our VCS organization: pen testing, incident response, data collection, etc. Identifing and evaluating potential threats and vulnerabilities. Develop mitigation strategies and track remediation efforts. What We’re Looking For... You'll need to have: Bachelor’s degree or four or more years of work experience in network engineering, computer science, IT infrastructure or related discipline Seven or more years of relevant work experience in Security, IT, and/or Network Experience in managing enterprise scale server infrastructure Experience in managing public/private cloud infrastructure Understanding of network fundamentals, switching, routing protocols, load balancers, web proxies, firewalls and software defined networking solutions. Understanding of security fundamentals Confidentiality, Integrity, Availability, access control, Authentication, Authorization, Auditing secure design concepts like Experience in design and implementation of network security solutions like firewalls, intrusion detection and prevention systems, VPN , web proxies etc using vendor products like Cisco, Juniper, Checkpoint, Palo Alto etc Knowledge of IT governance frameworks and standards (e.g., COBIT, ITIL) Relevant certifications such as CISSP, CISM, CRISC or CompTIA Security+ Even Better If You Have Bachelor’s degree in cybersecurity, network, engineering, computer science or related discipline. Ability to thrive in a dynamic environment while managing multiple high-priority projects. Industry relevant security certifications Security+, OSCP, CEH, CISSP, GIAC etc Strong expertise in at least one operating system Window or Linux. Cloud relevant certifications CCSP, CCSK #NtwSec Where you’ll be working In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. Scheduled Weekly Hours 40 Equal Employment Opportunity Verizon is an equal opportunity employer. We evaluate qualified applicants without regard to race, gender, disability or any other legally protected characteristics.

Job Description The Senior Manager - Enterprise Application Support is a core member of Enterprise IT Leadership team and will be the driving force for leading the application support team, ensuring the stability, performance, and continuous improvement of business-critical applications, including Enterprise Resource Planning (ERP) and Sales Customer Relationship Management (CRM) systems . This role involves managing incident resolution, driving service improvements, collaborating with stakeholders, and overseeing governance, compliance, and vendor relationships. Responsibilities Application Support & Service Management Oversee the maintenance, monitoring, and support of enterprise applications, particularly ERP (SAP, Oracle Fusion, CLM, etc.) and Sales CRM (Salesforce, HubSpot, etc.) to ensure high availability and reliability. Manage the incident, problem, and change management processes following ITIL best practices. Drive root cause analysis (RCA) and continuous improvement initiatives to enhance application performance and reduce recurring issues. Ensure compliance with SLAs and KPIs for application support services. Work closely with business teams to optimize ERP and CRM functionalities, streamline workflows, and enhance user experience. Stakeholder & Vendor Management Act as the primary point of contact for business users regarding ERP and Sales CRM application-related issues and improvements. Collaborate with IT teams, business units, and external vendors to enhance application functionality and user experience. Manage third-party vendors and service providers, ensuring contractual adherence and performance excellence. Team Leadership & Development Lead, mentor, and develop a team of application support professionals, fostering a culture of continuous learning and innovation. Define roles, responsibilities, and career development plans for team members. Provide training and knowledge-sharing sessions to enhance team capabilities in ERP and Sales CRM applications. Governance, Compliance, & Security Ensure adherence to IT policies, security protocols, and regulatory requirements for all enterprise applications. Implement and maintain controls to safeguard ERP and CRM data integrity and security. Conduct periodic audits and risk assessments to identify vulnerabilities and mitigate risks. Continuous Improvement & Innovation Identify opportunities for automation, process optimization, and proactive monitoring of business applications. Collaborate with IT development teams to enhance application supportability, integrations, and performance. Drive innovation by exploring emerging technologies and best practices in ERP and CRM application management. Qualifications Education & Experience: Bachelor’s degree in Computer Science, Information Technology, or a related field. 15+ years of experience in IT application support, with at least 5-7 years in a leadership role. Strong experience managing ERP and Sales CRM applications in a complex ITeS and consulting environment. Technical & Functional Skills Expertise in ERP systems (SAP S4 HANA, Oracle Fusion HCM & PPM, etc.) and Sales CRM platforms (Salesforce, HubSpot, etc.). Strong knowledge of IT service management (ITSM) frameworks such as ITIL. Hands-on experience with application monitoring, troubleshooting, and performance optimization. Familiarity with cloud-based applications, databases, and middleware technologies. Understanding of DevOps, Agile methodologies, and CI/CD processes is a plus. Soft Skills Strong leadership, people management, and communication skills. Ability to collaborate with cross-functional teams and influence stakeholders. Strategic thinking with a problem-solving and analytical mindset. Preferred Certifications ITIL Foundation or higher ERP certifications (SAP, Oracle, SFDC, etc.) CRM certifications (Salesforce Administrator, HubSpot CRM, etc.) PMP (Project Management Professional) COBIT, ISO 27001, or other IT governance certifications Cloud certifications (AWS, Azure, or Google Cloud)

When you join Verizon You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love — driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together — lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the #VTeamLife. What You’ll Be Doing... You'll be part of the "Verizon Global Infrastructure (VGI), Network & Information Security” group working on security and automation tools to protect against cyber threats within the VGS Technology organization. You will work with a team of cybersecurity engineers with network & infrastructure background, threat intelligence analysts and risk management personnel to align common technologies and practices that fortify our applications, systems, IT network and infrastructure. Infrastructure Security Governance Implementing IT infrastructure governance policies and procedures. Ensuring compliance with relevant industry standards and regulations (e.g., ISO 27001, GDPR). Establishing and maintaining a control framework for infrastructure management Identifying, implementing and operationalize metrics, dashboards, scorecards, and tracking to consistently measure the current state of cybersecurity across VGS Infrastructure, leveraging industry best practices and standards where possible. Ensuring effectiveness and coverage of the Security Policies and Controls of VGS Infrastructure, prioritizing by risk level. Instilling ownership and accountability for security-based metrics and drive increased maturity, visibility, and subject-matter expertise for all segments. Developing action plans jointly with all stakeholders to remediate deviations, providing necessary support to close on all key items. Championing a highly collaborative work model with an aptitude of building and maintaining relationships across different teams at multiple senior levels, internally and externally. Developing awareness, training & compliance programs focused on Infrastructure Cybersecurity practices, leveraging the Mavens program - a team of security professionals who facilitate adoption of security by design. Ensuring Security posture of VGS Infrastructure, e.g., access management, vulnerabilities remediation, etc. Coordinating necessary activities with our VCS organization: pen testing, incident response, data collection, etc. Identifing and evaluating potential threats and vulnerabilities. Develop mitigation strategies and track remediation efforts. What We’re Looking For... You'll need to have: Bachelor’s degree or four or more years of work experience in network engineering, computer science, IT infrastructure or related discipline Seven or more years of relevant work experience in Security, IT, and/or Network Experience in managing enterprise scale server infrastructure Experience in managing public/private cloud infrastructure Understanding of network fundamentals, switching, routing protocols, load balancers, web proxies, firewalls and software defined networking solutions. Understanding of security fundamentals Confidentiality, Integrity, Availability, access control, Authentication, Authorization, Auditing secure design concepts like Experience in design and implementation of network security solutions like firewalls, intrusion detection and prevention systems, VPN , web proxies etc using vendor products like Cisco, Juniper, Checkpoint, Palo Alto etc Knowledge of IT governance frameworks and standards (e.g., COBIT, ITIL) Relevant certifications such as CISSP, CISM, CRISC or CompTIA Security+ Even Better If You Have Bachelor’s degree in cybersecurity, network, engineering, computer science or related discipline. Ability to thrive in a dynamic environment while managing multiple high-priority projects. Industry relevant security certifications Security+, OSCP, CEH, CISSP, GIAC etc Strong expertise in at least one operating system Window or Linux. Cloud relevant certifications CCSP, CCSK #NtwSec Where you’ll be working In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. Scheduled Weekly Hours 40 Equal Employment Opportunity Verizon is an equal opportunity employer. We evaluate qualified applicants without regard to race, gender, disability or any other legally protected characteristics.

Overview The SOX ITGC Auditor is responsible for ensuring that the SOX processes support compliance of the internal controls for financial reporting. The SOX ITGC Auditor will perform assurance procedures to assess the design and effectiveness of ITGC, perform quality assurance over existing control, and help prepare reporting for business leadership. Responsibilities Duties and Responsibilities: Preform detail-oriented, quality assurance over existing quarterly controls. Execute testing of end of year ITGC and application controls in accordance with defined test attributes and guidance (Tests of Effectiveness) Monitor, follow up on the status of corrective action plans, and test the remediation of identified deficiencies before end of year. Work with external auditors to ensure inquires and requests are addressed. Work with Enterprise Risk Management (ERM), SOX control performers, SOX control evaluators, and control owners to perform end of year tasks. Problem solve and step in to complete work to meet critical deadlines. Education and Experience Bachelors degree or higher in Computer Science, Information Technology, finance or accounting, similar field, or equivalent experience. 4+ years large public company internal and external auditing, with emphasis on IT auditing in large public companies with complex IT hybrid environments and/or large accounting firms with experience auditing a complex IT client base. Strong IT audit program and practices experience. Big 4 IT Audit experience required. Strong understanding of the general computer control areas and IT governance frameworks (e.g., COBIT), Sarbanes Oxley, and COSO framework. Strong ability to understand, assess and prioritize risks across the components of the IT environment (application, operating system, and database). Ability to work independently Strong analytical, interpersonal, and leadership skills with orientation toward process improvement Requirements Duties and Responsibilities: Preform detail-oriented, quality assurance over existing quarterly controls. Execute testing of end of year ITGC and application controls in accordance with defined test attributes and guidance (Tests of Effectiveness) Monitor, follow up on the status of corrective action plans, and test the remediation of identified deficiencies before end of year. Work with external auditors to ensure inquires and requests are addressed. Work with Enterprise Risk Management (ERM), SOX control performers, SOX control evaluators, and control owners to perform end of year tasks. Problem solve and step in to complete work to meet critical deadlines. Education and Experience Bachelors degree or higher in Computer Science, Information Technology, finance or accounting, similar field, or equivalent experience. 4+ years large public company internal and external auditing, with emphasis on IT auditing in large public companies with complex IT hybrid environments and/or large accounting firms with experience auditing a complex IT client base. Strong IT audit program and practices experience. Big 4 IT Audit experience required. Strong understanding of the general computer control areas and IT governance frameworks (e.g., COBIT), Sarbanes Oxley, and COSO framework. Strong ability to understand, assess and prioritize risks across the components of the IT environment (application, operating system, and database). Ability to work independently Strong analytical, interpersonal, and leadership skills with orientation toward process improvement

A career within Internal Audit services, will provide you with an opportunity to gain an understanding of an organisation’s objectives, regulatory and risk management environment, and the diverse needs of their critical stakeholders. We focus on helping organisations look deeper and see further considering areas like culture and behaviours to help improve and embed controls. In short, we seek to address the right risks and ultimately add value to their organisation. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. Responsibilities As a Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: Invite and give in the moment feedback in a constructive manner. Share and collaborate effectively with others. Identify and make suggestions for improvements when problems and/or opportunities arise. Handle, manipulate and analyse data and information responsibly. Follow risk management and compliance procedures. Keep up-to-date with developments in area of specialism. Communicate confidently in a clear, concise and articulate manner - verbally and in the materials I produce. Build and maintain an internal and external network. Seek opportunities to learn about how PwC works as a global network of firms. Uphold the firm's code of ethics and business conduct. Essential Duties And Responsibilities Manage and direct the work streams related to IT SOX Compliance covering ITGC and IT Dependencies (ITAC, Interfaces, IPE’s). Provide technical support in the assessment, design and implementation of ITGC requirements. Thorough understanding around ITGC domains such as Logical Access, Change Management, SDLC and Computer Operations. Exposure of testing IT Application Controls (Configurable, Non-configurable), Interfaces, IPE’s, Data Migration and Platform Reviews. Review control evidence for adherence to accuracy, completeness and precision of control execution for all ITGC. Develop, implement and test controls for new acquisitions and in-scope entities. Work with control owners and operators to ensure quality, consistency and operability of new and existing controls. Collaborate and build long-term relationships with key stakeholders in a fast-paced and matrixed work environment. Review test findings, facilitate the remediation of ITGC control gaps, and escalate possible critical issues to senior management of client/Onshore teams. Plan and direct the work to team members, monitor their work, and take corrective action when necessary. Coaches, mentors, and develops direct reports, including overseeing new hire onboarding process and providing career development planning and opportunities; maintains a safe, secure, and legal work environment. Builds and maintains strong peer relationships within the team and across the organization. Coordinates work with External Auditors of the client if needed. Manage the Cyber, Risk & Regulatory (Advisory) team and client portfolio to deliver 8,000 to 12,000 of client hours. Interpersonal Skills Ability to work independently under general supervision with latitude for initiative and independent judgment. Effective verbal and written communications, including active listening skills and skill in presenting findings and recommendations. Ability to establish and maintain effective working relationships with co-workers and external contactors/auditors. Detail-oriented & comfortable working on multiple projects simultaneously. Individuals would be expected to cultivate a strong team environment and promote a positive working relationship amongst their team. Excellent communication skills, written and verbal would be expected. Ensure client service delivery in accordance with the quality guidelines & methodologies. Build and maintain client relationships by understanding and being responsive to client needs and ensuring high quality of deliverables. Contribute to people and knowledge development initiatives by developing training material and conducting training. Demonstrate strong analytical thinking and communication skills including the ability to research and understand complex processes and effectively communicate them to interested parties. Demonstrate superior relationship building and relationship management skills. Client Management Develop strong working relationships with the client and onshore teams. Maintain excellent rapport and proactive communication with the stakeholders and clients. Operational excellence Suggest ideas on improving engagement productivity and identify opportunities for improving client service. Manage engagement budgets and ensure compliance with engagement plans and internal quality & risk management procedures. People related Display teamwork, integrity and leadership. Work with team members to set goals and responsibilities for specific engagements. Foster teamwork and innovation. Utilize technology & tools to continually learn and innovate, share knowledge with team members and enhance service delivery. Conduct workshops and technical training sessions for team members. Contribute to the learning & development agenda and knowledge harnessing initiatives Mentor and coach junior team members, enabling them to meet their performance goals and successfully grow their careers. Minimum Qualifications Bachelor’s degree in Information Systems, Computer Science Engineering B.E., B. TECH, M. TECH, MCA, BCA, CA, MBA Experience of business experience in technology audit, risk management, compliance, consulting, or information security including acting in the capacity of a supervisor Excellent knowledge of IT General Controls, automated and security controls Knowledge of security measures and auditing practices within various operating systems, databases and applications Experience in auditing financial applications, cyber security practices, privacy and various infrastructure platforms such as Unix, Linus, Windows, SQL Server, Oracle Databases Knowledge and concepts of auditing of cloud platforms (AWS, Azure and Google Cloud) Experience designing continuous auditing and monitoring tools and techniques is a plus. Good understanding of CoBIT 5 Domains of Access Management, SLDC & Change and Computer Operations and Control Design and Testing of SOX IT General Controls (ITGC) and/or IT Application Controls (ITAC) Experience in identifying control gaps and communicating audit findings and control redesign recommendations to Management/Clients Knowledge of regulations impacting privacy, integrity and availability of clients PII. Functional knowledge of major ERP suites (like SAP, Dynamics, Oracle EBS, Peoplesoft) Understanding of audit concepts and regulations Required overall experience in testing/reviewing and implementation of ITGC controls, CoBit 5 and developing COSO framework Candidates with 6-8 years of relevant experience in similar role, preferably with a “Big 4” or equivalent Chartered Accountant (would be added advantage) Certification(s) Preferred CISA / CISM / CRISC / CISSP / ISO 27001 LA certifications

Qualification: Bachelors degree in computer Science or IT higher-level qualification Perform 3rd-party audits and trainings according to ISO/IEC 27001, ISO 9001 & other IT specific standards/ frameworks Provide timely and accurate reviews of client’s corrective action and closure. Minimum 5+ years’ Experience in IT /Management system Implementation / certification and Minimum 2 years of profound experience in the field of information security. Great attitude, Analytical skills and communication skills. Preferred: IRCA Certified, ITIL Certified, CISA, CISM, CISSP, MCSE, MCSA and/or MBA Good understanding of relevant regulations and industry standards (e.g. ITIL Framework, FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA, HiTrust and GLBA), best practices and methodologies and the ability to apply these requirements to organizational internal control frameworks. Able to travel for business purpose(70-80%).