1041 Cobit Jobs - Page 20

: Job Title- Business Control Officer, AVP Location- Pune, India Role Description DWS Group (DWS) is one of the world's leading asset managers. Building on more than 60 years of experience and a reputation for excellence in Germany and across Europe, DWS has come to be recognized by clients globally as a trusted source for integrated investment solutions, stability, and innovation across a full spectrum of investment disciplines. We offer individuals and institutions access to our strong investment capabilities across all major asset classes and solutions aligned to growth trends. Our diverse expertise in Active, Passive and Alternatives asset management as well as our deep environmental, social and governance focus complement each other when creating targeted solutions for our clients. Our expertise and on-the-ground-knowledge of our economists, research analysts and investment professionals are brought together in one consistent global CIO View, which guides our investment approach strategically. DWS wants to innovate and shape the future of investingwith approximately 3,500 employees in offices all over the world, we are local while being one global team. We are investors entrusted to build the best foundation for our clients future. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities This role will support India DCO office with activities as outlined below: Lead comprehensive control evaluations and substantive testing to independently assess the design and effectiveness of controls within the newly established Independent Testing Team Assess end to end business processes to identify significant gaps and determine issue root causes. Partners with business units to perform control evaluations, monitoring and testing efforts within Compliance and Operation Risk Framework to identify control gaps as well as opportunities for effectiveness and efficiency improvements. These assessments will include coverage for other regulatory programs including SOX Apply critical thinking skills to substantive testing techniques to thoroughly evaluate the effectiveness of high-risk business processes. Assess and monitor risks, ensuring compliance with firm standards, regulatory requirements, and industry best practices. Collaborate with cross-functional teams and stakeholders to support control design and effectiveness. Foster collaboration with Compliance and Operational Risk Officers on various engagements. This includes developing detailed test scripts, facilitating issue discussions, participating in business meetings, and drafting comprehensive final reports to ensure alignment and clarity. Develop and execute robust control test scripts aimed at identifying control weaknesses, determining root causes, and recommending practical solutions to enhance operational efficiency and control effectiveness. Document test steps and results in a comprehensive and organized manner, ensuring sufficient support and justification for testing conclusions. Maintain a high standard of documentation to facilitate transparency and accountability. Ensure compliance with internal policies, procedures, and external laws, rules, and regulations, while identifying necessary remediation actions. This includes developing and executing testing procedures, meticulously documenting results, drawing informed conclusions, making actionable recommendations, and distributing detailed compliance testing review reports. Lead meetings with business owners at various management levels, delivering testing results and supporting sustainable control enhancements. Identify and capitalize on opportunities to strengthen controls and improve operational efficiency. Your skills and experience Bachelor's degree in information security or related field required, with a preference towards master's degree. Demonstrated ability to analyse complex issues, develop and implement risk mitigation strategies, and communicate effectively with senior stakeholders. Proficient knowledge of risk management frameworks, regulations, and industry best practices Strong and progressive Auditing or Control Testing experience with current knowledge and understanding of Control testing methodology. Experience developing test scripts, audit programs, or testing templates. 6+ years in information security management and governance, with a focus on control design and testing Detailed experience in ISO 27001, GDPR, COBIT, KAIT, BAIT, etc. and other cyber security frameworks Good to have CertificationsCRISC, CISSP, CISM, CISA, ISO 27001 Lead Implementer/ Auditor Should possess strong communication skills (written/ spoken) Should be skilled to work with minimal supervision. Strong analytical and strategic mindset along with the ability to collaborate with different stakeholders including top management representatives. How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

: Job Title: TISO - Information Security compliance LocationPune, India Corporate TitleVP Role Description TISO is responsible to enforce Information Security compliance within their area of responsibility in line with the CISO mandate and strategy as well as the banks risk appetite. Furthermore, TISOs are the experts and points of escalation for all IT security related aspects of the IT assets in their area of responsibility. They provide guidance on how to implement technical control aspects and achieve compliance to the related Information Security controls and ensure appropriate handling of any relevant exceptions. In close cooperation with the respective Chief BISOs they support the business divisions as well as the COO IT counterparts to comply with Security Controls. Deutsche Banks Corporate Bank division is a leading provider of cash management, trade finance and securities finance. We complete green-field projects that deliver the best Corporate Bank - Securities Services products in the world. Our team is diverse, international, and driven by shared focus on clean code and valued delivery. At every level, agile minds are rewarded with competitive pay, support, and opportunities to excel.You will work as part of a cross-functional agile delivery team. You will bring an innovative approach to software development, focusing on using the latest technologies and practices, as part of a relentless focus on business value. You will be someone who sees engineering as team activity, with a predisposition to open code, open discussion and creating a supportive, collaborative environment. You will be ready to contribute to all stages of software delivery, from initial analysis right through to production support. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Align standards, frameworks and security with overall business and technology strategy Identify and communicate current and emerging security threats Create solutions that balance business requirements with information and cyber security requirements Train users in implementation or conversion of systems Derive the IT Security strategy from the overall Chief Information Security Office (CISO) strategy and requirements and translates this into an operational plan for delivery for their area of responsibility In relation to the IT Assets, processes within their scope of responsibility they: Drive integration of Chief Information Security Office Initiatives, programs and central solutions and ensure alignment with the divisional portfolios. Ensure effective and efficient communication, coordination and implementation of CISO IT Security requirements and decisions Are responsible for the adoption of centrally mandated Security Solutions and the maintenance of technical security documentation and compliance to security controls. Are the recognized expert in DB Information Security Policies and procedures and their implementation in relation to technologies. Proactively manages IT audits and plan (in co-operation with COO IT management) preparation and remediation. Ensure appropriate senior management awareness/oversight of follow-up on action items to resolve identified issues, e.g. information security reviews of vendors, audit issue resolution. Spearhead independent reviews of IT Security Controls, prioritise identified issues and assesses remediation actions for quality, considering the optimal cost-risk ratio as well the strategically optimal resolution (e.g. Information Security control evaluation and respective follow up activities). Verify remediation concepts for critical and systemic issues and monitors their execution according to plan and with quality. Partner with key stakeholders (Chief BISOs and IT management etc.) to act as mediator and subject matter expert for them on Information Technology Security topics. Ensure a common understanding of Information Technology Security risks and their implications for the Group and for their scope of responsibility. Your skills and experience Experience of 8-12 years in: Security considerations of cloud computingThey include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks. Identity and access management (IAM) the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources. Experience with and knowledge of: VB.NET, Java/J2EE, ColdFusion, API/web services, scripting languages and a relational database management system (RDBMS) such as MS SQL Server or Oracle. These are some of the technical elements needed to build security into an organization. ISO27001 specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organizations risk management Control Objectives for Information and Related Technologies (COBIT) Windows and UNIX environment. General Skills: Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background Ability to present and discuss information security related topics to senior committees, fora and groups, and drive decision making Ability to distinguish between noise and real issues, in particular when it comes to the impact of information security risk to the franchise Good understanding of (DB) Findings Management, Control Inventory and how we apply information technology solutions in this space; robust understanding of Anti-Financial Crime Functions in Corporate Banking. Ability to lead, mentor and influence without formal authority, in a complex multi-matrix organization Working with Global teams across multiple time zones Education/Certification Degree in Information Security or a comparable education How well support you

: Job TitleInformation Security Risk Specialist , AVP LocationMumbai, India Role Description An Information Technology & Security Risk Specialist to join the 2nd LoD Information Security & Technology Risk Team. The team is global, this role is within the Mumbai team (currently 1 person) which is being built out to support the global team. Should have a proven depth of knowledge and keen interest of Information Security and Technology and their application in large financial institutions. Working with other team members the role will input subject matter expertise and drive innovative approaches in applying risk management in an evolving threat environment. The team has a global footprint in Frankfurt, Singapore, London, Mumbai and USA. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Provide data and analytics reporting to support the team in monitoring the Information Security and Technology Risk Appetite, breaches and remediation. Where required support the implementation of automated data and analytics reporting process. Support the team delivery of Non-Financial Risk Management (NFRM) priorities such as risk & control assessments, scenario analysis, risk appetite. Monitor and challenge 1LOD Risk and Control Assessments (including results of 1LOD control testing/assurance). Perform 2LOD control assurance through targeted reviews of areas of concern. Gain an understanding and be able to articulate key Information Security and Technology regulatory requirements across APAC/MEA and their impact and implementation into the Information Security and Technology Risk Framework. Your skills and experience University degree (Computer Science, Business Administration or equivalent). Majors in Information Security and / or Risk Management are a plus. Experience (4+ years) in Information Security or Information Technology with experience in the Finance industry and/or a major Technology or Consultancy company preferred. Some level of technical understanding and training either as a data analyst, developer, business analyst or project manager. Knowledge of Information Security and Technology industry regulatory standards and/or Risk Frameworks (e.g. EBA Guidelines ISO / 27000 Series, COBIT 2019, DORA) are a plus. Relevant professional certifications e.g. CISSP, CISA, CISM, CRISC, ITIL, ISO27001 Lead Auditor or similar are a plus. Experience of working in large global teams yet comfortable working independently without day-to-day oversight and steer. Strong communication skills (English required). How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Job Summary We are looking for a highly skilled and experienced Senior ServiceNow Consultant to lead the design, development, and implementation of ServiceNow solutions for our clients. The ideal candidate should have strong technical expertise across multiple ServiceNow modules and excellent client-facing and leadership skills. Key Responsibilities Lead end-to-end implementation of ServiceNow modules such as ITSM, ITOM, HRSD, CSM, SecOps, and others. Engage with stakeholders to gather and analyze business requirements. Design and develop custom applications and workflows on the ServiceNow platform. Configure and customize ServiceNow including UI Policies, Business Rules, Script Includes, Client Scripts, and Workflows. Integrate ServiceNow with external systems using APIs, REST/SOAP web services. Provide strategic guidance and best practices for platform governance, performance, and scalability. Conduct workshops, demos, and training sessions for clients. Mentor junior developers and consultants in the team. Required Skills And Experience 6+ years of experience in ServiceNow development and consulting. Strong understanding of ServiceNow architecture and capabilities. Proficient in scripting (JavaScript, Glide API) within the ServiceNow ecosystem. Hands-on experience with ITSM, ITOM, Discovery, CMDB, and other core modules. Experience in ServiceNow integrations using REST/SOAP, MID Server. ServiceNow certifications (at least CSA; CIS and CAD are preferred). Excellent problem-solving, communication, and client management skills Preferred Qualifications Experience with ServiceNow App Engine and Flow Designer. Experience in Agile/Scrum methodologies. Exposure to industry frameworks like ITIL, COBIT, or ISO standards.

Location: Remote (India) Employment Type: Full-Time Reporting To: Security Manager (Senior Consultant, CISSP Certified) Level: L2 & L3 Role Summary We are seeking a skilled and experienced Enterprise Security Architect to join our cybersecurity team. This pivotal role bridges client-facing security architecture consulting with internal DevSecOps and CI/CD pipeline security processes. You will help design and implement secure systems, frameworks, and processes aligned with both industry standards and client requirements. This is a high-impact opportunity for professionals who thrive in a dynamic, consultative environment. Key Responsibilities A. Enterprise Security Architecture (L3) Develop and implement comprehensive enterprise security architecture and blueprints. Create scalable and repeatable architecture roadmaps. Align security architecture with business objectives and regulatory mandates. B. Security Solutions Design & Implementation (L2 & L3) Design and deploy security solutions across domains: IAM, SIEM, Cloud Security, Endpoint Protection, etc. Conduct infrastructure reviews and recommend improvements. Ensure security designs align with industry best practices. C. Advisory (L2 & L3) Provide expert guidance on security architecture for IaaS, PaaS, SaaS (AWS, Azure, GCP, OCI). Collaborate with clients to define and align on security strategies. D. Reporting & Communication (L2) Deliver technical documentation and stakeholder presentations. Act as a trusted advisor in enterprise risk management and security frameworks. E. Internal Security & Leadership (L1 & L2) Implement and maintain security best practices within internal CI/CD pipelines and cloud-hosted environments. Work with development teams to integrate security across SDLC. Mentor junior staff and foster technical excellence within the team. F. Security Governance & Compliance (L1 & L2) Support security governance and compliance initiatives (NIST, GDPR, PCI DSS, etc.). Conduct regular audits, risk assessments, and develop hardening guidelines. Contribute to client-side security programs and internal vulnerability management processes. Required Skills & Experience 8+ years in enterprise security architecture and cybersecurity controls. Strong hands-on knowledge in: EDR, Firewalls, DLP, CASB, SIEM, Web App Security, Endpoint Security. All IT tiers (network, servers, storage, middleware, applications). 2+ years experience with cloud platforms: AWS, Azure, or GCP. Expertise in cloud security models (IaaS, PaaS, SaaS). Familiarity with frameworks like TOGAF, COBIT, and OPEN. Experience working with log formats (Windows, Linux, network devices). Solid understanding of NIST, GDPR, PCI DSS, CIS benchmarks. Security operations skills: threat analysis, incident handling, VA/PT, and risk management. Strong project management and stakeholder engagement capabilities. Excellent troubleshooting, communication, and multitasking skills. Bonus: Knowledge of KSA regulatory frameworks (NCA-ECC, CCC). Preferred Qualifications & Certifications Bachelor’s in IT, Cybersecurity, or a related field. Certifications (any of the following preferred): ISO 27001 Lead Auditor/Implementer CISSP / CISM / CCSP TOGAF / COBIT / SABSA CEH, DevSecOps or Application Security, AWS/Azure Solutions Architect, CCNA, MCSA OWASP Top 10 familiarity Why Join Us? Work on impactful security projects with high-profile Middle Eastern clients. Lead, build, and influence enterprise security architecture practices. Competitive salary and benefits in line with market standards. Flexible work-from-home policy. Supportive, collaborative, and innovative work culture.

Position Overview Job Title- I&A On-boarding Information Security Analyst, Associate Location- Pune, India Role Description: As “I&A On-boarding Information Security Analyst” you will be part of Access Lifecycle On-boarding global family which includes access management for application end user recertification On-boarding, user access for request & approval, user provision On-boarding and Functional Taxonomy SoD On-boarding & maintenance as well as IDAHO (Access concept) SME as central DB services. Deutsche Bank is looking for bright and open-minded individuals to support Business Identity & Access Services within Access Lifecycle Solution On-boarding team for application end user request & approval as well as end user access provision central service On-boarding. A key success factor of the Access Lifecycle Solution On-boarding team is the quick understanding of complex application set ups for Identity & Access Management and support Information Security Officer (ISO) and IT Application Owner (ITAO) along end-to-end central solution On-boarding process across DB. You will gain insights into the complete Identity & Access Management lifecycle as you will learn about the roles and entitlements and their set up, segregation of duties, application authentication and authorization process. What We’ll Offer You As part of our flexible scheme, here are just some of the benefits that you’ll enjoy. Best in class leave policy. Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your Key Responsibilities As “I&A On-boarding Information Security Analyst” you will be responsible to perform On-boarding assessments if an IT asset is applicable for end user application access for request & approval and business requirement gathering (based on existing KOP ID Admin procedures) to identify, how future user provisioning (ID Admin via automated connector or manual, centrally or decentral managed) will be set up between central request & approval platform and to be on-boarded application in adhering to Information Security (IS) internal and regulatory requirements. Efficiently engage, manage, and influence the main stakeholders, along with application On-boarding process including Information Security Officer, IT Application Owner, Engineering and Operations teams Provide process improvement inputs to various stakeholders involved. Proactively seek ways to improve upon existing practices and processes. Display insight and ability in identifying issues and develop successful solutions. Report and escalate potential risks to the management to help avoid / minimize the impact. Work with multiple, distributed teams (across different locations) Support develops key operational procedures where necessary and ensure adherence to all such defined policies. Comfortable with associated disciplines of Security Policy and Governance in banking domain Very good presentation and communication skills allowing to communicate with our stakeholders. A structured and methodological way of working with the objective to deliver high quality results. Supports tough people decisions to ensure people performance is aligned with organization imperatives and needs. Addresses individual performance issues, where necessary, to drive for high performance. Pro-active and flexible working approach, Team spirit Your Skills And Experience Minimum 5 years working experience in Identity & Access Management, Governance, Risk and Control related topics. Team management experience Basic knowledge and/or willingness to work with industry best practices and frameworks like ISO27001, NIST, CSA CCM, COBIT, ITIL Good business analyses knowledge of system design, development, implementation, and user support principles and practices Knowledge of IT Service Management or IT Governance or IT Delivery Management or IT Project Management or IT Delivery background or IT Security Knowledge on Database Systems, application interactions and server operating systems Excellent Excel knowledge Competencies: Self-motivated and flexibility to work autonomously in virtual and multicultural teams. Good communication skills (both written and verbal), fluent in English (written/verbal) Good analytical skills and problem-solving abilities Pro-active and flexible working approach A structured and methodological way of working with the objective to deliver high quality results. Flexible mindset with an eye for detail and continuous improvement Good understanding in business related information Being flexible, open minded, able to share information, transfer knowledge and expertise to stakeholders and other team members. How We’ll Support You Training and development to help you excel in your career. Coaching and support from experts in your team. A culture of continuous learning to aid progression. A range of flexible benefits that you can tailor to suit your needs. About Us And Our Teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Lead risk analysis efforts to assess how technical control issues, vulnerabilities, and compliance exceptions contribute to overall enterprise risk posture. Maintain and improve governance and risk methodologies aligned with standards such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, SOX, GDPR, HIPAA, and PCI DSS. Act as a liaison between technical teams and business stakeholders to translate risk-related insights into actionable strategies. Support internal and external audit readiness by coordinating risk assessments, tracking issue remediation, and reporting on compliance gaps. Contribute to GRC tool usage (e.g., ServiceNow GRC, Archer, or MetricStream) for monitoring control health, exceptions, and residual risk. Collaborate with legal, compliance, audit, and IT operations to ensure integrated risk management practices across the enterprise. Aggregate data from multiple risk domains to develop executive-level dashboards, reports, and risk narratives that influence decision-making. Participate in the development and rollout of risk governance models, exception handling processes, and control improvement initiatives. Roles and Responsibilities Required Qualifications: 7–12 years of professional experience in IT Risk, Governance, or Cybersecurity GRC functions. Strong working knowledge of risk frameworks such as NIST CSF, ISO 27001, COBIT, SOC 2, SOX, and GDPR. Demonstrated ability to interpret and connect vulnerabilities, policy violations, and exceptions to broader business risks. Experience with risk aggregation, remediation tracking, and reporting for internal/external stakeholders. Skilled in stakeholder engagement across risk, audit, compliance, and technical functions. Familiarity with GRC tools and platforms used to manage controls, exceptions, and assessments. Preferred Qualifications: Certifications such as CISA, CRISC, CISSP, CGEIT, or equivalent. Experience working in regulated sectors such as finance, healthcare, insurance, or critical infrastructure. Hands-on experience with exception governance processes, risk acceptance workflows, and issue management. Understanding of how to design and implement scalable metrics for KRIs, control effectiveness, and risk trends. Key Competencies: Strategic thinker with a strong grasp of enterprise risk management principles. Highly analytical with the ability to synthesize complex technical data into actionable business insight. Effective communicator skilled in developing risk reports, briefings, and dashboards for both technical and executive audiences. Strong collaboration and leadership skills within matrixed environments. Proactive, organized, and results-driven with a continuous improvement mind-set.

Join us as a Technology Controls Testing Analyst We ll look to you to protect the bank by assuring that our applications and technology infrastructure is adequate, effective and fit for purpose on an end-to-end basis You ll clearly document any control weaknesses identified within the adequacy and effectiveness assessments and testing undertaken This is a chance to join a talented and supportive team that will help you achieve great exposure as you develop with us Were offering this role at associate level What youll do In this role, you ll work with Information Technology General Controls, including complex Automated Controls and contribute to the ongoing design and development of assurance processes and methodology. You ll also maintain detailed test documentation and reports for the technology you assess, keeping stakeholders informed of testing progress and results, in line with quality expectations. We ll look to you to clearly communicate any identified control weaknesses to the team, relevant business contact or SME. In addition, you ll: Contribute to the development and delivery of an annual risk-based assurance programme Collaborate with business teams, at relevant level, to ensure a comprehensive understanding of controls and their testing procedures Perform walkthroughs with stakeholders on the technology you assess, documenting high quality control testing workpapers Stay up to date with regulatory requirements and industry best practices for technology controls Undertake adequacy and effectiveness assessments of technology controls The skills youll need To excel in this role, you ll have a proven experience of developing and executing test plans on technology with IT General Controls and complex Automated Controls, including adequacy and effectiveness of technology controls. You ll also have: Experience in developing and executing test plans for IT General Controls and complex Automated Controls. Strong understanding control frameworks (e.g., COSO, COBIT) and relevant regulations (e.g., SOX, GDPR, CCPA) and industry standards (e.g., NIST, ISO 27001) and their application in technology and financial processes. Proven ability to perform control testing activities. Excellent communication skills, with the ability to present findings to technical and non-technical audiences. A proactive mindset with a focus on continuous improvement and collaboration. Hours 45 Job Posting Closing Date: 07/07/2025

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Cyber Risk Compliance and Resilience – Associate Director As part of our EY-Cyber Security Risk and Compliance Consulting team, you’ll contribute technically to Cyber Security client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. The opportunity We’re looking for Associate Director who should have Deep technical understanding of risk and compliance solutioning for enterprise including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. Your Key Responsibilities Reporting to the competency leader for Cyber Risk, Compliance, Resilience and Emerging Technology and will be responsible for: Defining, developing, and implementing strategic go-to-market plans in collaboration with local EY member firms in region. Own end-to-end sales opportunity qualification and pursuit, including drafting RFP responses, proposal defence during Orals, drafting State of Work (SoW) leveraging expertise in scoping, solutioning and costing for Enterprise and Cloud security solutions. Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Support refinement of service approach and service delivery methodology for Enterprise and Cloud security solutions. Identify and pursue strategic opportunities for partnerships and acquisitions. Develop and rollout branding and marketing strategy including items such as solution brochures, sales videos, thought leadership, community engagement etc. Inspire and motivate direct and in-direct reporting professionals while fostering an environment of collaboration and participation. Manage engagements across the client and ensure teams delivers value to the customers and ensure horizontal growth in the accounts. Skills And Attributes For Success Deep knowledge of services and service delivery approach and methodology for Cyber Risk, Compliance and resilience including governance and operating models. Proven track record and success in collaborative sales bringing together internal and external stakeholders across Cyber competencies, Digital & Technology practices (Engineering, Analytics, Automation etc.) and business functions (Branding & Marketing, Legal, HR etc.). Proven track record in building and maintaining trusted relationships with key internal and external stakeholders. Deep technical understanding of architecture and solutioning of risk and compliance including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. Willingness to travel and flex work timings as and when required. Ability to change and adapt in a hyper-growth environment. Self-starter and strategic thinker. Cyber Strategy & Governance, Cyber Transformation and co-sourcing, Cyber Cost Optimization, Cyber Operating Model Compliance Management - Regulations/standards such as ISO 27001, PCI DSS, HITRUST, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53, NIST- CSF, HIPPA, GDPR Cyber Risk management Cyber Resilience, Business Continuity & Disaster Recovery Application security and Threat Modelling Vendor Risk Management/Supplier Security To qualify for the role, you must have At least 18 years of overall experience At least 15 years architecture and solutioning for enterprise and cloud security Bachelor or college degree in related field or equivalent work experience MBA (Good to have) Ideally, you’ll also have Project management skills CISSP/CISA/CISM ITIL of Equivalent What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 2000 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Job Summary We are seeking a highly skilled and motivated Senior Auditor with strong expertise in IT General Controls (ITGC) and Operational Audits. The role will be responsible for leading and executing audits that evaluate the adequacy, effectiveness, and efficiency of internal controls, systems, and business processes across IT and operational domains. Key Responsibilities ITGC Audit: Perform audits of IT general controls including access management, change management, backup and recovery, and logical/physical security. Evaluate IT systems and processes in accordance with COBIT, NIST, ISO 27001, and other frameworks. Conduct audits of ERP systems (e.g. Oracle) and applications supporting key business processes. Identify risks, control deficiencies, and provide recommendations for improvement. Collaborate with IT and business teams to ensure remediation plans are tracked and closed. Operational Audit Plan, execute, and report on operational audits across functions (Finance, HR, Procurement, etc.). Identify process inefficiencies, control gaps, and risks impacting business objectives. Provide value-added recommendations to enhance process performance and governance. Lead or participate in special projects and investigations as needed. General Responsibilities Develop audit programs, test procedures, and prepare detailed working papers. Prepare and present clear and concise audit reports to stakeholders. Assist in the annual risk assessment and audit planning process. Guide and mentor junior auditors in audit methodology and execution. Maintain up-to-date knowledge of audit trends, regulatory changes, and best practices. Requirements Education & Certifications: Bachelor’s degree in information systems, Computer Science, Accounting, or related field. Professional certifications preferred: CISA, CIA, CPA, or ISO 27001 LA. Experience 4–6 years of relevant audit experience in ITGC and operational audit. Experience in Big 4 or large internal audit teams is a plus. Strong understanding of internal controls, risk management, and audit standards. Skills In-depth knowledge of IT environments, cloud computing, cybersecurity controls. Strong analytical, problem-solving, and project management skills. Excellent communication (written and verbal) and interpersonal skills. Ability to work independently and manage multiple audits simultaneously. About TTEC Our business is about making customers happy. That's all we do. Since 1982, we've helped companies build engaged, pleased, profitable customer experiences powered by our combination of humanity and technology. On behalf of many of the world's leading iconic and hypergrowth brands, we talk, message, text, and video chat with millions of customers every day. These exceptional customer experiences start with you. TTEC is proud to be an equal opportunity employer where all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. TTEC embraces and is committed to building a diverse and inclusive workforce that respects and empowers the cultures and perspectives within our global teams. We aim to reflect the communities we serve, by not only delivering amazing service and technology, but also humanity. We make it a point to make sure all our employees feel valued, belonging, and comfortable being their authentic selves at work. As a global company, we know diversity is our strength because it enables us to view things from different vantage points and for you to bring value to the table in your own unique way. Primary Location India-Gujarat-Ahmedabad

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today! Job Details We are seeking a highly skilled and motivated Cyber Risk Analyst III with a primary focus on Third-Party Risk Management and strong expertise in data analytics. In this role, you will be responsible for managing and analyzing third-party cyber risks, ensuring our organization maintains a robust cybersecurity posture. You will play a pivotal role in the execution of our Third-Party Risk Management (TPRM) strategy by conducting thorough risk assessments, due diligence, and ongoing monitoring to identify and mitigate potential vulnerabilities. This role also emphasizes leveraging advanced data analytics techniques to uncover risks, support strategic decision-making, and strengthen our overall risk management framework. Key Responsibilities: Third-Party Risk Management : Lead and support the organization's third-party risk strategy by conducting comprehensive risk assessments, ensuring due diligence processes are followed, and monitoring third-party relationships in compliance with the Third-Party Risk Management (TPRM) policy. Identify gaps in third-party risk management processes and work to remediate them effectively. Collaborate with cross-functional teams to ensure third-party security practices align with organizational goals and compliance standards. Cyber Risk Analytics : Collect, analyze, and interpret cybersecurity data from multiple sources to measure and understand third-party and organizational cyber risks. Develop and maintain data models that effectively represent the risk landscape, with a focus on third-party relationships. Utilize advanced analytics techniques to identify patterns, trends, and potential threats in third-party ecosystems that could impact the organization. Prepare and present actionable reports on findings, including recommendations to mitigate identified risks. Risk Governance and Compliance : Assist in defining and refining processes and procedures for information security governance programs and risk management frameworks. Conduct security assessments and analysis activities, ensuring compliance with information security policies, procedures, and standards. Report residual risks, vulnerabilities, and other security exposures, including third-party risks, to senior technical executives and recommend mitigation strategies. Incident Response and Monitoring : Manage, review, and respond to third-party-related security alerts, escalations, and incidents, identifying root causes and recommending remediation plans. Implement continuous monitoring processes to track third-party cyber risk indicators and ensure timely identification of emerging threats. Other duties as assigned. . WORK EXPERIENCE & EDUCATIONAL QUALIFICATIONS: 4+ years of relevant experience, preferably in information security. Manage and respond to third-party security alerts and incidents. Implement continuous monitoring for cyber risk indicators. Perform other duties as assigned. Refine processes for information security governance and risk management. Conduct security assessments to ensure compliance with policies. Report risks and vulnerabilities to senior executives, including mitigation strategies. Collect and analyze cybersecurity data to understand risks. Develop data models representing the risk landscape. Identify patterns and trends in third-party ecosystems. Prepare actionable reports with risk mitigation recommendations. Lead and support third-party risk strategy and assessments. Ensure due diligence and compliance with Third-Party Risk Management (TPRM) policy. Identify and remediate gaps in third-party risk processes. Collaborate with teams to align third-party security with organizational goals. Bachelor’s Degree in Computer Science, Information Technology, or a related discipline, or equivalent experience. Preferred Certifications: Certified Cloud Security Professional (CCSP) Certification in Information Security Strategy Management (CISM) Certified Information Systems Security Professional (CISSP) CompTIA Security + Certification Systems Security Certified Practitioner (SSCP) TS-SCI Security Clearance Certification SKILLS & KNOWLEDGE: Behavioral Skills: Critical Thinking Detail Oriented Impact and Influencing Interpersonal Communication Multitasking Problem Solving Technical Skills: Application Architecture Cybersecurity Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI) IT Risk Management Network Solutions and Systems Programming and Development Root Cause Analysis Software Development Life Cycle (SDLC) Threat Modelling Tools Knowledge: Microsoft Office Suite Programming and Development Languages - JavaScript, HTML/CSS, Python, SQL Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc. What Cencora offers Benefit offerings outside the US may vary by country and will be aligned to local market practice. The eligibility and effective date may differ for some benefits and for team members covered under collective bargaining agreements. Full time Affiliated Companies Affiliated Companies: CENCORA BUSINESS SERVICES INDIA PRIVATE LIMITED Equal Employment Opportunity Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law. The company’s continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory. Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned

You Lead the Way. We’ve Got Your Back. With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities, and each other. Here, you will learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally. At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard, and feels like they belong. Join Team Amex and let's lead the way together. Join Team Amex and let's lead the way together. The Technical Risk Management (TRM) team, within the Global Risk and Compliance organization and led by the Chief Risk Officer, manage operational risks associated with Information & Cyber Security Risk, Business Disruption, Technology Risk, Data Risk, & AI Risk Management. The team also ensures that risk management activities are conducted in a manner compliant with regulatory requirements and expectations. The team aggregates and reports on key risk management and oversight activities to the relevant management and Board risk committees. Functional Description: This individual contributor role is part of the second line technology risk management team within the GRC group, headed by the Chief Risk Officer (CRO) of the company. This is a unique opportunity to work with a team of diverse and talented professionals who are responsible for building the technology risk management program and providing independent risk oversight to the technology, cyber security and data risks. Reporting to the Director for Technology Risk oversight, this position is responsible for independently assessing, reporting, and aggregating data risks (including data security, data architecture and data storage). The risks identified by this team are reported to the Senior Management, Risk Management Committees, Board of Directors, and Regulators. This position will be responsible for effectively collaborating with key stakeholders across lines of business and lines of defense to ensure data risks are managed effectively and efficiently in accordance with the company policies and applicable regulatory requirements. Essential Job Functions: Drive cross-functional collaboration with internal stakeholders responsible for data risk management to ensure proactive identification, measurement, management, monitoring, and reporting of data security risks. Provide effective oversight and credible challenge to the 1st line’s implementation of data-related controls within the Risk and Control Self-Assessment (RCSA) and review the design and operating effectiveness of controls linked to data security, availability, and architecture. Contribute to enterprise-wide initiatives focused on enhancing the data risk management framework, information security policies, & security standards. Support development of key risk indicators and key performance indicators that delivers meaningful insights into data security risks and control performance trends. Perform data-driven reviews focused on data risk (including data security, data architecture and data storage) and prepare risk review reports for senior stakeholders and governance bodies. Stay abreast of applicable regulations, guidelines, and industry standards, and drive continuous enhancement of oversight practices to ensure alignment with evolving regulatory expectations and leading practices. Conduct exploratory data analysis on large sets of structure data using industry standard tools (Ex: SQL, Python, Power BI, and Excel data models) to develop meaningful insights on cybersecurity and technology related data. Learn technology, cyber security, and business continuity management processes at American Express, demonstrating strong levels of curiosity and willingness, in order to present an effective credible challenge. Support the design of independent technology risk oversight program which defines the engagement and integration with various risk management programs, including Risk and Control Self Assessments, operational risk event management, operational risk issue management. Help embed a strong risk-aware culture, encouraging proactive risk management behaviors within the organization. Minimum Qualifications: Minimum five years of experience in data security & risk management within the banking/financial services industry including policy & procedure development, risk appetite, risk control self-assessment and testing, operational event & issue management. Proven ability to identify & assess risks, analyze issues and derive meaningful insights about risk trends by conducting interviews and analyzing large volumes of data. Strong verbal and written communication skills with an ability to explain complex problems and ideas clearly and succinctly to senior management. Ability to work in a highly collaborative environment, excellent relationship building skills and ability to influence partners with a firm strategic view. Excellent analytical skills with high attention to detail and accuracy. Excellent critical thinking and problem-solving skills. Required self-starter who can work with minimal supervision. Willingness to challenge traditional thinking by actively engaging in constructive dialogue. Preferred : Educational background: Bachelor’s in computer science or information systems. Working knowledge of one or more of the data mining tools and technologies (SQL, Python, Power BI, Excel data models, pivot tables & DAX queries, R) Experience in risk management frameworks and standards across cyber security, data risk, information technology, 3rd party, business continuity management. Industry certifications (e.g., CISSP, CISM, CISA, CRISC, CompTIA Security+) Understanding of risk assessment methodologies, frameworks, and industry standards (e.g., COSO, COBIT, ISO 27001, FAIR or NIST RMF). Knowledge of relevant policies & regulations (e.g., OCC Heightened Standards, FFIEC IT booklets). Experience with Governance, Risk and Compliance tools (Ex: Archer). We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally: Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

JOB DESCRIPTION KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. QUALIFICATIONS • IT Audit + SAP experience with knowledge of IT governance practices Prior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Preferred Certifications – CISA/CISSP//CISM Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal employment opportunity information: KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you

Senior Auditor, Internal Audit Job Summary: We are seeking a highly skilled and motivated Senior Auditor with strong expertise in IT General Controls (ITGC) and Operational Audits. The role will be responsible for leading and executing audits that evaluate the adequacy, effectiveness, and efficiency of internal controls, systems, and business processes across IT and operational domains. Key Responsibilities: ITGC Audit: Perform audits of IT general controls including access management, change management, backup and recovery, and logical/physical security. Evaluate IT systems and processes in accordance with COBIT, NIST, ISO 27001, and other frameworks. Conduct audits of ERP systems (e.g. Oracle) and applications supporting key business processes. Identify risks, control deficiencies, and provide recommendations for improvement. Collaborate with IT and business teams to ensure remediation plans are tracked and closed. Operational Audit: Plan, execute, and report on operational audits across functions (Finance, HR, Procurement, etc.). Identify process inefficiencies, control gaps, and risks impacting business objectives. Provide value-added recommendations to enhance process performance and governance. Lead or participate in special projects and investigations as needed. General Responsibilities: Develop audit programs, test procedures, and prepare detailed working papers. Prepare and present clear and concise audit reports to stakeholders. Assist in the annual risk assessment and audit planning process. Guide and mentor junior auditors in audit methodology and execution. Maintain up-to-date knowledge of audit trends, regulatory changes, and best practices. Requirements: Education & Certifications: Bachelor’s degree in information systems, Computer Science, Accounting, or related field. Professional certifications preferred: CISA, CIA, CPA, or ISO 27001 LA. Experience: 4–6 years of relevant audit experience in ITGC and operational audit. Experience in Big 4 or large internal audit teams is a plus. Strong understanding of internal controls, risk management, and audit standards. Skills: In-depth knowledge of IT environments, cloud computing, cybersecurity controls. Strong analytical, problem-solving, and project management skills. Excellent communication (written and verbal) and interpersonal skills. Ability to work independently and manage multiple audits simultaneously. About TTEC Our business is about making customers happy. That's all we do. Since 1982, we've helped companies build engaged, pleased, profitable customer experiences powered by our combination of humanity and technology. On behalf of many of the world's leading iconic and hypergrowth brands, we talk, message, text, and video chat with millions of customers every day. These exceptional customer experiences start with you. TTEC is proud to be an equal opportunity employer where all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. TTEC embraces and is committed to building a diverse and inclusive workforce that respects and empowers the cultures and perspectives within our global teams. We aim to reflect the communities we serve, by not only delivering amazing service and technology, but also humanity. We make it a point to make sure all our employees feel valued, belonging, and comfortable being their authentic selves at work. As a global company, we know diversity is our strength because it enables us to view things from different vantage points and for you to bring value to the table in your own unique way. Primary Location : India-Gujarat-Ahmedabad

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. JD 2 – Risk Consulting - Protect Tech – Senior (ITGC) Key Responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have Chartered accountant (CA) or Master’s degree in management, Information Systems/ Technology, Computer Science, Business Analytics, Cybersecurity, or a related discipline Passion for technology and an ardent desire to work in risk management. Minimum 5 years of a “Big 4” or professional firm or professional industry experience in risks & controls, with more than 5 years of experience in IT Risk Management, IT Regulatory Compliance, IT Audit and IT Transformation Risk areas such as: Identification of strategic, IT & business risks and Identify control gaps, weaknesses and areas of improvements. Design of IT Risk Controls frameworks and RACMs Design and Implementation of IT general controls, IT application controls, Business Process controls, etc Conducting IT internal control reviews, and review of SOC1 or SOC2 reports IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc Understanding of IT regulatory compliances such as IT SOX, GDPR, ISO, PCI DSS etc Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

You Lead the Way. We’ve Got Your Back. With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities, and each other. Here, you will learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally. At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard, and feels like they belong. Join Team Amex and let's lead the way together. Join Team Amex and let's lead the way together. The Technical Risk Management (TRM) team, within the Global Risk and Compliance organization and led by the Chief Risk Officer, manage operational risks associated with Information & Cyber Security Risk, Business Disruption, Technology Risk, Data Risk, & AI Risk Management. The team also ensures that risk management activities are conducted in a manner compliant with regulatory requirements and expectations. The team aggregates and reports on key risk management and oversight activities to the relevant management and Board risk committees. Functional Description: This individual contributor role is part of the second line technology risk management team within the GRC group, headed by the Chief Risk Officer (CRO) of the company. This is a unique opportunity to work with a team of diverse and talented professionals who are responsible for building the technology risk management program and providing independent risk oversight to the technology, cyber security and data risks. Reporting to the Director for Technology Risk oversight, this position is responsible for independently assessing, reporting, and aggregating data risks (including data security, data architecture and data storage). The risks identified by this team are reported to the Senior Management, Risk Management Committees, Board of Directors, and Regulators. This position will be responsible for effectively collaborating with key stakeholders across lines of business and lines of defense to ensure data risks are managed effectively and efficiently in accordance with the company policies and applicable regulatory requirements. Essential Job Functions: Drive cross-functional collaboration with internal stakeholders responsible for data risk management to ensure proactive identification, measurement, management, monitoring, and reporting of data security risks. Provide effective oversight and credible challenge to the 1st line’s implementation of data-related controls within the Risk and Control Self-Assessment (RCSA) and review the design and operating effectiveness of controls linked to data security, availability, and architecture. Contribute to enterprise-wide initiatives focused on enhancing the data risk management framework, information security policies, & security standards. Support development of key risk indicators and key performance indicators that delivers meaningful insights into data security risks and control performance trends. Perform data-driven reviews focused on data risk (including data security, data architecture and data storage) and prepare risk review reports for senior stakeholders and governance bodies. Stay abreast of applicable regulations, guidelines, and industry standards, and drive continuous enhancement of oversight practices to ensure alignment with evolving regulatory expectations and leading practices. Conduct exploratory data analysis on large sets of structure data using industry standard tools (Ex: SQL, Python, Power BI, and Excel data models) to develop meaningful insights on cybersecurity and technology related data. Learn technology, cyber security, and business continuity management processes at American Express, demonstrating strong levels of curiosity and willingness, in order to present an effective credible challenge. Support the design of independent technology risk oversight program which defines the engagement and integration with various risk management programs, including Risk and Control Self Assessments, operational risk event management, operational risk issue management. Help embed a strong risk-aware culture, encouraging proactive risk management behaviors within the organization. Minimum Qualifications: · Minimum five years of experience in data security & risk management within the banking/financial services industry including policy & procedure development, risk appetite, risk control self-assessment and testing, operational event & issue management. Proven ability to identify & assess risks, analyze issues and derive meaningful insights about risk trends by conducting interviews and analyzing large volumes of data. Strong verbal and written communication skills with an ability to explain complex problems and ideas clearly and succinctly to senior management. Ability to work in a highly collaborative environment, excellent relationship building skills and ability to influence partners with a firm strategic view. Excellent analytical skills with high attention to detail and accuracy. Excellent critical thinking and problem-solving skills. Required self-starter who can work with minimal supervision. Willingness to challenge traditional thinking by actively engaging in constructive dialogue. Preferred : Educational background: Bachelor’s in computer science or information systems. Working knowledge of one or more of the data mining tools and technologies (SQL, Python, Power BI, Excel data models, pivot tables & DAX queries, R) Experience in risk management frameworks and standards across cyber security, data risk, information technology, 3rd party, business continuity management. Industry certifications (e.g., CISSP, CISM, CISA, CRISC, CompTIA Security+) Understanding of risk assessment methodologies, frameworks, and industry standards (e.g., COSO, COBIT, ISO 27001, FAIR or NIST RMF). Knowledge of relevant policies & regulations (e.g., OCC Heightened Standards, FFIEC IT booklets). Experience with Governance, Risk and Compliance tools (Ex: Archer). We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally: Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Cyber Security (Strategy, Risk, Compliance and Resilience) – Technology Consulting – Senior As part of our EY Strategy, Risk, Compliance and Resilience (SRCR) Technology Consulting team, you would work on various SRCR projects for our customers across the globe. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. The opportunity We’re looking for Senior Security Consultant with expertise in cyber / information security, risk and controls concepts. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Engage in Cyber Strategy & Governance, Cyber Risk & Compliance, Cyber Resilience, Cyber Transformation and Co-Sourcing, Application & Network Security engagements Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress. Execute the engagement requirements, along with review of work by junior team members. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Build strong internal relationships within EY Consulting Services and with other services across the organization Contribute to people related initiatives including recruiting and retaining Cyber Transformation professionals Maintain an educational program to continually develop personal skills of staff Understand and follow workplace policies and procedures Building a quality culture at GDS Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members Manage the performance management for the direct reportees, as per the organization policies. Foster teamwork and lead by example; training and mentoring of project resources Participating in the organization-wide people initiatives Skills And Attributes For Success Hands-on experience of more than 5 years with key components of cybersecurity including (but not limited to): Vendor/3rd Party Risk Management & Assessment Cyber Strategy & Governance, Cyber Transformation, Cyber Dashboarding Regulations/standards such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53 Business Continuity & Disaster Recovery Must have experience in working in client facing roles, interacting with the third parties, assessing different kinds of environments (IT and non-IT) and ability to apply cyber security concepts in all these sectors. Experienced in creation and review of security policy/procedures, and in performing risk assessments. Good to have experience in assessing ITGC requirements across various industries including both Cybersecurity and resilience requirements. Should have a good understanding of VAPT process, common application security vulnerabilities, exploitation techniques and remediation measures. Basic understanding of Network Security and network architecture diagram reviews, access and perimeter control, vulnerability management and intrusion detection, firewall rule-based reviews. Good understanding of logging and monitoring tools (SIEM). Knowledge in any one of the SIEM tools is a plus. To qualify for the role, you must have: BE - B. Tech / MCA / M. Tech/ MBA with background in computer science and programming. More than 5 Years of relevant experience. Strong Excel and PowerPoint skills. Should be proficient in leading medium to large engagements and coach junior staff. Ideally, you’ll also have CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer. Project management skills. What We Look For A team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Join us as a Technology Controls Testing Analyst We’ll look to you to protect the bank by assuring that our applications and technology infrastructure is adequate, effective and fit for purpose on an end-to-end basis You’ll clearly document any control weaknesses identified within the adequacy and effectiveness assessments and testing undertaken This is a chance to join a talented and supportive team that will help you achieve great exposure as you develop with us We're offering this role at associate level What you'll do In this role, you’ll work with Information Technology General Controls, including complex Automated Controls and contribute to the ongoing design and development of assurance processes and methodology. You’ll also maintain detailed test documentation and reports for the technology you assess, keeping stakeholders informed of testing progress and results, in line with quality expectations. We’ll look to you to clearly communicate any identified control weaknesses to the team, relevant business contact or SME. In Addition, You’ll Contribute to the development and delivery of an annual risk-based assurance programme Collaborate with business teams, at relevant level, to ensure a comprehensive understanding of controls and their testing procedures Perform walkthroughs with stakeholders on the technology you assess, documenting high quality control testing workpapers Stay up to date with regulatory requirements and industry best practices for technology controls Undertake adequacy and effectiveness assessments of technology controls The skills you'll need To excel in this role, you’ll have a proven experience of developing and executing test plans on technology with IT General Controls and complex Automated Controls, including adequacy and effectiveness of technology controls. You’ll Also Have Experience in developing and executing test plans for IT General Controls and complex Automated Controls. Strong understanding control frameworks (e.g., COSO, COBIT) and relevant regulations (e.g., SOX, GDPR, CCPA) and industry standards (e.g., NIST, ISO 27001) and their application in technology and financial processes. Proven ability to perform control testing activities. Excellent communication skills, with the ability to present findings to technical and non-technical audiences. A proactive mindset with a focus on continuous improvement and collaboration.

Position summary: The Risk, Audit, and Compliance Senior Executive (IT Infrastructure and Operations) will focus on coordinating and managing the resolution of audit findings, risk mitigation actions, and compliance requirements within the IT Infrastructure and Operations department. This role involves establishing and maintaining a governance framework and processes to ensure timely and effective resolution of audit findings and continuous compliance with relevant standards and regulations. The role is strategic and operational, requiring a proactive approach to collaborating with internal teams to drive adherence to policies and regulatory requirements. Governance Framework Development: Design and implement a governance framework specific to IT Infrastructure and Operations to track, manage, and resolve audit findings, risks, and compliance issues. Develop policies, procedures, and best practices for managing risk, audit, and compliance activities within the department. Ensure alignment of IT Infrastructure and Operations governance practices with overall corporate governance policies and regulatory requirements. Audit Findings Management: Coordinate with IT teams to ensure timely resolution of internal and external audit findings related to infrastructure and operations. Maintain a centralized database or tool to track all audit findings, action plans, deadlines, and statuses. Act as the primary liaison between the IT Infrastructure and Operations department and internal/external auditors, ensuring clear communication and follow-up on outstanding audit issues. Risk Mitigation Coordination: Identify and prioritize risks in collaboration with IT teams, focusing on those that impact infrastructure and operations. Work with IT stakeholders to develop, implement, and monitor risk mitigation plans. Regularly review and update the risk register, ensuring that risk owners are accountable for mitigation activities. Compliance Monitoring and Facilitation: Ensure IT Infrastructure and Operations activities comply with relevant regulations, standards, and internal policies (e.g., GDPR, ISO 27001). Collaborate with compliance and legal teams to understand regulatory changes and communicate these requirements to IT teams. Develop and maintain a compliance dashboard that provides real-time visibility into compliance status across IT infrastructure and operations. Stakeholder Engagement and Communication: Engage with IT leadership and other stakeholders to provide updates on the status of audit findings, risk mitigation efforts, and compliance activities. Facilitate regular meetings and working sessions with IT teams to discuss progress on action items and identify any obstacles to resolution. Prepare and present reports for senior management on audit findings, risk status, and compliance matters. Process Improvement and Best Practices: Identify opportunities for process improvements within the IT Infrastructure and Operations department to enhance risk management, audit resolution, and compliance. Develop and implement standard operating procedures (SOPs) to streamline the handling of audit findings and risk mitigation activities. Promote a culture of proactive risk management and compliance awareness within the IT Infrastructure and Operations teams. Training and Awareness: Develop and deliver training and awareness programs to educate IT Infrastructure and Operations staff on governance processes, risk management, and compliance requirements. Ensure that all team members understand their roles and responsibilities regarding risk, audit findings, and compliance. Qualifications: Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or a related field. A Master’s degree or relevant certifications (such as CRISC, CISA, CISSP, or ITIL) is a plus. 5 years of experience in IT risk management, audit coordination, or compliance, with a focus on IT infrastructure and operations. Strong understanding of IT infrastructure (networks, servers, storage, cloud services) and related compliance requirements. Excellent coordination and project management skills, with experience in managing multiple priorities. Strong analytical and problem-solving skills with a focus on identifying and managing risks. Effective communication and interpersonal skills for engaging with both technical and non-technical stakeholders. Familiarity with compliance and regulatory frameworks (e.g., NIST, COBIT, ISO 27001) related to IT infrastructure. Proficiency in using tools and platforms for audit management, risk tracking, and compliance monitoring. Experience in coordinating the resolution of audit findings and risk mitigation plans within IT environments. Background in managing compliance activities specific to IT infrastructure and operations is a plus Familiarity with internal control frameworks and governance models for IT departments.

Work Experience: 1. Qualified Chartered Accountant 2. Post qualification experience in Corporates and audit firms – Minimum 2 years to maximum of 6 years. 3. Other preferred qualification like CIA, CFE, CISA, CISSF and MBA from a well recognised Business School. Job Description: · Shall be responsible for conducting and delivering qualitative risk based internal audit/systems audit, business process documentation and other risk advisory services for our clientele. · Shall assist the Partner in delivering timely, accurate and reliable data to the clientele. · Completing client projects effectively and efficiently and also maintaining a high level of proficiency and confidentiality. · Broader perspective of potential issues encountered when managing diverse teams and the strategies to overcome them; have a clear understanding of the firm’s commitment to creating a more inclusive culture. . Preferably having Hands on Experience of working for listed companies in India, . In –depth knowledge in COSO and COBIT framework, Internal Audit Standards. . Ability to communicate clearly with colleagues and client at all levels. . Must possess good presentation skill sets Job Type: Full-time Pay: ₹650,000.00 - ₹700,000.00 per year Schedule: Day shift Ability to commute/relocate: Teynampet, Chennai, Tamil Nadu: Reliably commute or planning to relocate before starting work (Required) Work Location: In person

Role Description The Global Risk and Compliance division (GR&C) exists to enable the FNZ Group to safely achieve its strategic objectives, protect value, and support the delivery of services and propositions to the quality our clients and regulators expect. The Chief Risk Officer of Technology & Security is responsible for leading the second-line oversight of technology and security risk across the enterprise while serving as a strategic risk partner to the Group Head of Technology. This role ensures that technology and information security risks are effectively managed, aligning with the firm’s risk appetite and regulatory expectations while also providing proactive risk advisory support to the Technology division. As a key member of both the Senior Risk Leadership Team and the Technology Senior Leadership Team, the CRO of Technology & Security will design and oversee the firm's global technology and cybersecurity risk framework to ensure resilience and regulatory compliance, challenge first-line risk management practices, and drive continuous improvement in risk resilience across the organization. The CRO of Technology & Security leads the second line technology and security risk function responsible for overseeing technology and security risk management initiatives across jurisdictions, proactively identifying and mitigating emerging threats, and fostering a risk-aware culture throughout the organization. The CRO of Technology & Security will work closely with executive leadership, regulators, and key stakeholders across regions and business units to ensure that technology and cybersecurity risk strategies support the firm’s strategic objectives while meeting evolving regulatory and threat landscape demands. This role is critical to ensuring that technology and cybersecurity risks are managed proactively in an evolving digital landscape. This role is ideal for a senior technology and security risk leader with a deep understanding of technology, digital, and AI-related risks and regulatory requirements for financial services organizations; a strong commitment to ethical leadership; thrives in a fast-paced, highly-matrixed global environment. Specific Role Responsibilities Strategic Leadership & Governance Develop and implement a comprehensive second-line risk management framework for technology and cybersecurity risks. Advise and collaborate with the Technology Division to establish policies, standards, and risk appetite statements related to IT, cybersecurity, data privacy, cloud, AI, and emerging technologies. Provide independent oversight and challenge to first-line risk management and control activities. Advise the Group CRO and executive leadership on key technology and security risk exposures and mitigation strategies. Risk Assessment & Oversight Partner with the Chief Information Security Officer (CISO), Chief Information Officer (CIO), and other senior executives to ensure robust risk management practices. Oversee cybersecurity, technology, and applicable third-party risk assessments to identify vulnerabilities and areas requiring mitigation. Collaborate with technology, security, and business leaders to provide assurance of design and operating effectiveness of technology and security controls, remediation strategies, and resilience measures. Oversee risk assessments for new technology, migrations, third-party partnerships, and AI-driven solutions, ensuring alignment with security and resilience objectives. Oversee threat intelligence, penetration testing, and security monitoring programs to ensure proactive risk identification and response. Drive business value by integrating risk insights into continuous improvement efforts and strategic technology initiatives. Enterprise Resilience & Incident Response Provide 2nd line assurance of robust business continuity, disaster recovery, and cyber incident response plans and testing. Partner with the Group Head of Technology, Group Head of Infrastructure, and Group CISO in crisis management efforts, rapid response to major cybersecurity incidents, data breaches and technology disruptions. Provide oversight and independent challenge to technology-related incident response, resilience and crisis management activities. Ensure post-incident reviews and lessons learned are effectively implemented to mitigate future risks. Evaluate and enhance business continuity and disaster recovery plans related to technology infrastructure. Advocate for resilience by design, overseeing security and risk management embeddedness into IT architectures, cloud deployments and digital transformation projects. Regulatory & Industry Risk Oversight Serve as trusted advisor and expert on emerging regulatory, cybersecurity, and technology risk trends impacting financial services, ensuring compliance with global standards such as DORA, NIS, GDPR, ISO 27001, SOC 2 and financial data security laws. Advise executive leadership on regulatory risks, cyber resilience, and operational risk management strategies. Partner with executive leadership on regulatory affairs, external audits, and external cybersecurity stakeholders; support responses to regulatory inquiries, security incidents and compliance assessments. Governance, Reporting & Communication Represent Global Risk & Compliance in senior leadership committees, including the Technology Risk Forum and relevant sub-committees. Provide regular reporting to the Group CRO, executive team and Group Board Risk Committee on IT/cyber risk trends and emerging threats. Develop and maintain key risk indicators (KRIs) and dashboards for technology and security risk oversight. Leverage data analytics, automation, and AI-driven insights to enhance risk monitoring capabilities. Leadership & Development Cultivate a global network of technology and security risk professionals, fostering a culture of innovation, resilience and operational excellence. Provide mentorship, training and development support for risk and security teams to strengthen enterprise-wide risk capabilities. Ensure Regional CROs and teams are aligned with the enterprise technology and security risk strategy and effectively managing local risk exposures. Provide oversight and guidance on global enterprise technology and security risk monitoring programs to ensure consistent risk management practices. Collaborate with Regional CROs to provide support, education and training to enhance technology and security risk awareness and competency. Maintain deep knowledge of the regulatory and risk environments in which the organization operates, within the financial services industry. Provide enterprise technology and security risk consultancy to the wider organization. Serve as the policy owner for relevant enterprise technology and security risk management policies and procedures. Ensure that annual technology and security risk-based assessments and stress testing exercises are systematically carried out across the global enterprise. Qualifications Experience required Education: Bachelor’s degree in information security, cybersecurity, risk management, computer science, or a related field. Certifications: CRISC, CISM, CISSP, CISA, or equivalent risk and security certifications. Experience 15+ years of experience in technology risk, cybersecurity risk, or enterprise risk management, preferably in a financial services or regulated industry, with at least 5 years in a senior or global technology risk leadership role. Deep knowledge of IT governance frameworks (e.g., NIST, ISO 27001, COBIT) and regulatory requirements (e.g., FFIEC, GDPR, DORA, SEC, OCC). Experience interacting with regulators, auditors, and board-level committees. Proven ability to lead and influence cross-functional teams and senior stakeholders. Proven track record of developing, implementing and managing enterprise-wide technology and security risk programs in a complex, multinational environment. Leadership & Communication Strategic thinking with strong business acumen. Ability to balance risk oversight with enabling business innovation. Strong analytical, communication, and leadership skills. Ability to manage complex, high-impact risk issues in a dynamic environment. Deep understanding of emerging technology risks, including cloud, AI, quantum computing, and supply chain vulnerabilities. Demonstrated ability to work in a matrixed organization and oversee cross-functional teams, manage multiple priorities and influence stakeholders across all levels. Strong written and verbal communication skills, with the ability to simplify complex risk concepts for non-technical audiences. High level of integrity, with a commitment to ethical conduct and the organization’s values. Ability to articulate the commercial benefits of effective risk management and integrate risk insights into strategic planning. Ability to build and maintain effective internal and external relationships. Ability to analyse, present and report executive management information to senior stakeholders. Effective communicator and influencer, sharing insight that translates technical concepts into clear and understandable language, listening to and encouraging active collaboration amongst stakeholders. Flexible and resilient, with the ability to manage competing and changing priorities. Strong people leadership experience in hiring, developing, promoting and retaining talent along with effective performance management of underperformers. About FNZ Culture Our culture is what drives us. It's at the heart of who we are and everything we do. It's what inspires, excites and moves us forward. Our ambition is to create a culture for growth, one that opens up limitless opportunities for our employees, customers and the wider world. At FNZ we know that great impact is only possible with great teamwork. That’s why we value the strength and diversity of thought in our global team. The FNZ Way is the cornerstone of what we do. It is comprised of four values that set the standard for how everyone at FNZ interacts with each other, with our customers, and with all our diverse stakeholders around the world. Customer obsessed for the long-term Think big and make an impact Act now and own it all the way Challenge, commit and win together Read more about The FNZ Way and our values : www.fnz.com/culture Opportunities Right from day one, you will work alongside exceptional, multicultural teams - experts in their respective fields - who will inspire and challenge you to make your greatest impact. Be part of a highly successful, rapidly growing, global business that is leading the delivery of financial services via cloud computing and partners with some of the world’s largest companies; Working in a flexible and agile way that meets the needs of the business and personal circumstances; Remuneration, financial rewards and career advancement is based on individual contribution and business impact rather than tenure or seniority; We provide global career opportunities for our best employees at any of our offices in the UK, EU, US, Canada, South Africa and APAC. About FNZ FNZ is committed to opening up wealth so that everyone, everywhere can invest in their future on their terms. We know the foundation to do that already exists in the wealth management industry, but complexity holds firms back. We created wealth’s growth platform to help. We provide a global, end-to-end wealth management platform that integrates modern technology with business and investment operations. All in a regulated financial institution. We partner with over 650 financial institutions and 12,000 wealth managers, with US$1.7 trillion in assets under administration (AUA). Together with our customers, we help over 26 million people from all wealth segments to invest in their future.

Responsibilities: Provide data analytics, risk management and IT audit support during business development pursuits; e.g. proposals, cost build-ups, sales meetings Identify, prioritize and execute on high-value opportunities to improve data risk services methodologies; including developing and delivering training, whitepapers, and desktop procedures for best-practice evaluation methods by business application (prioritization on Oracle Fusion, SAP ECC and SAP S/4HANA, Microsoft D365, Workday, NetSuite and other tier 1 business applications Identify and prioritize high-value opportunities to improve audit and compliance processes through analytics and automation, particularly in areas unique to Data GRC (e.g., metadata management, master data management, data lineage capture and mapping, risk and controls design and testing, upstream and downstream data quality and accuracy validations, etc.) Responsible for developing and implementing data analytics solutions, including creating dashboards and reports. This role requires technical expertise to directly build and manage analytics. The specialist will actively engage in data analysis, build visualizations, and provide actionable insights to support decision-making. Upskill and train more junior staff on best practices and approach to data and risk management, including risk management and internal audit basics, analytics and automation. Responsible for execution and review of all work-papers and deliverables, including reporting to client stakeholders. Provide guidance to other internal and external stakeholders (clients, industry events, market events, etc.) on related data risk, analytics best practices Facilitate sessions with internal and external personnel to effectively design methodology that: a) help audit/compliance professionals learn more about the business in order to better focus attention on the areas of highest risk, and b) identify issues and potential process exceptions Manage communication with IT and/or business resources to locate internal and external data for analysis, understand data, and make data requests or direct connections to databases Champion sustainable data risk, analytics and automation design concepts Manage the development of visualization, dashboards and scripts, using agile development methodology Perform quality assurance over developer practices for data mapping, data transformations, data joining/blending, data quality, data cleansing, and other data movement related activities Provide guidance to both internal and external stakeholders on interpreting analytic results Coordinate data risk services with off-shore resources at the RSM Delivery Center in India and El Salvadore Be an active participant in local employee network groups and build relationships with RSM members across all lines of business and consulting as representing practice services and capabilities ​ Position Requirements: Experience working with a team to provide services to numerous clients simultaneously Project and program management expertise and strong written and verbal communication skills Detail-oriented with a pro-active, inquisitive and creative approach to work, preferred to be analytics and technology inclined Experience as an auditor or supporting internal or external audit teams with fundamental understanding of enterprise risk management and compliance and/or best practice frameworks such as COSO, Sarbanes-Oxley (SOX), COBIT, etc. Understanding basic accounting, operations and auditing concepts and reporting skills, including documentation requirements Understanding and ability to describe the flow of typical business processes, covering the purchase-to-pay, order-to-cash, and record-to-report cycles, at a minimum. Understanding of automation capabilities, such as robotic process automation, machine learning, natural language processing, application programming interfacing, process mining, etc. ​ Minimum Qualifications: Undergraduate degree in Accounting, Management Information Systems, Computer Science, or equivalent level of education Minimum of 3 years in IT audit and/or compliance with expertise in key reporting testing and experience in testing IT application controls, business process controls, and IT general controls Minimum of 3 years’ experience in technical analytics using analytics and cleansing tools such as Alteryx. Minimum of 3 years in public accounting in audit or risk advisory services capacity CPA, CISA, CIA or other related certification ​ Preferred Qualifications: Experience with data analytics of large ERP applications such as MS D365, SAP, Oracle, NetSuite and Workday. Hands-on experience using audit-focused GRC technologies such as AuditBoard, ServiceNow, TeamMate, Idea, and WDesk. Experience using other industry standard data analysis technologies such as Alteryx, SAS, SQL, and/or Python Experience developing and/or managing dashboard solutions created using Power BI, Tableau, Qlik, or similar technologies Experience with process mining using tools like Celonis or ABBYY Timeline Experience working with automations software such as Power Automate, Automation Anywhere and UiPath. Experience working with data from cloud-based applications like Workday, NetSuite, Salesforce, Concur is a plus Business development experience is a plus Certifications in one or more data analysis technologies such as Alteryx, UiPath, Tableau, or Power BI ​ Standards of Performance: Data stewardship - Maintain confidentiality, integrity and availability of information with your custody A self-starter with a process improvement mentality who is hands on, results-oriented, and leads by example A strong entrepreneurial spirit with the highest levels of professional and personal honestly, integrity and ethics Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments Ability to interact with all levels of client staff, including executives and senior managers Possess strong business ethics and willingness to adhere to stringent professional standards Ability to put forth additional effort to meet deadlines when necessary Ability to travel to the local office at least 3 days per week

About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focussed and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Responsibilities Perform testing of IT Application Controls/ITAC/Automated controls, IPE, and Interface Controls through code reviews, IT General Controls/ITGC/GITC review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster Recovery Perform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk & Control Matrix. Perform business process walkthrough and controls testing for IT Audits. Performing planning and executing audits, including - SOX, Internal Audits, External Audits Conducting controls assessment in manual/ automated environment Prepare/Review of Policies, Procedures, SOPs Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations. Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the work to be performed. Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project’s progress. Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables. Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status. Qualifications MBA/Mtech/MS full time with minimum 3 year experience. IT Audit + SAP experience with knowledge of IT governance practices Prior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Preferred Certifications – CISA/CISSP//CISM Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal Opportunity Employer KPMG India KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

Job Description: About Us At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Global Business Services * Global Business Services delivers Technology and Operations capabilities to Lines of Business and Staff Support Functions of Bank of America through a centrally managed, globally integrated delivery model and globally resilient operations. Global Business Services is recognized for flawless execution, sound risk management, operational resiliency, operational excellence, and innovation. In India, we are present in five locations and operate as BA Continuum India Private Limited (BACI), a non-banking subsidiary of Bank of America Corporation and the operating company for India operations of Global Business Services. Process Overview* The Incident and Change Management function is responsible for identifying, mitigating/resolving and managing risk and impacts from change, technology and non-technology events and ensures the integrity and stability of service delivery channels through strict adherence and enforcement of incident and change management principles, thereby minimizing the overall impact to our customers and associates. Job Description* The individual needs to work as an Incident manager for Incident and Continuity Management line of business which is engaged in providing contingency management services to its supported LoBs. From an incident management point of view, the primary job requirement is to identify and mitigate impacts and risks for our customers as well as associates arising out of technology and non-technology related events. As a change manager the individual will be acting as a voting member of multiple Change Advisory Boards (CAB) where planned or expedited technology & facility changes are presented for approval. Role of an ICM consultant is to review all change requests concerning our supported LoBs from an impact perspective and accordingly approve/reject the request. Responsibilities* Resource will be responsible for real time incident & change management for all technology and non-technology incidents impacting the production environment Escalate issues impacting multiple users that cannot be easily resolved to technology teams, including creating incident tickets, opening bridge lines, paging support teams, and kicking off triage efforts. Engage in the triage efforts for impacting issues and drive technology teams to provide restoral as quickly as possible. Act as the liaison between contact centers and technology, provided key information about incidents to technology teams to assist with triage as well as providing direction to the business (contact centers) about estimated restoral times and actions that should be taken to minimize impact during the triage. Represent the supported businesses in a CAB (Change Advisory Board) meeting to ensure that planned events do not disrupt or adversely impact their operational stability. Continually assess the severity of an incident with respect to the impacts caused by it and regularly communicate the same to all stakeholders. Monitor, identify, track, report and mitigate impacts (wherever possible) and risks arising from an incident or a change Demonstrates business and/or technical acumen to recommend and implement solutions that protect the bank's assets. Requirements* Excellent written and verbal communication skills including ability to communicate clearly and concisely with non-technical Business Leaders. Be able to serve as liaison between various technical partners & business executives Able to demonstrate ability to take a problem and work to find a solution independently Cross-functional coordination, influencing and negotiation skills Strong diagnostic and analytical abilities Proficient with Microsoft Office tools (Outlook, Communicator, Word, Excel, and SharePoint) Strong attention to detail, analytical skills and ability to work both independently as well as part of Incident Management team. Ability to work well under pressure and manage multiple tasks to meet deadlines. Leadership skills and the ability to effectively drive triage calls. Education* Graduates / Post-graduates with good track record/academic scores Certifications if any- ITIL V4 foundations, ITIL Intermediate – Service Operations, Business Continuity Planning and Crisis Management, COBIT 5, Industry certification like CCNA, BCP, MCP etc will be highly regarded. Experience Range* 8-10 years Foundational skills* Hands on experience in incident/problem management Excellent communication skills, both written and verbal, is a non-negotiable requirement In depth knowledge of the ITSM processes Desired skills* Familiarity with ITIL/ITSM methodologies Proficient with Remedy, Microsoft Access, SharePoint and contact center applications (IEX, NICE, etc.) Good understanding of the contact center environment Work Timings* Rotational 6:30am to 10:30 pm Weekly Off - Rotational Job Location* Gurugram

Dear Professional, We are excited to present a unique opportunity at Cognizant, a leading IT firm renowned for fostering growth and innovation. We are seeking talented professionals with 3 to 5 years of experience in Major Incident Management,Critical Incident Handling,Incident Response,ITIL Incident Management Root Cause Analysis,Incident Escalation,Service Restoration,War Room Coordination,ServiceNow,BMC Remedy,Jira Service Management,PagerDuty,ISO 20000,COBIT,Major Incident Manager,Incident Response Lead to join our dynamic team. Your expertise in these areas is highly sought after, and we believe your contributions will be instrumental in driving our projects to new heights. We offer a collaborative environment where your skills will be valued and nurtured. To proceed to the next step of the recruitment process, please provide us with the following details with Updated resume to sathish.kumarmr@cognizant.com Please share below details (Mandatory) : Full Name(As per Pan card): Contact number: Email Current Location: Interested Locations: Total Years of experience: Relevant years of experience: Current company: Notice period: NP negotiable: if yes how many days they can negotiate? : If you are Serving any Notice period Means please mention Last date of Working: Current CTC- Expected CTC- Availability for interview on Weekdays ? Highest Qualification? Additionally, we would like to schedule a virtual interview with you on 26th June 2025 . Kindly confirm your availability for the same. We look forward to the possibility of you bringing your valuable experience to Cognizant. Please respond at your earliest convenience. Thanks & Regards, Sathish Kumar M R HR-Cognizant Sathish.KumarMR@cognizant.com