534 Cobit Jobs - Page 22

The Area: Morningstar is a leading global provider of independent investment insights. Our core competencies are data, research, and design, and we employ each of these to create products that clearly convey complex investment information. Our mission is to empower investor success and everything we do at Morningstar is in the service of the investor. Reporting to the Audit Committee of the Board of Directors, the purpose of the Global Audit and Assurance (GAA) function is to strengthen Morningstars ability to create, protect, and sustain value by providing the Company with organizationally independent, risk-based, and objective assurance and consulting services to evaluate and improve Morningstars governance, risk management, and control processes. The Role: Morningstars GAA function seeks a highly motivated Senior IT Internal Auditor who thrives on new experiences and challenges. As a Senior IT Internal Auditor, you will play an integral role in evaluating the company’s information technology and information security processes and effectiveness of internal controls. You will have the opportunity to work on a variety of information technology integrated reviews as well as evaluate the effectiveness of IT general controls over external financial reporting as part of the company’s Sarbanes-Oxley Section 404 compliance activities. Based in Mumbai, the Senior IT Internal Auditor may be required to travel to a number of domestic and international locations in support of our IT internal audit plan. You will work closely with all levels of management across the organization, recommending changes to strengthen controls for increased efficiencies and reduced risks. The Senior IT Internal Auditor will have the opportunity to utilize and reference world-class audit tools and audit methodologies in the performance of his or her duties. Key responsibilities: Planning and execution of information technology and integrated audit reviews. Perform walkthroughs of complex information technology and information security processes and test the design and effectiveness of internal controls. Document work and prepare observations and recommendations for corrective action. Supervise audit staff and/or external consultants, review workpapers, and provide appropriate coaching and feedback. Effectively apply the COSO internal control framework, COBIT IT governance framework, NIST Cybersecurity framework and IIA International Professional Practices Framework. Assist audit management with the execution of continuous risk assessment and audit plan development. Serve as a consultant and business partner with management. Requirements: Action-oriented, self-starter with strong verbal and written communication skills. Comfortable working both independently or in teams and working within a complex environment. Ability to diagnose problems, determine root causes, and recommend solutions to complex challenges. Strong understanding of information technology general computer controls, system development life cycle, and IT auditing techniques; including a broad knowledge of IT technologies, operating systems, databases, and application platforms. Knowledge of recognized IT audit and governance frameworks such as COBIT, ITIL, NIST, ISO, etc. Knowledge of General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Undergraduate degree in information technology, management information systems, or a related field. Minimum of 7 years of internal or external audit experience assessing information technology/security controls and/or internal controls over financial reporting. Proven ability in performing multiple projects and working with varying team members. Flexibility/ adaptability to work a non-standard schedule as needed to accommodate various time zones where some process owners are located. Willingness to travel to domestic and international offices. Experience in working for a Big 4 or Tier-Two public accounting firm is highly preferred. Experience performing data analytics and using data analysis or automated audit software is highly preferred. Professional accreditation (e.g., CIA, CISA, CPA) is highly preferred. Morningstar is an equal opportunity employer.

About The Role : Job Title- Divisional Risk and Control Senior Analyst, AVP Location- Pune, India Role Description The 1st line Tech Risk, Insights and controls function at Deutsche Bank sits within the Chief Technology Office (CTO) for Deutsche Bank Group. CTO has the largest footprint within the Technology, Data and Innovation (TDI) division and is joined by other business-aligned CIO IT divisions. The Tech Risk, Insights and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner. As part of the team, you will join the Banks journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction. Specifically, you will bring expertise for risk identification and remediation advisory, records management supporting a proactive risk management function. It will therefore also include planning and executing thematic risk assessments and inputting into risk scenario testing and macro threat assessments. Further you will respond to client due diligence requests. You will liaise with other risk and control functions, on a management level to assure the integration of risk initiatives and projects. This role will report to the Head of Risk Assessments and Response and ultimately to the Global Head of Risks, Insights and Controls. What we'll offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Risk Management Promote risk awareness, encourage prioritization of risk remediation, process re-engineering and strategic risk management Provide processes for systematic, proactive, and forward-looking risk identification, risk assessment, monitoring, reporting, and keeping CTO risk profile up to date Plan and execute thematic risk assessments and input into risk scenario testing and macro threat assessments Identify material remediation priorities for CTO and key cross divisional priorities impacting CTO (control / remediation book of work) Support CTO in managing the CTB budget allocated for high risk finding remediation and CTO involvement in reducing risk owned by other CIO and CISO divisions Be a catalyst and an enabler to the global leadership for achieving the objectives in line with changing regulatory and industry operating landscape and reducing risk against overall technology operations portfolio Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums Audit Management Manage and govern audit requests and findings in a quality assured and controlled manner Respond to client due diligence requests in a timely manner End-to-end governance, monitoring, control, and reporting of audit lifecycles Audit support and advice incl. quality assurance of management action plans, completion check of the deliverables, closure review, ownership transfer, downgrade, risk acceptance and target date extensions Act as overall interface with Audit for fieldwork support and ongoing oversight, co-ordination, quality control, read across for all divisional audit findings Establish a consistent approach to ownership of management action plans Manage operation of audit interface to vendors including monitoring and reporting Foster lessons-learned on audit findings and missed self-identified findings Stakeholder Management Identify, Partner, and Collaborate Establish relationship with external and internal Audit teams to ensure effective and robust challenge to finding and to establish smart management action plans. Partner with 2nd LoD, NFRM (Non-Financial Risk Management) to ensure alignment towards Group wide minimum control standards Collaborate closely and proactively with DCRO team to manage the finding lifecycle Promote and support proactive IT risk culture at the Bank Your skills and experience Desired experience Minimum 2 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework in a global organization Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 Knowledge of Agile change delivery methodology, DevOps and Shift left concepts Cloud Computing Technology (GCP, AWS, Azure etc.) certifications or similar domains Other professional qualifications and certifications in Technology risk management Desired behaviors A strong team player comfortable in a cross-cultural and diverse operating environment Result oriented and ability to deliver under tight timelines Ability to successfully resolve conflicts in a globally matrix driven organization Excellent communication and collaboration skills Desire to learn about new and emerging technologies and continuous upskilling Must be comfortable with navigating ambiguity to extract meaningful risk insights How we'll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs

CMMI / ISO Expert Anand , India We are seeking a highly skilled and experienced CMMI / ISO Implementation Expert to lead the implementation of CMMI ( Capability Maturity Model Integration) and ISO (International Organization for Standardization) standards across all business workflows. The successful candidate will be responsible for designing, implementing, and maintaining these frameworks to ensure compliance, improve processes, and enhance the overall efficiency of the organization. Key Responsibilities Lead the full lifecycle implementation of CMMI and ISO standards (ISO 9001, ISO 27001, etc.) for various business workflows, from assessment to certification. Analyze current business processes and workflows to identify areas for improvement and ensure they align with CMMI and ISO requirements. Develop, document, and implement processes, procedures, and controls in line with the best practices outlined in CMMI and ISO frameworks. Conduct gap analysis to determine the current level of compliance with CMMI and ISO standards, and develop a roadmap for achieving certification. Collaborate with cross-functional teams, including IT, operations, and quality management, to integrate CMMI and ISO practices into daily operations. Establish key performance indicators (KPIs) and metrics to measure process improvement and ensure continuous improvement initiatives are in place. Train and mentor staff across various departments to ensure understanding and compliance with CMMI and ISO standards. Perform regular audits and assessments to monitor adherence to implemented standards, ensuring corrective actions are taken when necessary. Act as the primary point of contact for external audits and certification bodies, coordinating the certification process and maintaining certification status. Keep up to date with the latest developments in CMMI and ISO standards and recommend updates or changes to existing practices as needed. Develop and maintain documentation, policies, and procedures to support the ongoing management and sustainability of CMMI and ISO implementations. Report regularly to senior leadership on the status of implementation, key milestones, and any risks or challenges associated with the compliance initiatives. Skills and Qualifications Proven experience (5+ years) in implementing CMMI (preferably up to Level 3 or higher) and ISO standards (ISO 9001, ISO 27001, etc.) in a corporate environment. Strong understanding of process improvement methodologies and compliance management. Experience conducting internal audits and leading external certification audits with third-party bodies. Excellent knowledge of business process mapping, workflow optimization, and performance metrics. Ability to develop and implement training programs to ensure organizational-wide understanding and compliance. Strong project management skills, with experience leading complex, cross-functional initiatives. Excellent verbal and written communication skills, with the ability to explain technical concepts to non-technical stakeholders. High attention to detail and strong analytical skills for conducting gap analysis and risk assessments. Proven ability to work independently and manage multiple projects in a deadline-driven environment. Whats great in the job Lead critical compliance initiatives and drive process excellence across the organization. Work in a collaborative and innovative environment focused on high-quality standards. Competitive salary and benefits package. Opportunities for professional growth and career advancement. If you have a passion for implementing world-class quality frameworks like CMMI and ISO, and want to play a key role in improving business processes and compliance, we encourage you to apply! What We Offer Each employee has a chance to see the impact of his work. You can make a real contribution to the success of the company. Several activities are often organized all over the year, such as weekly sports sessions, team building events, monthly drink, and much more Perks A full-time position Attractive salary package. Trainings 12 days / year, including 6 of your choice. Sport Activity Play any sport with colleagues, the bill is covered.

The position entails performing regular internal audits, ensuring compliance with security protocols, assessing network security measures, and implementing cybersecurity best practices to maintain the integrity and confidentiality of data. Required Candidate profile Between 5 -7 years in Information Security out of which at least 3 years should be in Internal /External Audit,Compliance/Implementation. Strong understanding of ISO/IEC 27001, 22301,27701, 20000-1.

Role Description The first line Tech Risk function for business divisions CB, IB and Ops at Deutsche Bank sits within the Divisional Control Office. CB and IB front-to-back have the largest footprint as a risk bearing function within the banking divisions, and you will be part of a dynamic team which is consistently in demand for providing insights, assessments and managing Information Technology (IT) and Information Systems (IS) risks on behalf of the business. Divisional Control Office (DCO) team ensures that the division operates with high levels of integrity. It is responsible for supporting the business by developing, implementing and maintaining a risk culture to ensure a strong and sustainable business control environment whilst minimizing risk arising from non-financial risk factors. DCO strategy includes improving the risk management information and strengthening the governance and risk culture. As part of the team, you will join the Banks journey and contribute towards our strategic goal of managing technology risk within appetite whilst enabling adoption of emerging and new technologies for business growth. This role will specifically focus on managing the Program office for the Technology Risk function and working directly with the Global Head of Technology Risk for CB, IB and Ops. Your Key Responsibilities Oversee strategic initiatives, from development through successful execution, under the guidance of senior leadership Review, design, and execute improvements to organizational structure; find knowledge and skills gaps and help address them Improve current processes and optimize organizational procedures for efficiency and productivity to support proactive risk management Manage and Support the Head of Technology Risk on budgetary aspects of the team including headcount and learning & development needs Serve as liaison with employees, senior stakeholders, and Senior Management on various matters including project updates and team communications Assist in running campaigns/roadshows in establishing the 1LoD Technology risk function and ongoing interactive sessions with business teams to embed positive technology risk culture. Your Skills & Qualifications: Relevant experience of working in a Strategy/Project team in a Technology division across IT/IS risk types Strong understanding of Tech controls framework COBIT, NIST Excellent presentation skills with ability to create and maintain decks Proven people management skills with ability to lead activities independently Strong quantitative and analytical skills required to critically evaluate information for key risk assessments Strong project management skills and a proactive team partner Influencing, negotiation skills and stakeholder management expertise Proficiency with automating tasks to improve efficiency a plus, but not mandatory.

Job Title: Divisional Risk and Control Location: Pune, India Corporate Title:AVP Role Description The 1st line Tech Risk and controls function at Deutsche sits within the Group Technology Infrastructure (GTI) for Deutsche Bank Group. GTI has the largest footprint within the Technology, Data and Innovation division and is joined by other business-aligned CIO IT divisions.The Tech Risk and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner. As part of the team, you will join the Banks journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction. Specifically, you will bring expertise to Control definition and assessments capability across IT Infrastructure, SDLC and Architecture domains supporting a proactive risk management function. It will therefore also include providing change risk advisory services for transformational change programs undertaken by or impacting GTI. You will liaise with other risk and control functions, on a management level to assure the integration of risk initiatives and projects. You will also support Regulatory Adherence and Policy Management function within TDI Risk Management. Its purpose is to provide oversight and supervision of new & changed material regulation impacting TDI, including full traceability to derived DB-specific Policies, Procedures, Key Operating Documents and Supporting Documents. What we'll offer you As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Risk & Control Management Identify and evaluate potential areas of non-compliance or risk, assessing impact, probability and present findings and proposals for risk mitigation measures. Support the delivery of the risk and control initiatives. This includes participation in risk and control activities, risk-based control reporting of key issues, performance and validation of cyclical activities such as annual control self-assessments. Work closely with teams in and out of the division to understand risks impacting the group. Align internal Deutsche Bank policies/procedures against industry recognized framework to strengthen the control framework and its implementation for both within the Bank and our 3rd party vendor relationships Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums Regulatory Adherence and Policy Management Coordination of regulatory adherence assessments across sub-divisions within TDI and management and review of Policies, Procedures, Key Operating Documents, Supporting Documents within TDI. Engage with stakeholders across TDI and other (e.g. 2nd line of defence) divisions in reviewing, assessing, and documenting the impact of regulations and ensuring remedial actions are established and monitored. Steer and support the publication of a consistent set of global and local Policies, Procedures, Key Operating Documents and Supporting Documents relating to Information Technology from laws, rules, and regulations. Risk remediation and Change Risk Advisory Support the Head of TDI GTI Risk Management in assessing risks related to strategic changes within the GTI Organization Proactively monitor risk landscape shift within the industry to identify transformation project opportunities to insulate Deutsche Bank from any potential risk exposure e.g., Production design life cycle, application and infrastructure architecture and its resilience Stakeholder Management Identify, Partner and Collaborate Work with relevant stakeholders to identify and assess controls gaps related to technology risk - measure and mitigate them in a timely manner Align with COO Division Control Office (DCO) team and NFRM (2nd LoD) ensuring successful and consistent implementation of the established control framework. Promote and support proactive IT risk culture at the Bank. Your skills and experience Desired experience Minimum 5 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework or IT Audit in a global organization. Experience in a regulatory oversight, assurance, or policy management function within technology. Or have suitable compliance or audit background within infrastructure (and preferably IT & Information Security). Extensive experience regarding development, training and implementation of IT Policies, Procedures, Key Operating Documents and Supporting Documents. Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 Other professional qualifications and certifications in Technology risk management Desired behaviors A strong team player comfortable in a cross-cultural and diverse operating environment Result oriented and ability to deliver under tight timelines Ability to successfully resolve conflicts in a globally matrix driven organization Excellent communication and collaboration skills Desire to learn about new and emerging technologies and continuous upskilling Must be comfortable with navigating ambiguity to extract meaningful risk insights How we'll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Key Responsibilities: Must have skills 8+ years of experience in project management with a focus on risk, compliance, and security. Strong understanding of regulatory standards, requirement, and frameworks e. g. DORA, ISO27001, GDPR, SOC2, COBIT Well versed with Core security domains, e. g. IAM, SSDLC, Cryptography, TPRM, Data privacy, Vulnerability Management. Proven record and prior experience in managing security audits, risk assessments, and compliance documentation. Ability to lead and manage projects from initiation to completion, ensuring timely delivery. Proficiency in GRC and Project management platforms, e. g. Archer, OneTrust, JIRA, ServiceNow. Nice to have ISO 27001 Lead Auditor, CISA, CISM, or CISSP, or working towards these certifications. Experience with regulatory compliance in cloud environments, including AWS, Azure. Proven ability to effectively convey complex information and regulatory requirements to both technical and non-technical stakeholders. Critical thinking and analytical skills in evaluating risk factors, interpreting regulatory requirements, and making data-driven decisions to enhance compliance programs and mitigate potential issues. Experience in finance sector. Experience working with cross-functional teams, including Assurance, Operations, and IT. PART 3 Qualification, Experience and Skills Requirements 10+ years overall experience in IT industry Good to have some experience in Insurance industry Project Management experience (MBA from elite institutes preferred) Good to have PMP certification We therefore welcome applications regardless of ethnicity or cultural background, age, gender, nationality, religion, disability or sexual orientation. Join us. Lets care for tomorrow.

Project Role : Software Development Engineer Project Role Description : Analyze, design, code and test multiple components of application code across one or more clients. Perform maintenance, enhancements and/or development work. Must have skills : Service Management Framework Design and Implementation Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : minimum 15 years of fulltime education Summary :As a Software Development Engineer, you will be responsible for analyzing, designing, coding, and testing multiple components of application code across one or more clients. Your typical day will involve working on Service Management Framework Design and Implementation using your technical expertise and problem-solving skills. Roles & Responsibilities: Design and implement Service Management Frameworks for clients using industry best practices and standards. Collaborate with cross-functional teams to identify and resolve technical issues related to Service Management Frameworks. Develop and maintain technical documentation related to Service Management Frameworks. Provide technical guidance and support to team members on Service Management Frameworks. Stay updated with the latest advancements in Service Management Frameworks and integrate innovative approaches for sustained competitive advantage. Professional & Technical Skills: Must To Have Skills:Experience in Service Management Framework Design and Implementation. Good To Have Skills:Knowledge of ITIL, COBIT, and other industry frameworks. Strong understanding of IT Service Management principles and practices. Experience in developing and implementing Service Level Agreements (SLAs) and Operational Level Agreements (OLAs). Experience in designing and implementing Incident, Problem, Change, and Release Management processes. Solid grasp of IT Service Management tools such as ServiceNow, BMC Remedy, and JIRA. Additional Information: The candidate should have a minimum of 3 years of experience in Service Management Framework Design and Implementation. The ideal candidate will possess a strong educational background in Computer Science, Information Technology, or a related field, along with a proven track record of delivering impactful solutions. This position is based at our Bengaluru office. Qualification minimum 15 years of fulltime education

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. JD 2 – Risk Consulting - Protect Tech – Senior (IT audit – General skills) No. of positions (India): 4 Key Responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less