1022 Cobit Jobs - Page 4

The GRC Security Analyst will plan and implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The GRC security analysts will stay up-to-date on the latest cybersecurity intelligence, including hackers' methodologies, in order to modify standards and controls that govern cybersecurity across the corporation. About the Role Essential Duties & Responsibilities: Performing control assessments against corporate cybersecurity frameworks Perform review of policies and supporting procedures/processes Perform assessments of adherence to standards Customer Security Questionnaire assistance Work closely with management on security practices Assess 3rd party vendors for adherence to standards Develop routine reports in accordance with GRC metrics Stay on top of changes in the industry as it relates to security. Other security-related projects that may be assigned according to skills Ensure compliance with policies and procedures Develop and test Disaster Recover Plans Help align company with HITRUST CSF Qualifications Bachelor’s Degree, ideally in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of Cybersecurity 3+ years of relevant work experience in: compliance/systems engineering/cybersecurity role Experience in a healthcare setting preferred Possess current security certifications (e.g., Security+, CISSP, CEH, SANS) or be willing to obtain within 1 year of assignment. Required Skills 3 – 5 years experience in building an Information Security Risk Management program Experience supporting the development of Disaster Recovery Plans (DRPs). Proven ability to coordinate, execute, and document Disaster Recovery Plan tests, including analysis and reporting of results. Understanding and familiarity with information system standards Understanding and familiarity with cybersecurity frameworks (ISO, NIST, HiTrust, COBIT, etc…) Assist in maturing the Information Security Risk Management Program by helping to define an IS risk register which includes identifying threats and risks to the organization Meet with business stakeholders to identify top security risks Assist in performing IS self-assessments to ensure systems and applications are complying with corporate policies, applicable regulatory and legal requirements, and leading industry practices Assist in developing and driving the implementation of security best practices and standards to mature the overall IS Risk Management Program which includes defining security system and application standards of control Provide solutions to identified issues and risks Work with the CISO to determine the acceptable level of risk for enterprise computing platforms. Coordinate with key functional teams such as HR, IT, Marketing, Finance, Product Management, Development, General Counsel, and the Business to identify new applications and service providers in use and the associated security controls to secure the data. Assist in performing Third Party Risk Assessments for new and existing vendor tools, on premise implementations, and third parties with access to the environment. Assist in maturing the Third Party Risk Management program by defining security controls based on tiers of vendors. Articulating identified risks to the business for remediation, mitigation and sign off. Investigates incidents and events that include potential HIPAA and other data breaches, data leakage, brand reputational risks, malware propagation, system compromises etc. Mature the Data Loss Prevention Program by defining DLP rulesets in existing tools such as Varonis, CASB, Next Generation Firewalls etc. and review outputs to determine the appropriate action required. Assist with maturing the Data Governance Program which includes defining a Data Classification and Handling Program, identifying Data Owners, and assisting with the design and implementation of a Data Classification and Rights Management tool. Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Data Governance Security Program and initiatives. Assist in the management and maintenance of the enterprise wide IS Security Awareness Program which includes phishing simulations, computer based training, proactive communications on latest threats, workshops and newsletters. Assist in developing enterprise and functional team specific presentations to promote a security mindset Work with the CISO to ensure the Information Security team stays abreast of new regulatory, legal and/or compliance data security requirements. Ensure compliance with HIPAA, HITRUST, and applicable legal and regulatory requirements. Strong documentation and communications skills Pay range and compensation package This position is primarily a sedentary job and requires that the associate can work in an environment where they will consistently be seated for the majority of the work day. This role requires that one can sit and regularly type on a keyboard the majority of their work day. This position requires the ability to observe a computer screen for long periods of time to observe their own and others’ work, as well as in-coming and out-going communications via the computer and/or mobile devices. The role necessitates the ability to listen and speak clearly to customers and other associates. The work environment is an open room with other associates and noise from others will be part of the regular work day.

Location: Bangalore or Hyderabad Band: D Senior Digital Risk Advisor Join a team of digital risk governance and controls professionals helping Swiss Re to fulfil its mission in making the world more resilient. As a Senior Digital Risk Advisor, you will be responsible for the first-line digital & technology operations risk and control activities – ensuring risks are identified, controls applied, and performance is monitored, measured, and reported to our technology and business leaders. About The Team The Digital Risk Governance & Controls team is a key part of Swiss Re's Security Team, focused on defining and managing risks related to digital topics. We're looking for an experienced and highly motivated expert who will help to drive the company's risk culture. In your role, you will… Be part of a team of digital risk experts supporting Applications and Business stakeholders with applying digital risk governance principles and standards Actively contribute to the implementation of the digital risk framework as the trusted digital risk partner Ensure IT threats and risks are understood, issues are handled timely, and that IT controls are designed and operating effectively Embed controls into operational procedures by collaborating with our digital & technology teams to automate, measure performance, and continuously improve our risk position Build operational transparency with continuous monitoring and assessment of controls so that we meet our risk appetite and drive corrective actions where needed Be someone who believes in continuous innovation, is curious and adamant in finding a better way every day Your Qualifications A track record of successful delivery in IT risk and control-related roles, such as IT Governance, IT audit, or digital risk management Industry knowledge of insurance, reinsurance or banking business, and modern technology solutions General understanding of Risk Management Frameworks such as COBIT, ISO 31000 and COSO ERM CISA, CGEIT, CRISC or similar qualifications are an advantage Good teamwork and strong collaboration as well as a willingness to share knowledge and evolve within the team and across teams Capability to continuously build and maintain a strong collaborative network within the IT domains The ability to effectively communicate with a broad spectrum of stakeholders – from senior managers to IT engineers, developers and operations staff Be curious, proactive, result-oriented and confident in decision-making at speed Passion, drive and a belief in the value of digital risk management as an enabler of business performance Fluency in spoken and written English About Swiss Re Swiss Re is one of the world’s leading providers of reinsurance, insurance and other forms of insurance-based risk transfer, working to make the world more resilient. We anticipate and manage a wide variety of risks, from natural catastrophes and climate change to cybercrime. We cover both Property & Casualty and Life & Health. Combining experience with creative thinking and cutting-edge expertise, we create new opportunities and solutions for our clients. This is possible thanks to the collaboration of more than 14,000 employees across the world. Our success depends on our ability to build an inclusive culture encouraging fresh perspectives and innovative thinking. We embrace a workplace where everyone has equal opportunities to thrive and develop professionally regardless of their age, gender, race, ethnicity, gender identity and/or expression, sexual orientation, physical or mental ability, skillset, thought or other characteristics. In our inclusive and flexible environment everyone can bring their authentic selves to work and their passion for sustainability. If you are an experienced professional returning to the workforce after a career break, we encourage you to apply for open positions that match your skills and experience. Keywords Reference Code: 134239

Are you ready to accelerate your potential and make a real difference within life sciences, diagnostics and biotechnology? At Pall Corporation, one of Danaher’s 15+ operating companies, our work saves lives—and we’re all united by a shared commitment to innovate for tangible impact. You’ll thrive in a culture of belonging where you and your unique viewpoint matter. And by harnessing Danaher’s system of continuous improvement, you help turn ideas into impact – innovating at the speed of life. As a global leader in high-tech filtration, separation, and purification, Pall Corporation thrives on helping our customers solve their toughest challenges. Our products serve diverse, global customer needs across a wide range of applications to advance health, safety and environmentally responsible technologies. From airplane engines to hydraulic systems, scotch to smartphones, OLED screens to paper—everyday Pall is there, helping protect critical operating assets, improve product quality, minimize emissions and waste, and safeguard health. For the exponentially curious, Pall is a place where you can thrive and amplify your impact on the world. Find what drives you on a team with a more than 75-year history of discovery, determination, and innovation. Learn about the Danaher Business System which makes everything possible. The Analyst, IT Compliance is responsible for hands-on SOX control testing activities and responsible to ensure assigned processes are compliant with SOX program requirements and deadlines This position reports to the Sr. Manager – IT Compliance and is part of the IT Compliance team located in Pune and will be an on-site role. Perform SOX control testing, process walkthroughs, and documentation reviews, including SOPs and policies. Identify, document, and communicate control issues and audit findings to control owners in a timely manner. Escalate control deficiencies to the IT Compliance Manager and participate in remediation planning with process owners. Support control owners in timely remediation of deficiencies and perform retesting for design and operational effectiveness. Maintain accurate records of controls and testing results to support reporting to senior management and Audit Committee. Contribute to continuous improvement of IT compliance and audit processes. Assist in preparing reports and updates for leadership on compliance testing progress and status The essential requirements of the job include: 5+ years of experience in SOX IT Controls testing and review enterprise applications across the IT ecosystem. Strong independent problem solving, project management and analytical skills in finance, accounting, or auditing related areas SAP application experience desirable Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate Sox-related concepts to technical and nontechnical audiences in all levels of the organization, up to and including Executive Management. Bachelor’s Degree or equivalent It would be a plus if you also possess previous experience in: Strong hands-on experience with SAP IT General Controls (ITGCs) – including user access management, change management, and IT operations within SAP landscapes (e.g., ECC, S/4HANA). Proven ability to implement, test, and remediate SOX controls in SAP environments. Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or other relevant certifications preferred – with a strong understanding of control frameworks (e.g., COBIT, NIST) and how they apply to SAP systems. Exhibit excellent analytic skills, the ability to manage multiple projects under strict timelines, and to work well in a demanding, dynamic environment and meet overall objectives. Pall Corporation, a Danaher operating company, offers a broad array of comprehensive, competitive benefit programs that add value to our lives. Whether it’s a health care program or paid time off, our programs contribute to life beyond the job. Check out our benefits at Danaher Benefits Info. At Pall we believe in designing a better, more sustainable workforce. We recognize the benefits of flexible, remote working arrangements for eligible roles and are committed to providing enriching careers, no matter the work arrangement. This position is eligible for a remote work arrangement in which you can work remotely from your home. Additional information about this remote work arrangement will be provided by your interview team. Explore the flexibility and challenge that working for Pall can provide. Join our winning team today. Together, we’ll accelerate the real-life impact of tomorrow’s science and technology. We partner with customers across the globe to help them solve their most complex challenges, architecting solutions that bring the power of science to life. For more information, visit www.danaher.com. At Danaher, we value diversity and the existence of similarities and differences, both visible and not, found in our workforce, workplace and throughout the markets we serve. Our associates, customers and shareholders contribute unique and different perspectives as a result of these diverse attributes.

Job Information Work Experience 5-8 years City Hyderabad Country India Job Description We are looking for a proactive and detail-oriented Exception & Risk Administrator to support the operational handling of risk and compliance processes across the organization. You will work closely with the Governance, Risk and Compliance (GRC) team to ensure smooth execution of exception workflows, risk documentation, and follow-up activities. This role is ideal for someone with a basic background in risk, compliance, or security, who enjoys structured work, is comfortable coordinating across teams, and can operate independently while collaborating remotely in a global environment. Key Responsibilities: Risk Register Management Maintain and update the risk register; ensure timely follow-up with risk owners on mitigation actions and status updates. Evidence Gathering for Risk Assessments Collect and organize required documentation to support risk assessments, audits, and control validations. Ensure evidence is complete, accessible, and well-structured. Mailbox and Communication Handling Monitor and triage risk- and compliance-related mailboxes. Coordinate with internal stakeholders to ensure timely responses, escalate issues when needed, and maintain communication records. Exception Management Support Track security and compliance exceptions. Follow defined decision matrices to assist in handling, escalate when required, and ensure documentation is accurate and complete. Support in Reporting and Metrics Assist in preparing periodic risk, compliance, and exception dashboards. Ensure data is up-to-date and sources are traceable. ISMS Documentation Support Support the organization and upkeep of ISMS-related documents (e.g., policies, procedures, control lists). Ensure consistent formatting, proper version control, and and assist in preparing documentation for internal reviews or audits, in collaboration with the GRC team. Requirements Educational background in Information Security, Risk Management, Business Administration, or a related field; a bachelor’s degree in one of these areas is a plus. 5–6 years of experience in a GRC, security operations, compliance, or administrative security support role. Basic understanding of security risk management frameworks (e.g., ISO 27001, NIST, COBIT) is a plus. Strong organizational and communication skills. Comfortable working with documentation tools (e.g., MS Office, SharePoint, Confluence, Excel). Ability to work independently, prioritize tasks and take initiative. High attention to detail and a structured, methodical mindset. Languages: professional level - English Preferred: Experience working with international teams across time zones. Analytical mindset and ability to interpret basic risk and compliance data. What We Offer: Opportunity to contribute to a critical function in a global organization. A supportive, remote-friendly team environment. Exposure to a wide range of security, risk, and compliance topics. Potential to grow into a broader GRC or risk analyst role.

Job Description Company Description Thinkcloudly is a global IT learning platform dedicated to helping individuals become IT professionals. We offer specialized courses designed to enhance our students’ employability. Our mission is to provide high-quality training and interview preparation aligned with rapidly evolving technology, while making a positive impact on society. Role Description This is a part-time, remote role for an IT Auditing and GRC (Governance, Risk, and Compliance) Trainer . The trainer will be responsible for delivering well-structured and engaging online sessions, preparing relevant instructional materials, and guiding students through practical applications of IT auditing and GRC concepts. Responsibilities also include evaluating student progress, providing personalized feedback, and staying current with industry frameworks and compliance standards. Key Responsibilities Deliver interactive and comprehensive online training sessions on IT Auditing and GRC topics Prepare and update course materials, real-time use cases, and assessments Support students through hands-on guidance, doubt-clearing sessions, and feedback Stay up to date with industry trends, standards (like ISO 27001, NIST, COBIT), and compliance regulations Encourage student engagement and help them prepare for job interviews and certification exams Qualifications Strong knowledge of IT Auditing principles, GRC frameworks (e.g., COBIT, ISO, NIST), and compliance standards Experience in conducting virtual training sessions or corporate workshops Excellent communication, presentation, and mentoring skills Ability to simplify complex topics and deliver real-world examples Prior experience as a trainer or educator in IT Auditing/GRC is an advantage Relevant certifications such as CISA, CRISC, or ISO Lead Auditor are highly preferred Self-motivated with good time management and organizational skills Industry E-Learning Providers Employment Type Part-time | Remote

Bengaluru, Karnataka Job ID JR2025453770 Category Cybersecurity Role Type Hybrid Post Date Jul. 25, 2025 Job Description At Boeing, we innovate and collaborate to make the world a better place. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us. Overview As a leading global aerospace company, Boeing develops, manufactures, and services commercial airplanes, defense products, and space systems for customers in more than 150 countries. As a top U.S. exporter, the company leverages the talents of a global supplier base to advance economic opportunity, sustainability, and community impact. Boeing’s team is committed to innovating for the future, leading with sustainability, and cultivating a culture based on the company’s core values of safety, quality, and integrity. Technology for today and tomorrow The Boeing India Engineering & Technology Center (BIETC) is a 5500+ engineering workforce that contributes to global aerospace growth. Our engineers deliver cutting-edge R&D, innovation, and high-quality engineering work in global markets, leveraging new-age technologies such as AI/ML, IIoT, Cloud, Model-Based Engineering, and Additive Manufacturing, shaping the future of aerospace. People-driven culture At Boeing, we believe creativity and innovation thrive when every employee is trusted, empowered, and has the flexibility to choose, grow, learn, and explore. We offer variable arrangements depending upon business and customer needs, and professional pursuits that offer greater flexibility in the way our people work. We also believe that collaboration, frequent team engagements, and face-to-face meetings bring together different perspectives and thoughts – enabling every voice to be heard and every perspective to be respected. No matter where or how our teammates work, we are committed to positively shaping people’s careers and being thoughtful about employee wellbeing. With us, you can create and contribute to what matters most in your career, community, country, and world. Join us in powering the progress of global aerospace. Jeppesen is seeking an Lead Governance, Risk, and Compliance (GRC) Specialist . This position will be based in Bangalore, India . The GRC Specialist role is a multifaceted role performing a host of compliance duties in support of the Jeppesen aviation software business. Additionally, this role will work in support of compliance in a variety of national and international frameworks ensuring that Jeppesen meets and exceeds minimum risk and compliance with security controls supporting these frameworks. This role will supplement GRC Compliance Specialists, GRC Risk Management Specialists and ISMS owners. This role will focus on defining, quantitating, and developing materials such as Plan of Action & Milestone(s) (POA&M) to mitigate and resolve risks across Jeppesen. This role must see broader impacts of risks and be capable of relating risks to key stakeholders. This role will work with risks on different levels, from a technical product and vulnerability perspective to a more holistic organizational view. The role will also support compliance efforts by assisting in analyzing security practices and controls for the various frameworks, analyze Jeppesen’s current state, analyze the deficiencies between current Jeppesen state and implementation of controls, determine corrective measures to address deficiencies, plan appropriate steps to implement corrections, track the implementation of corrective actions, and provide internal self-audits of both processes and operational implementation of the controls. This role works across the organization and is expected to communicate effectively with leadership, operations, and development in ensuring that Jeppesen establishes and maintains a world-class compliance team. Domestic and international travel may be required to support audit and compliance efforts at Jeppesen locations in the US and worldwide. This is not estimated to be more than 15% of the employee’s time. Position Responsibilities Communicate with groups from C-Level Executives to operations and development Willingness to speak truth on security compliance regardless of audience; the role must be willing to express deficiencies when deficiencies exist Understand compliance frameworks and how they interrelate in terms of controls Decompose security controls into actionable requirements Define, write, and formally document policies, standards, procedures, guidelines, and baselines Test policies, standards, procedures, guidelines, and baselines for compliance to security frameworks Determine non-compliance and/or deficiencies between control expectations and current implementation including ability to provide guidance to fully meet intention of the security control Analyze schedule and budgets to determine if tasks are achievable Understands risk management including business risk management, operational risk management, and development risk management Problem solver; a desire to see problems as challenges to be resolved Continue to learn and improve skills through both JEPPESEN provided training and self-training Basic Qualifications (Required Skills/Experience): Ability to quickly change from one task to another Ability to work in a team and independently as needed by task A minimum of 3 years of experience working in compliance and/or auditor role in a highly regulated environment Experience working cross-functional teams providing guidance and improvements Experience in vulnerability management, patch management, or similar Experience in at least one of the following security frameworks: NIST, ISO 27001, CMMC 2.0, COBIT, Cyber Essentials, etc. Preferred Qualifications: Bachelor’s degree or similar level of experience in a technical field Security or compliance certification such as CISSP, CISA, CISM, CCP, CCA, ISO 27001 Auditor, etc. Ability to effectively discuss security frameworks in detail in how compliance works to shape a business and/or business unit Ability to take non-specific technical controls and data and relate them to technical implementations Experience working in Change Control Boards (CCBs) or other oversight groups Experience auditing businesses, business units, or teams for compliance to a security framework Experience in regulations such as GDPR, HIPAA, FISMA, etc. Experience in technical roles such as security operations, boundary defense, vulnerability management Typical Education & Experience: Bachelor’s degree or higher in Computer Science, Information Technology, or a related field, with 11+ years of relevant work experience. Master's degree with 10+ years' experience. Relocation: This position offers relocation based on candidate eligibility. Applications for this position will be accepted until Aug. 08, 2025 Export Control Requirements: This is not an Export Control position. Education Bachelor's Degree or Equivalent Required Relocation Relocation assistance is not a negotiable benefit for this position. Visa Sponsorship Employer will not sponsor applicants for employment visa status. Shift Not a Shift Worker (India) Equal Opportunity Employer: We are an equal opportunity employer. We do not accept unlawful discrimination in our recruitment or employment practices on any grounds including but not limited to; race, color, ethnicity, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military and veteran status, or other characteristics covered by applicable law. We have teams in more than 65 countries, and each person plays a role in helping us become one of the world’s most innovative, diverse and inclusive companies. We are proud members of the Valuable 500 and welcome applications from candidates with disabilities. Applicants are encouraged to share with our recruitment team any accommodations required during the recruitment process. Accommodations may include but are not limited to: conducting interviews in accessible locations that accommodate mobility needs, encouraging candidates to bring and use any existing assistive technology such as screen readers and offering flexible interview formats such as virtual or phone interviews. Your Benefits No matter where you are in life, our benefits help prepare you for the present and the future. Competitive base pay and incentive programs. Industry-leading tuition assistance program pays your institution directly. Resources and opportunities to grow your career. Up to $10,000 match when you support your favorite nonprofit organizations.

As a Team Leader based in Bengaluru, you will play a crucial role in establishing and leading a dedicated team within our Center of Excellence (CoE) focused on testing IT general controls and IT automated application controls. Your primary responsibility will involve managing a team dedicated to testing internal controls to ensure controls assurance for our Financial Services entities in the UK and Ireland. You will be the subject matter expert advising the Risk team on controls design, deficiencies evaluation, and process improvements based on best practices and regulatory expectations. Your dynamic personality and ability to adapt to a fast-paced environment are essential for success in this role. Key responsibilities of the role include: - Managing and guiding a team of testers to facilitate their professional development - Taking ownership of team results and providing leadership to achieve targets and deadlines - Supporting the end-to-end testing cycle by designing and executing testing activities of IT general controls and IT automated application controls - Analyzing and interpreting information to assess testing areas and documenting findings clearly - Identifying gaps in design and execution, communicating issues, and making recommendations to the IC&A team and control owners - Developing and maintaining comprehensive documentation, including process walkthroughs and control testing documentation - Collaborating with IC&A to strengthen internal controls, mitigate risks, and support the business in achieving objectives - Building partnerships with various departments and constantly seeking improvements in processes and controls - Participating in recruitment and onboarding processes for new team members The ideal candidate for this role will possess: - 5-8 years of experience in IT compliance, internal controls, internal/external audit, with experience leading teams in an international setting - Strong background in regulatory compliance audits (including SOx) and internal control testing - Experience in designing and testing IT general controls and IT automated application controls - Knowledge of interface controls, Continuous Control Monitoring (CCM), and risk management frameworks like SOx, COSO, NIST, COBIT - Strong stakeholder management and project management skills - Ability to multitask, manage priorities effectively, and make decisions independently - Professional certification such as CISA/CRISC and a relevant Bachelor's degree - Experience in auditing SAP or other ERPs, IT controls in a cloud-native environment, and reviewing source code in languages like Python, Java, C++, SQL - Experience in technology-based product development, DevOps processes, and cloud audit would be advantageous If selected for this position, your personal data may be subject to pre-employment screening checks as permitted by applicable law, including employment history, education, and other necessary information to assess your qualifications and suitability for the role.,

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech – Senior (IT audit – General skills) Key Responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

As a Security Lead at Big Data Exchange (BDX), you will play a crucial role in providing security incident response and readiness within a 24x7 Security Operations Centre supporting the IT Infrastructure and Operations team. Your responsibilities will include managing security incidents, responding to operational incidents, coordinating incident responses, and developing incident response playbooks and procedures. You will be responsible for supporting global vulnerability management processes, conducting regular vulnerability assessments, collaborating with IT teams to implement security patches, and validating updates. Additionally, you will manage the Total Cost of Ownership for security solutions, operate various security tools such as HIDS, NIDS, IPS, analysers, and scanners, and monitor and analyze security tools to identify threats and vulnerabilities. Your role will involve assisting in the identification and evaluation of security threats and vulnerabilities, conducting in-depth analysis of security events, and providing recommendations for mitigation and remediation solutions. You will also be required to participate in industry cyber forums, support audits and reviews, and stay updated on developments in the information security industry. To excel in this role, you should have a proven track record in managing technical resources, relevant information security experience, solid knowledge of cloud technologies, and familiarity with cloud security architecture and operations. You must also possess experience with SecDevOps principles, Security Automation and Orchestration, and industry best-practice approaches to IT systems design and management. Strong communication skills, both written and verbal, are essential for effectively communicating with senior management and technical/non-technical audiences. A relevant University degree in Computer Science, Information Management, or a related field, or equivalent experience is a must. Additionally, holding certifications such as CISSP, CCSP, or other relevant cyber security certifications is advantageous. For this role, essential competencies and behavioral skills include a Bachelor's degree in computer science, at least 10 years of relevant experience in cyber security, knowledge of information technology operation, cyber security assessment, cyber security products, and market best practices and frameworks. Certification in cyber security and project management is desirable for this position. Big Data Exchange (BDX) offers a dynamic environment where you can contribute to the security operations and incident response functions while staying abreast of the latest developments in the information security industry. Join us in our mission to provide mission-critical infrastructure for Enterprise IT workloads and support digital transformations and sustainability.,

Position Title Compliance Lead Panchkula, India - Date Posted July 22, 2025 Description Were hiring a skilled Compliance Lead to join our Information Security Group (ISG) at Grazitti Interactive. In this high-impact role, youll spearhead Governance, Risk, and Compliance (GRC) initiatives, drive external audit processes, develop compliance frameworks, and ensure organizational alignment with key regulatory standards. If you have a solid background in risk management, policy development, and IT audit readinesswith a deep understanding of frameworks like ISO27001, COBIT, and NISTthis is your opportunity to lead and create tangible impact. Skills Key Skills 8 years in GRC, compliance, or IT risk management. Bachelors degree in a relevant field; CISA, CISSP, or CISM preferred. Hands-on experience with ISO27001/2, ISO31000, NIST, COBIT, COSO, ITIL. Knowledge of GDPR, HIPAA, CCPA, ITGC, and SOX compliance. Strong understanding of internal controls and security policies. Experience in external/internal audits and incident response planning. Excellent communication and stakeholder management skills. Process-oriented with strong documentation and analytical capabilities. Responsibilities Roles And Responsibilities Design and execute enterprise-wide GRC strategies. Ensure compliance with GDPR, HIPAA, ISO, and other global standards. Lead documentation efforts for SOX controls and ITGCs. Collaborate with legal teams to interpret regulations. Act as the primary contact for external auditors. Lead planning, documentation, and closure of compliance audits. Conduct in-depth risk assessments and advise mitigation strategies. Maintain up-to-date risk registers and track remediation actions. Draft and implement information security policies. Establish and enforce internal controls for IT and SaaS environments. Apply COSO, COBIT, and ITIL best practices for governance. Review control effectiveness through regular audits. Design incident response plans and lead resolution efforts. Build awareness programs and train teams on compliance best practices. Drive a culture of compliance and operational integrity. Communicate risk and compliance posture to executive leadership. Document and maintain audit trails for transparency. Position: Compliance Lead Name * E-mail * Phone * CV & Documents * Add file Required fields Phone Thank you for submitting your application. We will contact you shortly! Contacts Email: careers@grazitti.com Address HSIIDC Technology Park, Plot No 19, Sector 22, 134104, Panchkula, Haryana, India

35534BR Bangalore Job Description Compliance Analyst Responsibilities Conduct quality review of control evidence and other testing documentation of peers. Continually evaluate the need for enhancements to the monitoring program and partner with internal and external audit to coordinate efforts where possible. Evaluate the effectiveness of controls in place to mitigate identified risk; review evidence, document testing results in a comprehensive and organized manner; develop recommendations to correct deficiencies and provide ideas for process improvements. Maintain a strong working knowledge of compliance regulatory requirements applicable to the assigned areas of the review. Coordinate with both External and Internal Audit, Legal, Compliance, etc., to ensure compliance with Gannett cyber policies, and ITGC security protocols. Maintain an up-to-date knowledge of regulatory requirements, IT systems, and IT protocols. Identify automation opportunities to streamline processes. Required Skills and Experience Bachelor’s degree in information technology, computer science or related field. Minimum of 3-5 years of experience in a related field. Understanding of IT General Controls, Application Controls, IT Infrastructure, programs, networks and databases. Demonstrated understanding of IT control processes including but not limited to information security, access controls and IT operations. Experience with regulatory frameworks impacting technology assets (i.e. SOX, PCI, HIPAA, etc.). Experience with financial systems and controls. Experience implementing automation tools. Technical control testing proficiency. Preferred Experience with COBIT Framework Current professional certification (CISA, CISM, CRISC) Big 4 audit experience Qualifications Bachelor's Degree Range of Year Experience-Min Year 4 Range of Year Experience-Max Year 8

FS - Amid comprehensive regulatory change, today’s financial services institutions are focusing on digital transformation, convergence and disruption from an array of non-traditional competitors — all while meeting greater demands for trust and transparency. To address this delicate balance of issues, our proficient team of business strategists, technologists and industry leaders bring fresh thinking and sector knowledge across banking and capital markets, insurance, and wealth and asset management. The results are seamless collaboration, innovative problem solving, breakthrough performance gains and sustainable value creation. We recruit, train and foster a diverse set of people who give their minds to building the future of financial services. Together, we explore new perspectives with innovative and innovative thinking to deliver exceptional client service and ensure that what we do today, counts for tomorrow. Technology Risk - helps clients to achieve sustainable growth by supporting their efforts to protect their business performance and by providing trusted communications on internal control and regulatory compliance to investors, management, regulators, customers and other stakeholders. EY teams accomplish this by assessing the technology risks that are introduced to businesses. The opportunity As a Consultant within the India’s Financial Services Technology Risk team, you will serve as a team member responsible for executing client related engagements in the areas of Technology risk and controls, IT governance, risk & compliance (GRC), IT Audits, IT process reviews, standard operating procedures, and other Technology Risk Services related solutions. Your Key Responsibilities Operate as an on-field team-member to assist leadership in employing proper information systems, resources, and controls to build solutions to maximize efficiencies and minimize risk. You can expect to work with client personnel to analyse, evaluate, and enhance information systems facilitating the business internal control process, and will assist clients and other Technology Risk professionals in performing information technology control and security engagements. Demonstrate in-depth technical capabilities and professional knowledge. Provide high quality client service, working directly with onshore and/or client teams to understand and evaluate client's IT environment and controls. Execution on client engagements - Ensure quality delivery as per client requirements. Actively establish, maintain and strengthen relationships with other team members. You'll need to report any identified risks within engagements and share any issues and updates with senior members of the team Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress. Anticipate and identify engagement related risks and escalate issues as appropriate. Actively establish & strengthen client (functional heads & key influencers) and internal relationships. Assist seniors & managers in developing new methodologies and internal initiatives. Identify & communicate potential business opportunities for the firm on existing client engagements Review of working papers & client folders. Suggest ideas on improving engagement productivity and identify opportunities for improving client service. Identify areas requiring improvement in the client's business processes to enable preparation of recommendations. Identify & internally escalate and potential red flags related to the engagement. Demonstrate industry expertise (detailed understanding of the industry, trends, issues/challenges and leading practices). Preparation of reports/deliverables/status updates/audit committee presentations. Demonstrate ability of multi-task and manage multiple projects as directed by the managers. Ensure compliance with engagement plans and internal quality & risk management procedures. Awareness of Tech Risk/ Information security concepts and apply them on day-to-day business Demonstrate an application & solution-based approach to problem solving technique. Manage the engagement budgets and support superiors in developing marketing collaterals, business proposals and new solution / methodology development. Attention to detail and mentor young interns and analysts within the practice. Contribute to knowledge management sessions within the practice. What Are We Looking For A minimum of 4-6 years of experience Technology Risk Consulting, preferably from a public accounting firm or a professional services firm Bachelor/ master’s degree in computer science, Information Technology, Information Security or a related discipline, or equivalent work experience. have prior work experience in the areas of IT Application controls, Automated business controls, IT General controls, IT audit and other technology risk and controls areas. Knowledge of IT systems, operating system, databases, mainframe and other technologies Knowledge of application development lifecycle such as DevOps, Agile methodologies Skilled in programming languages and SQL Proactive, self-starter, enthusiastic Adapt to different environment and enthusiastic Relevant consulting or industry experience, preferably in a professional services environment or MNC Excellent written and verbal communication, interpersonal, networking, teaming and problem-solving skills. Initiative in keeping abreast of changing industry practices, analysis and design methods, tools and techniques and emerging technologies. Familiarity with leading industry standards and frameworks such as SSAE 16/ISAE 3402, ISO/IEC 27001, COBIT, ITIL, COSO etc What we look for People with the ability to work in a collaborative manner to provide services across multiple client departments while following the commercial and legal requirements. You will need a practical approach to solving issues and complex problems with the ability to deliver insightful and practical solutions. We look for people who are agile, curious, mindful and able to sustain postivie energy, while being adaptable and creative in their approach. What we offer EY has become the strongest brand and the most attractive employer in our field, with market-leading growth over compete. Our people work side-by-side with market-leading entrepreneurs, game- changers, disruptors and visionaries. As an organisation, we are investing more time, technology and money, than ever before in skills and learning for our people. At EY, you will have a personalized Career Journey and also the chance to tap into the resources of our career frameworks to better know about your roles, skills and opportunities. EY is equally committed to being an inclusive employer and we strive to achieve the right balance for our people - enabling us to deliver excellent client service whilst allowing our people to build their career as well as focus on their wellbeing. If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible. Join us in building a better working world. Apply now.

FS - Amid comprehensive regulatory change, today’s financial services institutions are focusing on digital transformation, convergence and disruption from an array of non-traditional competitors — all while meeting greater demands for trust and transparency. To address this delicate balance of issues, our proficient team of business strategists, technologists and industry leaders bring fresh thinking and sector knowledge across banking and capital markets, insurance, and wealth and asset management. The results are seamless collaboration, innovative problem solving, breakthrough performance gains and sustainable value creation. We recruit, train and foster a diverse set of people who give their minds to building the future of financial services. Together, we explore new perspectives with innovative and innovative thinking to deliver exceptional client service and ensure that what we do today, counts for tomorrow. Technology Risk - helps clients to achieve sustainable growth by supporting their efforts to protect their business performance and by providing trusted communications on internal control and regulatory compliance to investors, management, regulators, customers and other stakeholders. EY teams accomplish this by assessing the technology risks that are introduced to businesses. The opportunity As a Manager within the India’s Financial Services Technology Risk team, you will serve as a team member responsible for executing client related engagements in the areas of Technology risk and controls, IT governance, risk & compliance (GRC), IT Audits, IT process reviews, standard operating procedures, and other Technology Risk Services related solutions. Your Key Responsibilities Operate as an on-field team-member to assist leadership in employing proper information systems, resources, and controls to build solutions to maximize efficiencies and minimize risk. You can expect to work with client personnel to analyse, evaluate, and enhance information systems facilitating the business internal control process, and will assist clients and other Technology Risk professionals in performing information technology control and security engagements. Demonstrate in-depth technical capabilities and professional knowledge. Provide high quality client service, working directly with onshore and/or client teams to understand and evaluate client's IT environment and controls. Execution on client engagements - Ensure quality delivery as per client requirements. Actively establish, maintain and strengthen relationships with other team members. You'll need to report any identified risks within engagements and share any issues and updates with senior members of the team Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress. Anticipate and identify engagement related risks and escalate issues as appropriate. Actively establish & strengthen client (functional heads & key influencers) and internal relationships. Assist seniors & managers in developing new methodologies and internal initiatives. Identify & communicate potential business opportunities for the firm on existing client engagements Review of working papers & client folders. Suggest ideas on improving engagement productivity and identify opportunities for improving client service. Identify areas requiring improvement in the client's business processes to enable preparation of recommendations. Identify & internally escalate and potential red flags related to the engagement. Demonstrate industry expertise (detailed understanding of the industry, trends, issues/challenges and leading practices). Preparation of reports/deliverables/status updates/audit committee presentations. Demonstrate ability of multi-task and manage multiple projects as directed by the managers. Ensure compliance with engagement plans and internal quality & risk management procedures. Awareness of Tech Risk/ Information security concepts and apply them on day-to-day business Demonstrate an application & solution-based approach to problem solving technique. Manage the engagement budgets and support superiors in developing marketing collaterals, business proposals and new solution / methodology development. Attention to detail and mentor young interns and analysts within the practice. Contribute to knowledge management sessions within the practice. What Are We Looking For A minimum of 6-8 years of experience Technology Risk Consulting, preferably from a public accounting firm or a professional services firm Bachelor/ master’s degree in computer science, Information Technology, Information Security or a related discipline, or equivalent work experience. have prior work experience in the areas of IT Application controls, Automated business controls, IT General controls, IT audit and other technology risk and controls areas. Knowledge of IT systems, operating system, databases, mainframe and other technologies Knowledge of application development lifecycle such as DevOps, Agile methodologies Skilled in programming languages and SQL Proactive, self-starter, enthusiastic Adapt to different environment and enthusiastic Relevant consulting or industry experience, preferably in a professional services environment or MNC Excellent written and verbal communication, interpersonal, networking, teaming and problem-solving skills. Initiative in keeping abreast of changing industry practices, analysis and design methods, tools and techniques and emerging technologies. Familiarity with leading industry standards and frameworks such as SSAE 16/ISAE 3402, ISO/IEC 27001, COBIT, ITIL, COSO etc EY has become the strongest brand and the most attractive employer in our field, with market-leading growth over compete. Our people work side-by-side with market-leading entrepreneurs, game- changers, disruptors and visionaries. As an organisation, we are investing more time, technology and money, than ever before in skills and learning for our people. At EY, you will have a personalized Career Journey and also the chance to tap into the resources of our career frameworks to better know about your roles, skills and opportunities. EY is equally committed to being an inclusive employer and we strive to achieve the right balance for our people - enabling us to deliver excellent client service whilst allowing our people to build their career as well as focus on their wellbeing. If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible. Join us in building a better working world. Apply now.

Jul 23, 2025 Location: Mumbai Designation: Manager Entity: Deloitte Touche Tohmatsu India LLP Your potential, unleashed. India s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Cyber is about much more than just the numbers. It s about attesting to accomplishments and challenges and helping to assure strong foundations for future aspirations. Deloitte exemplifies the what, how, and why of change so you re always ready to act ahead. Your work profile As a Manager in our Cyber Strategy & Transformation Team you ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. Our services help our clients tackle the many security challenges they face daily and develop effective solutions using people, processes and technology, while enabling better security and risk decisions, and reducing costs related to managing security risks. Desired qualifications Oversee assessments of cybersecurity risk management frameworks, evaluating the effectiveness of security controls aligned with standards such as NIST, ISO 27001, ITIL, COBIT, CIS, and regulatory requirements (RBI, NPCI, SEBI, PCI-DSS, IRDAI, and others,) depending on the industry. In-depth knowledge in IT audits of systems, applications, databases, networks and other cybersecurity tools (DLP, SIEM, VPN, XDR, PIM, etc) Strong knowledge of cloud infrastructure (SAAS/PAAS/IAAS), cloud service providers (AWS, Azure, GCP) and frameworks such as CSA Cloud Controls Matrix (CCM), Well-Architecture Review (WAR). Lead IT Audit activities such as plan, manage, and execute risk-based audit reviews, focusing on areas such as cybersecurity, IT general controls (ITGC), Compliance Audits, application controls, and IT infrastructure. Proven experience in Control Testing & Evaluation on IT governance, cybersecurity best practices, IT risk management strategies, cybersecurity risk assessments and advising on remediation, documentations (RCM, Workpapers, Audit Reporting). Provide advisory services to senior management on emerging technologies, cybersecurity threats, IT governance, and regulatory changes, as well as insights on best practices for IT and cybersecurity risk management. Strong team leadership experience to manage, mentor, and develop a team of IT auditors, ensuring the team remains current on emerging IT and cybersecurity risks and audit methodologies. Strong communication skills, with the ability to convey complex IT audit and cybersecurity concepts to non-technical stakeholders. 9+ years of experience in IT Audit, Cybersecurity, or Risk Management, with at least 2 years in a leadership or management role. Certifications CISSP, CISA, CCSP, GICSP or equivalent (technology-based certification) Location and way of working Base location: Mumbai This profile involves frequent travelling to client locations. Hybrid is our default way of working. Each domain has customized the hybrid approach to their unique needs. Your role as a Manager We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose,Manager across our organization must strive to be: Inspiring - Leading with integrity to build inclusion and motivation. Committed to creating purpose - Creating a sense of vision and purpose. Agile - Achieving high-quality results through collaboration and Team unity. Skilled at building diverse capability - Developing diverse capabilities for the future. Persuasive / Influencing - Persuading and influencing stakeholders. Collaborating - Partnering to build new solutions. Delivering value - Showing commercial acumen Committed to expanding business - Leveraging new business opportunities. Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization. Effective communication Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities. Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s) Managing change - Responding to changing environment with resilience Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems. Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte. Empathetic leadership and inclusivity - creating a safe and thriving environment where everyones valued for who they are, use empathy to understand others to adapt our behaviors and attitudes to become more inclusive. How you ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report . Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognize there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone s welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https: / / www2.deloitte.com / in / en / careers /

Compliance Lead Job | GRC & Audit Expert Grazitti By continuing to use our website, you consent to the use of cookies. Please refer our Join Our Clan Description Job Description We re hiring a skilled Compliance Lead to join our Information Security Group (ISG) at Grazitti Interactive. In this high-impact role, you ll spearhead Governance, Risk, and Compliance (GRC) initiatives, drive external audit processes, develop compliance frameworks, and ensure organizational alignment with key regulatory standards. If you have a solid background in risk management, policy development, and IT audit readiness with a deep understanding of frameworks like ISO27001, COBIT, and NIST this is your opportunity to lead and create tangible impact. Skills Key Skills 8+ years in GRC, compliance, or IT risk management. Bachelor s degree in a relevant field; CISA, CISSP, or CISM preferred. Hands-on experience with ISO27001/2, ISO31000, NIST, COBIT, COSO, ITIL. Knowledge of GDPR, HIPAA, CCPA, ITGC, and SOX compliance. Strong understanding of internal controls and security policies. Experience in external/internal audits and incident response planning. Excellent communication and stakeholder management skills. Process-oriented with strong documentation and analytical capabilities. Responsibilities Roles and Responsibilities Design and execute enterprise-wide GRC strategies. Ensure compliance with GDPR, HIPAA, ISO, and other global standards. Lead documentation efforts for SOX controls and ITGCs. Collaborate with legal teams to interpret regulations. Act as the primary contact for external auditors. Lead planning, documentation, and closure of compliance audits. Conduct in-depth risk assessments and advise mitigation strategies. Maintain up-to-date risk registers and track remediation actions. Draft and implement information security policies. Establish and enforce internal controls for IT and SaaS environments. Apply COSO, COBIT, and ITIL best practices for governance. Review control effectiveness through regular audits. Design incident response plans and lead resolution efforts. Build awareness programs and train teams on compliance best practices. Drive a culture of compliance and operational integrity. Communicate risk and compliance posture to executive leadership. Document and maintain audit trails for transparency. Position: Compliance Lead Thank you for submitting your application. We will contact you shortly! Stay updated with us Life at Grazitti Share Your Profile We are always looking for the best talent to join our team * Skills Upload Your CV Thank you for sharing your profile with us. If it aligns with our requirements, we will reach out to you for the next steps in the process. Marketo Forms 2 Cross Domain request proxy frame This page is used by Marketo Forms 2 to proxy cross domain AJAX requests.

Morgan Stanley Technology Risk Management (Control Testing) _Vice President_ Risk & Resiliency Management Profile Description We're seeking someone to join our CDRR team as a Vice President in Firm Resilience function. The Review Lead is a leading role within ITCT accountable for planning, executing, and reporting control testing reviews which must stand up to high-quality expectations, as well as project management of control testing reviews from start to finish CDRR_Technology The Cybersecurity organization's mission is to create an agile, adaptable organization with the skills and expertise needed to defend against increasingly sophisticated adversaries. This will be achieved by maintaining sound capabilities to identify and protect our assets, proactively assessing threats and vulnerabilities and detecting events, ensuring resiliency through our ability to respond to and recover from incidents and building awareness and increase vigilance while continually developing our cyber workforce. Firm Resilience Firm Resilience leads and coordinates initiatives to proactively prepare the Firm to be resilient against operational threats as well as identify and manage material operational risk. Risk & Resiliency Management This is Associate position that Identifies, assesses, and mitigates risks to ensure operational continuity and resilience in the face of potential threats or disruptions that could impact the organization, plus management of ongoing incidents. Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals. At Morgan Stanley India, we support the Firm’s global businesses, with critical presence across Institutional Securities, Wealth Management, and Investment management, as well as in the Firm’s infrastructure functions of Technology, Operations, Finance, Risk Management, Legal and Corporate & Enterprise Services. Morgan Stanley has been rooted in India since 1993, with campuses in both Mumbai and Bengaluru. We empower our multi-faceted and talented teams to advance their careers and make a global impact on the business. For those who show passion and grit in their work, there’s ample opportunity to move across the businesses for those who show passion and grit in their work. Interested in joining a team that’s eager to create, innovate and make an impact on the world? Read on… What You'll Do In The Role The InfoSec, Technology, and Cybersecurity (ITCT) program assesses Firmwide control compliance with the Global Technology Policy, InfoSec Policy, and Cybersecurity Policy, as well as control testing and validation activities, as agreed with management, in relation to emerging risks, regulatory remediation, and findings from other assessments. Planning Reviews Define the scope of controls for each review depending on regulatory commitments and mandate requirements. Schedule and lead kick-off meetings with PCOs and Risk Officers to review scope, timeline, and approach. Executing Reviews Review evidence request lists developed by Control Testers prior to submission to control contacts. Support Control Testers by being available to help them review unclear evidence and make decisions on acceptable evidence as the testing evolves. Reporting Review Results and Managing Risk Issues Present potential risk issues to control contacts and/or PCOs soon as possible. Review draft issue descriptions and risk ratings for potential issues drafted by Control Testers. Project Management Of Reviews Complete responsibilities described above in line with milestone dates and regulatory commitments. Regularly provide the wider ITCT team and Global Head with status updates on ongoing activities, What You'll Bring To The Role 10 + years of career experience & Working knowledge of key Technology, Information Security, and Cybersecurity concepts (e.g., data security, identity and access management, network security, change management, etc.) Understanding of relevant regulations and industry standards (e.g., ISO 27001, COBIT, NIST, etc.) including principles and key concepts related to risk assessment, controls, and testing. Working knowledge of technology applications and infrastructure (e.g., server, network, platform desktop environment) and ability to identify risk and controls. Ability to employ process-based thinking to effectively obtain, analyze, and interpret information, identify root causes of problems, and draw logical conclusions. Excellent written and verbal communication skills. Good organizational skills with diligence and ability to manage multiple priorities. Proficient use of Microsoft Excel and other Microsoft Office products What You Can Expect From Morgan Stanley We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 89 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work. To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices into your browser. Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.

FS - Amid comprehensive regulatory change, today’s financial services institutions are focusing on digital transformation, convergence and disruption from an array of non-traditional competitors — all while meeting greater demands for trust and transparency. To address this delicate balance of issues, our proficient team of business strategists, technologists and industry leaders bring fresh thinking and sector knowledge across banking and capital markets, insurance, and wealth and asset management. The results are seamless collaboration, innovative problem solving, breakthrough performance gains and sustainable value creation. We recruit, train and foster a diverse set of people who give their minds to building the future of financial services. Together, we explore new perspectives with innovative and innovative thinking to deliver exceptional client service and ensure that what we do today, counts for tomorrow. Technology Risk - helps clients to achieve sustainable growth by supporting their efforts to protect their business performance and by providing trusted communications on internal control and regulatory compliance to investors, management, regulators, customers and other stakeholders. EY teams accomplish this by assessing the technology risks that are introduced to businesses. The opportunity As a Manager within the India’s Financial Services Technology Risk team, you will serve as a team member responsible for executing client related engagements in the areas of Technology risk and controls, IT governance, risk & compliance (GRC), IT Audits, IT process reviews, standard operating procedures, and other Technology Risk Services related solutions. Your Key Responsibilities Operate as an on-field team-member to assist leadership in employing proper information systems, resources, and controls to build solutions to maximize efficiencies and minimize risk. You can expect to work with client personnel to analyse, evaluate, and enhance information systems facilitating the business internal control process, and will assist clients and other Technology Risk professionals in performing information technology control and security engagements. Demonstrate in-depth technical capabilities and professional knowledge. Provide high quality client service, working directly with onshore and/or client teams to understand and evaluate client's IT environment and controls. Execution on client engagements - Ensure quality delivery as per client requirements. Actively establish, maintain and strengthen relationships with other team members. You'll need to report any identified risks within engagements and share any issues and updates with senior members of the team Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress. Anticipate and identify engagement related risks and escalate issues as appropriate. Actively establish & strengthen client (functional heads & key influencers) and internal relationships. Assist seniors & managers in developing new methodologies and internal initiatives. Identify & communicate potential business opportunities for the firm on existing client engagements Review of working papers & client folders. Suggest ideas on improving engagement productivity and identify opportunities for improving client service. Identify areas requiring improvement in the client's business processes to enable preparation of recommendations. Identify & internally escalate and potential red flags related to the engagement. Demonstrate industry expertise (detailed understanding of the industry, trends, issues/challenges and leading practices). Preparation of reports/deliverables/status updates/audit committee presentations. Demonstrate ability of multi-task and manage multiple projects as directed by the managers. Ensure compliance with engagement plans and internal quality & risk management procedures. Awareness of Tech Risk/ Information security concepts and apply them on day-to-day business Demonstrate an application & solution-based approach to problem solving technique. Manage the engagement budgets and support superiors in developing marketing collaterals, business proposals and new solution / methodology development. Attention to detail and mentor young interns and analysts within the practice. Contribute to knowledge management sessions within the practice. What Are We Looking For A minimum of 6-8 years of experience Technology Risk Consulting, preferably from a public accounting firm or a professional services firm Bachelor/ master’s degree in computer science, Information Technology, Information Security or a related discipline, or equivalent work experience. have prior work experience in the areas of IT Application controls, Automated business controls, IT General controls, IT audit and other technology risk and controls areas. Knowledge of IT systems, operating system, databases, mainframe and other technologies Knowledge of application development lifecycle such as DevOps, Agile methodologies Skilled in programming languages and SQL Proactive, self-starter, enthusiastic Adapt to different environment and enthusiastic Relevant consulting or industry experience, preferably in a professional services environment or MNC Excellent written and verbal communication, interpersonal, networking, teaming and problem-solving skills. Initiative in keeping abreast of changing industry practices, analysis and design methods, tools and techniques and emerging technologies. Familiarity with leading industry standards and frameworks such as SSAE 16/ISAE 3402, ISO/IEC 27001, COBIT, ITIL, COSO etc EY has become the strongest brand and the most attractive employer in our field, with market-leading growth over compete. Our people work side-by-side with market-leading entrepreneurs, game- changers, disruptors and visionaries. As an organisation, we are investing more time, technology and money, than ever before in skills and learning for our people. At EY, you will have a personalized Career Journey and also the chance to tap into the resources of our career frameworks to better know about your roles, skills and opportunities. EY is equally committed to being an inclusive employer and we strive to achieve the right balance for our people - enabling us to deliver excellent client service whilst allowing our people to build their career as well as focus on their wellbeing. If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible. Join us in building a better working world. Apply now.

Technical Architect – Hybrid Infrastructure, Cloud & Security As enterprises operate in hybrid environments—balancing legacy systems with public cloud adoption—the need for a security-aware infrastructure architect has become mission-critical. This role ensures that architectural decisions are secure by design, scalable, and compliant across on-prem, cloud, and emerging AI-driven ecosystems. The position exists to enable governed transformation while aligning IT infrastructure and cloud strategies with enterprise risk posture, regulatory compliance, and AI/GenAI governance principles. Reporting Line Reports To: AVP – Global IT Security and Compliance Works Closely With: Cloud Engineering, Infrastructure Operations, Cybersecurity, Compliance, Enterprise Architecture, and Data Governance Teams What We Are Looking For We are looking for a strategic Technical Architect with a deep understanding (hands-on not mandatory) of: - Hybrid infrastructure design principles (on-prem and cloud) - Cybersecurity best practices (Zero Trust, segmentation, data protection) - Enterprise governance frameworks (TOGAF, COBIT) - AI/ML platform governance, including GenAI tool oversight, risk assessment, and policy alignment The ideal candidate should be able to evaluate, influence, and architect platforms that align with the organization's security, compliance, and digital transformation goals. Technical & Governance Focus Areas - Cloud Architecture (Azure/AWS/GCP): Understanding of services, architectural patterns, IAM, encryption, and secure connectivity - Infrastructure Design: DC/DR, segmentation, SD-WAN, perimeter design, and HA models - Cybersecurity Alignment: Security zones, threat modeling, CSPM, CNAPP, and DLP strategies - DevOps & Automation Governance: IaC awareness, CI/CD pipeline oversight, policy-as-code understanding - AI/ML & GenAI Governance: - Familiarity with model lifecycle management, data privacy, auditability, and usage control - Alignment to ISO 42001, NIST AI RMF, and enterprise AI/GenAI policy frameworks Governance & Framework Alignment - Strong knowledge of TOGAF, COBIT, ISO 27001, and risk-driven architecture - Participates in Architecture Review Boards, Cloud Governance Councils, and AI oversight groups - Aligns with DSPM, Cloud Compliance Posture, and Zero Trust strategies Preferred Certifications - Cloud: Azure Solutions Architect, AWS SA-Professional, or GCP Architect - Architecture: TOGAF Certified, COBIT 2019 Foundation - Security: CISSP, CCSP (preferred) - AI Governance (Nice to Have): Familiarity with ISO 42001, NIST AI RMF Expanded Cybersecurity Alignment (Updated with OWASP) - Zero Trust and Segmentation: Familiarity with secure network and identity architecture patterns - Data Protection Lifecycle: Understanding of encryption, tokenization, DLP, and secure access - Threat Modeling: Awareness of techniques such as STRIDE, DREAD, and OWASP Top 10 risks, especially relevant for APIs, cloud-native apps, and AI-driven interfaces - API and Web Security: Ensures compliance with OWASP API Security Top 10 and Secure Coding Guidelines - Collaborates with AppSec teams to embed secure architecture practices into CI/CD pipelines AI/ML & GenAI Governance (Extended) - Ensures that GenAI tools and APIs adhere to secure integration principles, including OWASP AI Security & Privacy Guidelines - Participates in defining secure usage boundaries, input sanitization, and output validation frameworks - Collaborates with data scientists and ML engineers to map AI flows to threat models and control objectives Qualifications [Some qualifications you may want to include are Skills, Education, Experience, or Certifications.] Example: Excellent verbal and written communication skills

Identify and evaluate clients risk areas covering all significant processes and provide comprehensive input to the development of a risk-based annual internal audit plan. Supervise a team of internal audit personnel across different client engagements. Plan, organize, direct and monitor internal audit operations, including overall quality of deliverables, processes and completion of projects within budgeted timeline. Oversee billing and collections. Develop relevant audit programs & procedures including Risk & Control Matrix (RCM). Manage performance of audit procedures. This includes identifying and defining issues, developing criteria, reviewing and analyzing evidence, and documenting client processes and procedures. Demonstrate technical competence in related domain. Communicate the results of assignments through written reports and oral presentations on a timely basis to engagement director as well as client management. Assist engagement director with identification for any new firm services at existing or new clients. Prepare & track proposals and conduct proposal meetings with clients. Develop and engage team through individual contacts and group meetings. Assist with hiring, training, and evaluation of staff and take effective actions to address performance matters. Desired profile Strong relevant business practice management experience in a related field (Business Risk), preferably in professional services and/or industry. Qualified Chartered Accountant or an MBA from a premium business school Understanding of business processes and internal control concepts (COSO, COBIT); knowledge of process gaps identification and auditing methodologies (including flowcharting), IT Infrastructure, Sarbanes-Oxley Act provisions and methodologies for achieving compliance Proficient in Microsoft Office suite applications Key Personal Attributes Ability to think laterally, showcase business acumen and well versed in current trends and developments across business & economy A good blend of creative thinking and rigorous analysis in solving business problems Demonstrated excellent leadership and interpersonal skills. Excellent project management and client relationship skills. Proven business development skills. Must be able to maintain a professional demeanor in times of high stress. Must work well in a team-oriented environment as well as independently. Prior management and direct supervisory experience in a team environment required. Demonstrated mentoring and people development skills Excellent communication and presentation skills. Excellent time management skills. Must have ability to multi-task. Ability to travel as necessary to meet client needs

Experience: 8-15 years Designation: Manager – Information Security Location: Gift City, Gandhinagar, Gujarat Qualifications: B.E or Equivalent graduation Excellent Spoken and Written communication in English and Gujarati Knowledge / Experience of Market Infrastructure Institutions would be preferred. Working in Gandhinagar Reports to: Chief Technology Officer Primary Responsibilities: Security Planning: Develop and implement a comprehensive security strategy to protect the company’s information assets and infrastructure. Risk Management: Identify, assess, and mitigate risks related to information security, ensuring the company’s resilience against cyber threats. Regulatory Compliance: Ensure compliance with relevant Market Infrastructure Institutions (MII) (SEBI & IFSCA) regulations, standards & Frameworks like Data Protection, PII, ISO 27001, NIST, COBIT and industry-specific guidelines. Security Incident Management & Response: Lead the response to security incidents, including investigation, containment, and remediation efforts. Security Policies and Procedures: Establish and enforce security policies, standards, and procedures to maintain a robust security posture. Developing Security Policies: Create and implement security policies, standards, and procedures to protect the organization’s data and systems.  Risk Management: Conduct regular risk assessments and vulnerability analyses to identify and mitigate potential security threats. Security Audits: Coordinate and perform security audits and assessments to ensure up to date Information & Technology security posture, compliance with relevant laws, regulations, and standards. Perform Internal Information security assessment & audits of the company and Perform company’s participants Information security assessment & audits. Employee Training: Train and educate employees on information security best practices and promote a culture of security awareness. Collaboration: Work with Information Technology, Application development and other departments to enhance security measures and ensure alignment with business objectives. Work closely with CTO, to align security initiatives with business objectives and regulatory requirements. Skills and Qualifications Educational Background: A degree in computer science, information technology, cybersecurity, or a related field. Professional certifications: Certifications like CISSP, CISM, CISA or other relevant cyber security professional certification is must. Experience: Extensive experience in information security, particularly within the MII/financial sector, typically 8+ years. Technical Proficiency: Deep understanding of security technologies, threat modelling, and risk management frameworks, policies & procedures. Knowledge of security frameworks like ISO 27001, NIST, or COBIT, and familiarity with security tools and technologies (e.g., firewalls, IDS/IPS, SIEM). Interpersonal skills: Project management skills, with the ability to work with cross functional teams. Communication, Presentation and writing: Excellent written and verbal communication skills to effectively convey security concepts to both technical and non-technical stakeholders. Draft / update security policies, procedures, training materials, security documentation Key Focus Areas Data Protection: Implement measures to protect sensitive business data from breaches and unauthorized access. Cyber Threat Intelligence: Stay updated on the latest cyber threats and trends and adapt security strategies accordingly. Business Continuity: Develop and maintain business continuity and disaster recovery plans to ensure operational resilience.

Job Description KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. Responsibilities Perform testing of IT Application Controls, IPE, and Interface Controls through code reviews, IT General Controls review covering areas such as Change Management, Access Management, Backup Management, Incident and Problem Management, SDLC, Data Migration, Batch Job scheduling/monitoring and Business Continuity and Disaster Recovery Perform Risk Assessment, identification, and Evaluation of Controls, prepare process flow diagrams and document the same in Risk & Control Matrix. Perform business process walkthrough and controls testing for IT Audits. Performing planning and executing audits, including - SOX, Internal Audits, External Audits Conducting controls assessment in manual/ automated environment Prepare/Review of Policies, Procedures, SOPs Maintain relationships with client management and the project Manager to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations. Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the work to be performed. Coordinate effectively and efficiently with the Engagement manager and the client management keeping both constantly updated regarding project’s progress. Collaborate with other members of the engagement team to plan the engagement and develop relevant workpapers/deliverables. Perform fieldwork and share the daily progress of fieldwork, informing supervisors of engagement status. Qualifications IT Audit + SAP experience with knowledge of IT governance practices Prior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Preferred Certifications – CISA/CISSP//CISM Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal Employment Opportunity Information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As a Risk consultant, you'll contribute technically to Risk Consulting client engagements and internal projects. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships. You'll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate. Similarly, you'll anticipate and identify risks within engagements and share any issues with senior members of the team. In line with EY's commitment to quality, you'll confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you'll help to create a positive learning culture, coach and counsel junior team members, and help them to develop. The opportunity We're looking for Senior Consultants to join the leadership group of our EY-Consulting Technology Risk Team. This is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your key responsibilities include: - Participating in IT Risk and Assurance engagements. - Working effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. - Helping prepare reports and schedules that will be delivered to clients and other parties. - Developing and maintaining productive working relationships with client personnel. - Managing reporting on assurance findings and ensuring control owners take remediation action as required. - Identifying, leading, and managing the continuous improvement of Internal Controls through the implementation of continuous control monitoring and automation. - Reviewing evidence of compliance for adherence to standards. - Understanding key domains of compliance controls, including change management, access to system, network and data, computer operations, and system development. - Staying current with and promoting awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise. - Understanding Control frameworks such as COSO, internal control principles, and related regulations including SOX and J-SOX. - Conducting performance reviews and contributing to performance feedback for staff. - Adhering to the Code of Conduct which sets the standards of behavior, actions, and decisions expected from EY's people. Skills and attributes for success include: - Experience in application controls and Information security experience. - Understanding of risk management systems and processes. - Ability to build relationships with key stakeholders across different levels of seniority. - Strong written and verbal communication skills. To qualify for the role, you must have: - Preferably a bachelor's degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA. - Minimum of 1-2 years of experience in internal controls and Internal Audit. - Enterprise risk services with a specific focus on IT and related industry standards. - IT Risk Assurance framework. - Control frameworks such as COSO, internal control principles, and related regulations including SOX and J-SOX. - Preferred security skills related to a broad range of operating systems, databases, or security tools such as UNIX, Linux, Windows 2000 and NT, firewalls, and IDS systems. - Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM. - Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT. - Experience of security testing methods and techniques including network, operating, and application system configuration review. - Application controls and security experience: sensitive access and SOD testing, controls testing. - Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. - Preferred Certifications: CISA. What we look for: We believe that you should own and shape your career. But we'll provide the support and opportunities to develop the skills, knowledge, and experience to succeed. The strength of our global network, combined with local empowerment and a relentless focus on winning in specific markets, means you'll interact and team with individuals from various geographies and sectors. So, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. What working at EY offers: At EY, we're dedicated to helping our clients, from startups to Fortune 500 companies, and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: - Support, coaching, and feedback from some of the most engaging colleagues around. - Opportunities to develop new skills and progress your career. - The freedom and flexibility to handle your role in a way that's right for you. EY | Building a better working world: EY exists to build a better working world, helping to create long-term value for clients, people, and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.,

Position Overview Job Title: PMO Risk Reduction and Service Owner for Key Vendors Corporate Title: VP Location: Pune, India Role Description The Project Manager – Risk reduction is responsible for leading risk and audit remediation initiatives for Hybrid Cloud Infrastructure division. This includes managing end to end delivery of risk mitigation plans, ensuring timely closure of audit findings and strengthening control environments. Strong project management, stakeholder engagement and risk oversight are key success to the role. The Service Owner (SO) is responsible for managing the entire lifecycle of third-party relationships within the organization. This role involves ensuring that all risk assessment tasks and activities are completed accurately and in a timely manner, overseeing the selection and screening of third parties, and ensuring compliance with regulatory requirements. The SO will work closely with various stakeholders to mitigate risks, manage subcontractors, and ensure continuous risk monitoring. What We’ll Offer You As part of our flexible scheme, here are just some of the benefits that you’ll enjoy, Best in class leave policy. Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your Key Responsibilities Project Manager – Risk Reduction : Promote risk awareness, encourage prioritization of risk remediation, process re-engineering and strategic risk management Provide processes for systematic, proactive, and forward-looking risk identification, risk assessment, monitoring, reporting and keeping GTI risk profile up to date Plan and execute thematic risk assessments and input into risk scenario testing and macro threat assessments Identify material remediation priorities for GTI and key cross divisional priorities impacting GTI (control / remediation book of work) Track project status, maintain action logs, and ensure documentation Be a catalyst and an enabler to the global leadership for achieving the objectives in line with changing regulatory and industry operating landscape and reducing risk against overall technology operations portfolio Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums Ensure alignment with internal risk frameworks and regulatory expectations. Service Owner Risk Assessment and Management: Complete risk assessments, ensure proper screening, and report third-party issues. Regulatory Compliance: Nominate Local Service Owners and ensure compliance with local regulatory requirements. Third-Party Selection and Screening: Select third parties, consider risk aspects, and review screening outputs. Control Assessments and Mitigation: Ensure third parties complete required tasks, develop continuity plans, and manage risk mitigation actions. Continuous Monitoring and Termination: Update risk assessments, perform post go-live controls, and execute termination strategies. Contracting and Payment: Complete risk assessments before service commencement, ensure contractual clauses are included, and execute risk process activities for contract renewals or amendments. Stakeholder Management – Identify, Partner, and Collaborate Establish relationship with external and internal Audit teams to ensure effective and robust challenge to finding and to establish smart management action plans. Partner with 2nd LoD functions within the bank to ensure alignment towards Group wide minimum control standards Collaborate closely and proactively with Divisional Control teams and Embedded Risk teams to manage the audit finding lifecycle Promote and support proactive IT/IS risk culture at the Bank Your Skills And Experience Overall experience in similar roles for 5-8 years in a global Bank withing Technology division or IT/IS audit Minimum 5 years of experience within Risk and Control domain steering technology risk framework / control implementation in a global organization Proven experience in Project management in Risk related programs, including managing vendor governance in a global organization Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 etc Deeper understanding of industry wide risk landscape and regulatory expectations Cloud Computing Technology (GCP, AWS, Azure etc.) certifications or similar domains Other professional qualifications and certifications in Technology risk management How We’ll Support You Training and development to help you excel in your career. Coaching and support from experts in your team. A culture of continuous learning to aid progression. A range of flexible benefits that you can tailor to suit your needs. About Us And Our Teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

The Specialist, Risk & Control (R&C) position at our Center of Excellence (CoE) involves supporting R&C in conducting SOx testing of IT Application controls and IT Dependent Manual Controls. Your primary responsibility will be to test internal controls to assist with SOX302 attestation. As a subject matter expert, you will provide guidance to the Risk team on controls design, deficiencies evaluation, and process improvements from a SOx testing perspective. Key responsibilities include: - Designing and executing daily testing activities of IT application controls and Business controls, focusing on regulatory/compliance (SOX) related risks - Analyzing information to assess and document testing outcomes clearly and concisely - Identifying design and execution gaps, and communicating issues and recommendations to the R&C team and control owners - Developing and maintaining comprehensive documentation, including process walkthroughs and control testing documentation - Collaborating with R&C to ensure critical SOx controls are well-designed and documented to strengthen the control environment and support business objectives - Contributing to continuous improvement of R&C capabilities and governance in SOX testing The ideal candidate for this role should possess: - Strong background in IT risk management and experience in performing ERP audits - At least 4 years of experience in IT compliance, internal controls, internal/external audit in an international setting - Proficiency in assessing design and operating effectiveness of IT automated process controls, IT dependent manual controls, and interface controls - Familiarity with technology-based product development, DevOps processes, cloud security, and modern technologies - Understanding of architecture such as SOA and microservices, with the ability to review source codes being an advantage - Knowledge of risk management fields and frameworks including SOx, COSO, and COBIT - Strong working knowledge of SOX requirements - Ability to manage multiple priorities, work independently, and collaborate effectively within a team - Proficiency in written and spoken English - Professional certification such as CISA, CRISC, or CIA would be beneficial - A relevant Bachelor's degree is required Pre-Employment Screening: If your application progresses, a third party may conduct pre-employment screening checks in accordance with applicable law. This may include verifying your employment history, education, and other relevant information to assess your qualifications and suitability for the position.,

Position Title: Sr. Compliance Analyst Location: Panchkula, India Posted on: April 30, 2024 Description We are looking for a highly-motivated Sr. Compliance Analyst with 3 years of experience to join our dynamic team. As an ideal candidate, you will support the IT team in the development of policies, processes and controls around SOX, SOC2 and other risk management activities. If you are detail-oriented and enjoy working on challenging projects, you could be a great fit for this role. Skills Key Skills Experience in working with both cloud and on-premise applications preferred. Bachelors degree in Information Systems, Accounting or a related discipline. CISA or equivalent Information Technology audit or security certifications are preferred. Working knowledge of information security and computer network, server, database technologies. Hands-on experience in COSO 2013, COBIT and ITIL frameworks preferred. Knowledge of GDPR, ISO27001/2, HIPAA and other regulations preferred. Proven ability to lead self in executing discrete tasks and developing compliance strategies to drive effective results. Self-starter who demonstrates initiative and displays a high energy level. Strong organizational, prioritization and process improvement skills. Effective verbal and written communication skills. Responsibilities Roles And Responsibilities Execute on our IT compliance plan to ensure an effective internal control environment for SOX, SOC 2 and other regulatory requirements. Develop and maintain ITGC process flows, procedural documentation and compliance strategies for key SOX applications in a complex SaaS environment. Educate the IT organization on governance, risk and controls/compliance concepts. Assist management in development and implementation of remediation plans related to IT controls and provide recommendations for improvements. Assist in developing policies and procedure documents based on ISO27001/2 standards. Support the management in identifying key technology risks, mitigation strategies and improvements to the business process. Support risk and control considerations related to IT relevant projects, including vendor evaluations, system implementations, newly scoped systems, UAT documentation, onboarding of applications to ITGC processes and initial testing of application controls, etc. Create and maintain internal control narratives, flowcharts, and risk matrices. Work closely with external parties for all matters related to IT, including IT issues related to SOC 1, SOC 2, SOX, and financial audits. Contacts Email: careers@grazitti.com Address: Plot No. 198, Industrial Area Phase II, 134113, Panchkula, Haryana, India