1022 Cobit Jobs - Page 7

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Control & Risk Assessment Leader Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust. Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value. The opportunity The Technology Assurance, Risk, and Policy (TARP) function within Information Security strives to create and promote a holistic Governance, Risk, and Compliance (GRC) program by creating a robust, resilient, and proactive governance framework, supported by a strategic risk management approach and stringent compliance structures. It aims to integrate and align its GRC initiatives in line with the global firm's objectives and emerging threats within the cybersecurity landscape. Furthermore, the Policy, Risk, and Controls (PRC) Enablement & Awareness team aims to establish policies and procedures that reflect the value we place on safeguarding our digital environment, while ensuring that these policies are effectively communicated and enforced across all levels of the organization. The Control & Risk Assessment team sits within PRC Enablement & Awareness and aims to directly enables the GRC program by designing control testing and risk assessment methodology to measure and quantify compliance to policies and control objectives. Your key responsibilities The Control & Risk Assessment Leader will be responsible for building and owning a control testing and risk assessment program, following the model for 1st line and 2nd line testing best-practice strategies, that routinely tests and assesses the effectiveness and efficiency of Information Security controls put in place to mitigate risks to determine if they are supporting the desired business outcomes. They will need to rank and prioritize Information Security and Information Technology controls based on their risk profiles and design testing plans, inclusive of testing procedures, which will be used to measure effectiveness while, simultaneously looking for opportunities to enhance and improve EY’s control landscape. In certain instances, they will need to plan and execute risk assessments to quantify assumptions over the risk profiles. The Control & Risk Assessment Leader is responsible for building a team of experienced professionals to assist in executing the strategic vision and objectives of the Control & Risk Assessment testing and assessment program. The Control & Risk Assessment team will work collectively to support the Information Security Program in the areas of risk assessment methodology development and execution of risk assessments, control testing design and execution, and identification of gaps and areas of improvement utilizing testing and assessment results. Collaboration with other Information Security groups and external stakeholders across EY is key to this role. The Control & Risk Assessment Leader will need to build a network of multi-departmental and multi-level stakeholders inclusive of, but not limited to Information Security, Client and Enterprise Technology, Data Protection, Global and Enterprise Risk Management, Internal Audit, Area and Regional Risk & Data teams, Service Line Quality Leaders, etc. Skills and attributes for success Own and build multi-year roadmap to establish and mature the Control & Risk Assessment program. This includes development of the team’s charter, identification of resource needs, ongoing monitoring systems and tool requirements, performance metrics, and workstream prioritization. Build and manage control testing and risk assessment service offerings aimed at identifying potential risks and validates mitigation controls by conducting regular and systematic assessments of the organization's IT infrastructure, including networks, systems, applications, and data processes. Based on results of assessments and testing, assist control owners with the design and implementation of their controls in the organization's IT environment. Strategize on the appropriate amount of preventive, detective, or corrective controls which will have the most impact on reducing overall risk for the firm. Create a 1st Line Testing framework that can be shared with control owners that will enhance security culture and support control ownership roles and responsibilities. Conduct training and awareness campaigns to facilitate the adoption of the framework. Appropriately balance firm security needs with business impact and benefit when recommending advancements in policy and control objectives and directing those efforts to completion. Think strategically to assist with the development of a long-term vision for Information Security’s Technology Assurance, Risk, and Policy direction inclusive of its program improvement, technology adoption, and integration of security solutions into business objectives. Act as a thought leader in the firm, staying informed of changes in information security, regulatory requirements, audit standards, and industry trends, adjusting strategies, as necessary. Build and maintain appropriate relationships with internal and external leaders to ensure awareness and understanding of potential strategic directions. Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change. Outstanding management, interpersonal, communication, organizational, and decision-making skills. Ability to understand and integrate cultural differences and motives and to lead cross cultural teams. Demonstrate integrity and judgment within a professional environment. Evaluate, counsel, mentor and provide feedback on performance of others. Plan the training and development of staff to develop their skills and maintain state-of-the-art knowledge in information security. To qualify for the role you must have 12+ years of experience in the Information Technology, Information Security and/or Risk Management field(s). Audit experience or a demonstrated ability to design and test technology controls. 5+ years of experience in managing and mentoring junior and senior level staff. Experience leading global and virtual teams. High proficiency in technical and general writing skills in English. An advanced degree in Computer Science, Information Security, or a related field; equivalent work experience will be considered on a case-by-case basis. One or more of the following or equivalent certifications preferred: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT. Ideally, you’ll also have A working knowledge of external control standards like ISO 27001, NIST 800-53, COBIT, etc. and regulatory requirements like GDPR and SOX. Skilled in Microsoft Office and M365 products; primarily Word, Excel, PowerPoint, SharePoint, PowerApps, and PowerBI. Experience with RSA Archer or other GRC tools. Flexibility to work outside of normal business hours when engaging with team members and stakeholders in various time zones. What we offer As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer: Continuous learning : You will develop the mindset and skills to navigate whatever comes next. Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way. Transformative leadership : We will give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture : You will be accepted for who you are and empowered to use your voice to help others find theirs. We ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodations. EY is committed to being an inclusive employer, and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Role Title : Associate Director-Regional Client Security Assurance Lead Sub Function: Client Security Assurance Objectives of the role The Regional Client Security Assurance Lead, Associate Director, plays a pivotal role in leading a team responding to security risk assessments and due diligence exercises from clients in the IN/MENA region. This position requires extensive collaboration with various global and local functional teams, such as Data Protection, Risk Management, Compliance, Counsel, Procurement, Information Security, Technology, and EY service lines. This role is responsible for leading and supporting client and regulatory inquiries about EY’s Global Information Security program. It assists EY client engagement teams by addressing client requests regarding how EY secures our client information using comprehensive technical controls and governance processes in line with EY Global Information Security requirements. This position involves managing multiple requests and responsibilities while supporting complex security assessments throughout various stages of the engagement life cycle. Additionally, it requires staying current with updates in EY's Information Security posture and technology offerings, thereby contributing to business growth and the development of new business opportunities. Key Responsibilities The Regional Client Security Assurance Lead serves as a dependable client security relationship manager for key EY clients throughout the client engagement lifecycle, aiming to sustain and expand business operations. Furthermore, this position involves leading a team, projects, performing data analytics, and management of operational processes within IN/MENA Client Security Assurance. Team Lead: Lead team members to foster career growth and help them become knowledgeable about the EY Information Security Program and facilitate client security assessments. Implement operating model for the IN/MENA Client Security Assurance team in alignment with our business objectives. Drive the Evolution of Client Security Assurance: Actively participate in the development, implementation, and ongoing enhancement of the Client Security Assurance function in alignment with industry best practices. Facilitate Security Assessments: Act as a key resource for client and engagement teams by providing expert guidance on inbound security assessments related to EY’s Global Information Security Program, fostering trust and confidence in the EY Global Information Security Program, and the controls in place to protect data along with safeguarding the confidentiality of our security controls. This also helps build EY’s reputation and brand in the market. Clearly communicate with clients and their appointed auditors, pertinent and appropriate details of the EY Global Information Security Program. Provide critical support to EY’s approach to winning new business and sustaining existing business relationships. Provide consulting services to account teams related to client security assessments and their Supplier Risk Management framework. Meet with Clients: Participate in client meetings as an Information Security representative, supporting EY account teams by addressing client inquiries related to the EY Global Information Security Program. Support Request for Proposal (RFP) process: Partner with client engagement teams to support the RFP process by addressing information security questions to help secure more business for EY. Engage with Regulators: Support inquiries and assessments from select local regulators, highlighting EY's commitment to transparency and compliance in governance processes, technologies, and information security controls. Support Contractual Compliance: Review and provide strategic commentary on information security requirements in client contracts, aligning with EY’s Information Security Program. Assist EY Legal Counsel and Client Account Teams in negotiating terms that protect both EY and client interests. Qualifications Minimum 15-19 years of recent progressive IT security compliance, risk management or related IT security experience with a large IT organization; preferably within a professional service firm, software product, cloud-based solutions, or other companies serving clients that are highly regulated entities. Bachelor’s degree from an accredited college or university is preferred. A good understanding of cloud infrastructure, networking, modern software development and technical security controls is required. Strong executive presence, negotiation, presentation, and communication skills are required. Excellent analytical and problem-solving skills to assess and solve complex security issues. Ability to work and navigate through EY’s Global firm understanding diverse perspectives and global client requirements. Ability to maintain calm during client assessments and respond to questions consistently and confirming internally the accuracy of responses before presenting them. Proven experience in client-facing roles, particularly in handling security assessments, ideally from client inquiries, but can also be the result of experience performing security assessment of suppliers. Demonstrated ability to adopt and strive for continuous process improvement, particularly in resulting from the innovation and integration of new technologies. Excellent collaboration skills, with the ability to engage effectively with cross-functional teams and stakeholders. Knowledge of various information security frameworks such as ISO27001/2, AICPA System and Organization Controls (SOC) Reports (SOC1, SOC2, and SOC3), NIST, COBIT and relevant regulatory requirements such as GDPR. Certifications such as CISSP, CISM, CISA, ISO 27001 Auditor, CRISC, CIPP are preferred. Keep up to date with industry trends, emerging technologies and best practices. Good understanding in the following concepts and domains: Governance Risk and Compliance : A system that ensures that organizations enforce governance, implement risk management strategies, and ensure regulatory compliance. Multitier Network Architecture: A design separating resources between the Internet and the internal infrastructure, incorporating multiple network layers. For on-premise solutions, this includes a DMZ (Demilitarized Zone) architecture. In cloud environments, it involves a combination of Network Security Groups (NSG), Virtual Networks (VNETs), IP-based restrictions on connections between resources, and Web Application Firewalls (WAF). Cloud security architecture : Cloud security architecture's purpose is to provide a structured framework for securing data, applications, and infrastructure in cloud environments. It includes the definition of security principles and a governance framework for all cloud services and applications from development through production. Distinction of Cloud Service Models such as IaaS, PaaS and SaaS and shared responsibility matrix : Infrastructure as a Service (IaaS): IaaS provides on-demand access to virtualized computing infrastructure, including servers, storage, and networking, allowing subscribers to build and manage their own applications, operating systems, and data while the cloud provider manages the underlying infrastructure. Platform as a Service (PaaS): PaaS offers a platform for developers to build, deploy, and manage applications without the need to manage the underlying operating systems and infrastructure. Software as a Service (SaaS): SaaS delivers software applications to users over the internet, allowing them to access and use the software without installing or managing it on their own devices. We will be dependent on the SaaS providers for the security controls to protect EY and client information. Application security : Measures taken to protect software applications from threats and vulnerabilities that can compromise the confidentiality, integrity, or availability of the data. Identity and access management : Includes use of authentication mechanisms, authorization measures, and privileged account management. Encryption standards: Standards for cryptography, used to protect data-at-rest and data-in-transit as well as provide a means of validating the authenticity, non-repudiation, and integrity of data. Endpoint security capabilities : Standards to protect endpoints such as laptops, desktops, smartphones, and tablets against cyberattacks. Incident response Plan : The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of malicious cyber-attacks against an organization’s information systems(s). Business impact analysis : Predicts the consequences of a disruption to your business, and gathers information needed to develop recovery strategies. Disaster recovery : Understand the disaster recovery plan for the applications used to support our clients. Stakeholder management This role is a combination of technical and business acumen capable of communicating and advocating EY’s brand as it relates to the Information Security Program, across a wide range of stakeholders. This requires communication skills adaptable to the appropriate audiences that address different perspectives, goals, and levels of technical knowledge. It also requires the ability to gain trust and act as a trusted consultant and liaison between clients, account teams and EY internal security functions. Stakeholders include: Product/Application owners – responsible for the full lifecycle of a technology solution that fulfills a business need or objective. Client Security Assurance provide useful feedback from clients to further enhance their products/applications. Architects and Engineers – EY technology leaders who design and build solutions based on business requirements. Information Security Leadership Team – responsible for all matters for security related to the security program. Extended Security Team – responsible for specific domains such as Security Consulting, Application Security Compliance, Supplier Risk Assessment, Cyber Defense, Business Impact Analysis, Information Security Policies related to the security program. EY Partners and Account teams: Ultimately responsible for the relationship with EY clients and the selection and usage of the technology leveraged for their services and deliverables. EY Clients and Client Security Auditors – The ultimate customer for EY’s technology or service delivery who expect EY’s technology solutions to adequately protect their data and maintain appropriate service levels. The Client Security Assurance Senior Consultant will participate in number of client meetings with the engagement team to answer questions and provide clarification on how EY secure client information. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Job Description: GRC Analyst Location: Delhi/NCR (Hybrid Work Model) Position Overview: We are seeking a dynamic and skilled GRC (Governance, Risk, and Compliance) Consultant to join our team. The ideal candidate will be ISO 27001 Lead Implementer Certified and possess extensive knowledge of various GRC frameworks. The candidate should have exceptional communication skills, be highly presentable, and have the ability to interact with clients at all levels. This role offers a hybrid work model, allowing a mix of remote work and on-site visits as well Key Responsibilities: • Governance and Compliance: • Assist organizations in designing, implementing, and maintaining robust GRC frameworks tailored to business needs. • Ensure compliance with ISO 27001 standards and other relevant industry regulations. • Develop and review policies, procedures, and risk management strategies. • Risk Management: • Conduct risk assessments and gap analyses to identify potential security and compliance risks. • Recommend risk mitigation strategies and monitor their implementation. • Audits and Assessments: • Prepare and lead clients through internal and external compliance audits. • Provide support during third-party audits and assessments. • Client Interaction: • Engage with clients to understand their specific GRC needs and offer tailored solutions. • Deliver presentations, training, and workshops to educate clients on GRC best practices. • Reporting and Documentation: • Create detailed reports and dashboards to provide insights into the organization’s compliance posture. • Maintain thorough documentation to support audits and ongoing compliance efforts. Required Qualifications and Skills: • Certification: ISO 27001 Lead Implementer Certified (Mandatory). • Knowledge of Frameworks: Comprehensive understanding of major GRC frameworks such as NIST, COBIT, GDPR, HIPAA, PCI DSS, and SOC 2. • Communication: Exceptional verbal and written communication skills in English. • Presentation Skills: Ability to present ideas and solutions clearly and professionally to diverse audiences. • Technical Skills: Familiarity with GRC tools and technologies is a plus. • Analytical Mindset: Strong analytical and problem-solving abilities to address complex compliance challenges. • Flexibility: Comfortable working in a hybrid environment and traveling to client locations within Delhi/NCR as required. Desired Traits: • Self-motivated and proactive approach to work. • Strong team player with the ability to work independently when needed. • Proven ability to manage multiple clients and projects simultaneously. Job Details: • Type: Full-time • Location: Delhi/NCR (Hybrid – Work from home with site visits as needed) • Compensation: Competitive salary based on experience and expertise.

TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance and employee benefits, including health insurance, retirement plans and workers’ compensation insurance. TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If you’re passionate about innovation and making an impact on the large SMB market, come join us as we power our clients’ business success with extraordinary HR. Don't meet every single requirement? Studies have shown that many potential applicants discourage themselves from applying to jobs unless they meet every single requirement. TriNet always strives to hire the most qualified candidate for a particular role, ensuring we deliver outstanding results for our small and medium-size customers. So if you're excited about this role but your past experience doesn't align perfectly with every single qualification in the job description, nobody’s perfect – and we encourage you to apply. You may just be the right candidate for this or other roles. The Manager, Security-Compliance will be responsible for assuring information security and managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes. On a day-to-day, there will be responsibility to manage activities of a team, including research, analysis and documentation, evidence gathering and documenting compliance requirements. Essential Duties/Responsibilities Establishes, implements, and maintains information assurance programs, requirements, and standards based on the analysis of user, policy, regulatory, and resource demands Conducts compliance assessments of planned and implemented information systems Aligns NIST CSF framework requirements with business company processes to assist company stakeholders with determining appropriate controls, test steps, evidence collection, and documentation of risks associated with gaps to defined controls Authors and/or updates standards or documentation to align with company and regulatory guidelines Assists in facilitating audit requests by interfacing between control owners and auditors Assists with responding to customer security questionnaires Advises security administrators on normal and exception-based processing of security authorization requests Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes Works within the information security governance process to define control recommendations that are both efficient and effective Identifies, reports, and resolves security violations Job Requirements and Qualifications Education: Bachelor’s degree in Business, Computer Science, Finance, or other related business discipline preferred or equivalent work experience Training Requirements (licenses, programs, or certificates) : Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or equivalent are highly desirable Experience: 10+ years of experience in technology / IT audit or regulatory compliance role 3+ years of management experience Other Knowledge, Skills and Abilities Knowledge of information security management frameworks (e.g., NIST CSF, NIST 800-53, HIPAA, COBIT, etc.) Ability to understand and articulate security risks, as well as propose solutions and/or mitigate controls Familiar with Microsoft suite of security tools such as Purview, Sentinel, Defender and Entra Excellent written and verbal communication skills, interpersonal and collaborative skills An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one An ability to effectively influence others to modify their opinions, plans, or behaviors, with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication Minimal travel required. Work Environment Work in a clean, pleasant, and comfortable office work setting. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable persons with disabilities to perform the essential functions. This position is 100% in office. Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Position functions and qualifications may vary depending on business necessity. TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact India.Careers@trinet.com to request such an accommodation.

A Snapshot of Your Day: We are seeking a skilled and experienced IT Risk Professional to join our team in Gurgaon. The ideal candidate will have a strong background in IT risk management, compliance, and governance, with a proven track record of implementing risk frameworks and controls in complex IT environments. Experience in coordinating IT asset vulnerability management is essential. How You’ll Make an Impact: Develop, implement, and maintain IT risk management frameworks, policies, and procedures. Conduct risk assessments and control evaluations across IT systems and processes. Coordinate IT asset vulnerability management, including identification, tracking, and remediation of vulnerabilities. Collaborate with multi-functional teams to identify, assess, and mitigate IT risks. Monitor compliance with internal policies and external regulatory requirements. Prepare and present risk reports to senior management and collaborators. Support audits and regulatory examinations by providing vital documentation and insights. Stay updated on emerging IT risks, regulatory changes, and industry standard processes. What You Bring: Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent experience. Minimum of 7 years of overall experience in IT, with at least 4 years in IT risk management or compliance. CRISC certification is mandatory. Solid understanding of risk management frameworks (e.g., COBIT, ISO 27001, NIST). Experience with GRC tools and risk assessment methodologies. Hands-on experience with IT asset vulnerability management tools and processes. Excellent analytical, communication, and collaborator management skills. IT project management experience considered an asset. Additional certifications such as CISA, CISM, or CISSP. Experience in financial services, consulting, or regulated industries. Familiarity with data privacy regulations (e.g., GDPR, DPDP Act). Understanding of global risk and compliance frameworks and standard methodologies. Continuous learning through training, certifications, and knowledge-sharing sessions. Career advancement opportunities within a growing and forward-thinking organization. Learning from knowledgeable engineers in IT and cybersecurity. About the Team Our Corporate and Global Functions are essential in driving the company's strategic initiatives and ensuring operational excellence across various departments, business areas, and regions. These roles support our vision to become the most valued energy technology company in the world. As part of our team, you contribute to our vision by shaping the global energy transition, partnering with our internal and external stakeholders, and conducting business responsibly and in compliance with legal requirements and regulations. Who is Siemens Energy? At Siemens Energy, we are more than just an energy technology company. With ~100,000 dedicated employees in more than 90 countries, we develop the energy systems of the future, ensuring that the growing energy demand of the global community is met reliably and sustainably. The technologies created in our research departments and factories drive the energy transition and provide the base for one sixth of the world's electricity generation. Our global team is committed to making sustainable, reliable, and affordable energy a reality by pushing the boundaries of what is possible. We uphold a 150-year legacy of innovation that encourages our search for people who will support our focus on decarbonization, new technologies, and energy transformation. Find out how you can make a difference at Siemens Energy: https://www.siemens-energy.com/employeevideo Our Commitment to Diversity Lucky for us, we are not all the same. Through diversity we generate power. We run on inclusion and our combined creative energy is fueled by over 130 nationalities. Siemens Energy celebrates character – no matter what ethnic background, gender, age, religion, identity, or disability. We energize society, all of society, and we do not discriminate based on our differences. Rewards/Benefits Employees are eligible for Remote Working arrangements up to 2 days per week. Opportunities to work with a global team Opportunities to work on and lead a variety of innovative projects Medical benefits Time off/Paid holidays and parental leave Continual learning through the Learn@Siemens-Energy platform https://jobs.siemens-energy.com/jobs

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech - Manager - IT Internal Controls The opportunity: your next adventure awaits. Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Protech Tech team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients. This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor Key responsibilities The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you will: Understand client’s challenges and industry related issues and offer solutions in the areas of IT Risk. Participate in go to market, create proposals and respond to RFPs, client orals etc. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, walkthrough sessions, trainings etc. for existing and new clients. Jointly lead global account relationships along with onshore, manage engagement deliveries, quality and drive the growth agenda on accounts. Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Manage a team of Seniors and Staffs (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment. Play an active role in counselling and mentoring junior consultants within the firm. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients. Skills and attributes for success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 5-7 years of related work experience At least 3-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Job description At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Technology Risk– Senior As part of our EY- Technology Risk team you’ll contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You’ll also identify potential business opportunities for Ernst & Young within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team. The opportunity We’re looking for candidates at Senior level to join the leadership group of our EY-Technology Risk Team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your key responsibilities are to Participate in IT Risk and Assurance engagements. Work effectively as a team member, sharing responsibility, providing support, maintaining active communication, and updating senior team members on progress. Helping in preparation of the audit reports that will be delivered to clients and other parties. Develop and maintain productive working relationships with onshore and client personnel. Identification and testing of SAP IT security and IT risk (e.g., data systems, network and applications) across the enterprise. Assist with facilitating practice wide training (SAP ITGC/ SAP ITAC /SAP Pre & Post Implementation) curriculum. Work closely with onshore, cross-functional teams and develop strong relationships as project senior across the organisation. Stay updated with and promote awareness of updated ERP versions & its functionalities, industry best practices. Active team member executing project management/ stakeholders management (Client, Assurance, onshore) Planning and Budgeting preparation and perform analysis of budget vs actuals. Provide quality deliverables with value addition on the engagements and is known as SMR across organisation. Skills and attributes for success Experience in reviewing and testing of SAP S4 Hana / SAP ECC IT general controls (ITGC) for key domains such as access management, change management, computer operations, SDLC (System Development Life Cycle) Experience in reviewing and testing SAP S4 Hana / SAP ECC security & configurations such as debugging, client settings, etc. Experience in performing pre & post implementation reviews in SAP S4 Hana / SAP ECC environment and have been through S4 Hana/ ECC lifecycle & performing migration testing. Knowledge and understanding of the TCode, tables used to extract the data from SAP S4 Hana / SAP ECC with relation to ITGC and ITAC testing. Knowledge and understanding of SAP S4 Hana / SAP ECC user access security architecture (Roles, profiles, Authorisation objects) Experience in testing of firefighter controls in SAP S4 Hana / SAP ECC and GRC. Experience in reviewing and testing the Operating System (OS) and Hana Database (DB) controls in SAP S4 Hana / SAP ECC environment. Experience of working with other SAP applications such as GRC, Fiori, BW, BI, Ariba, Concur, Success Factor, VIM, Vistex. Experience in evaluation and testing of sensitive access and SOD (Segregation of Duties) across key business and IT process in SAP S4 Hana / SAP ECC and GRC environment. Experience in SAP GRC access control (AC) & process control (PC), financial compliance management (FCM). Experience in performing the walkthrough (Test of design) directly with the client, Operating Effectiveness and have knowledge of the financial statement’s assertions. Knowledge and understanding of the auditing methodology. Experience in reviewing and interpretation the ABAP codes with relation to the control testing for ITGC’s and ITAC’s in SAP S4 Hana / SAP ECC environment. Experience in reviewing and testing the key reports ensuring the risks (completeness & accuracy) related to IPE’s (Information Produced by Entity) are addressed. Knowledge and experience of industry specific SAP S4 Hana / SAP ECC modules. Knowledge of SAP S4 Hana / SAP ECC standard functionalities in relation to business and IT controls. Experience in reviewing and testing the key business process configurations (ITAC’s) in SAP S4 Hana / SAP ECC environment. Having strong knowledge of SAP S4 Hana / SAP ECC configurations (e.g., 3-way match, copy controls) is must. Experience in testing of interface controls between multiple systems and middleware controls. Experience in IT audit in the context of a financial audit & related regulations, auditing standards and guidelines. Knowledge and understanding of control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX. Knowledge and understanding of common IT governance, control, and assurance industry frameworks, including COBIT and ISACA best practices. Knowledge and understanding of third-party attestation standards (particularly SSAE16/18), other reporting and industry specific standards. To qualify for the role, you must have B.E/B.Tech (CS/ IT)/MBA, CA with at least 3 years of experience. SAP S4 Hana / SAP ECC functional modules/ ABAP/ Security Certification (Preferred) CISA certified (Preferred) ISO 27001:2013 certified (Preferred) Any other relevant certification (Preferred) What we look for A Team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment. Opportunities to work with EY technology risk practices globally with leading businesses across a range of industries. What working at EY offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Role & responsibilities : Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments. Preferred candidate profile : Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices. Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review.•Conceptual knowledge of OT Security/ISA 62443 standard is preferable.

At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. In digital assurance at PwC, you will focus on providing assurance services over clients' digital environment, including processes and controls, cyber security measures, data and AI systems, and their associated governance, to help organisations and their stakeholders build trust in their technology while complying with relevant regulations. Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isn’t clear, you ask questions, and you use these moments as opportunities to grow. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Respond effectively to the diverse perspectives, needs, and feelings of others. Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems. Use critical thinking to break down complex concepts. Understand the broader objectives of your project or role and how your work fits into the overall strategy. Develop a deeper understanding of the business context and how it is changing. Use reflection to develop self awareness, enhance strengths and address development areas. Interpret data to inform insights and recommendations. Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements. Minimum Degree Required: Chartered Accountant or Bachelors Degree Required Fields of Study: Accounting, Finance, Management Information Systems, Computer Science, Economics, Business Administration/Management, Engineering, Mathematics, Statistics , and/or other relevant degree. Minimum Years of Experience: Four years of experience in IT auditing, auditing, consulting and/or implementing experience. Oral and written proficiency in English required. Preferred Knowledge/Skills Demonstrates thorough knowledge of providing services related to controls around the financial Reporting, Compliance And Operational Processes, Including Business Process And IT Management Controls, Which Includes a Proven Record Of Success With Facilitating And Completing Deliverables Involving The Following Financial reporting and information technology risks, processes and controls; Current and emerging technologies which may include: Oracle, SAP, Oracle Database, web development tools, virtualization, UNIX, Linux, and security technologies; COSO Framework, CoBIT and/or other leading business and IT control frameworks; and, Key domains of information technology general controls, including change management, access to programs and data, computer operations and systems development. Identifying key risks and controls, knowledge of Sarbanes Oxley readiness, controls optimization, including the configuration of controls around security, business process and within IT environments; Applying internal control principles and business/technical knowledge working experience applying professional skepticism skills; Leading the execution of a work program and practice aid, as well as perform assessments, using PwC's proprietary or other relevant tools to evaluate controls, security, SOD, and potential for optimization; Exhibiting project management skills, including developing project plans, budgets, and deliverables schedules; Creating a positive environment, monitoring workloads of the team while meeting client expectations, and respecting the work-life quality of team members. This includes providing candid, meaningful feedback in a timely manner and keeping leadership informed of progress; and, Interacting with clients on solutions and executing projects on client engagements, forming client relationships and demonstrating an understanding of the client's business.

At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. In IT audit at PwC, you will focus on helping to assess and evaluate the design and effectiveness of an organisation's IT systems and controls to provide compliance with regulations and mitigate risks. Enhancing your leadership style, you motivate, develop and inspire others to deliver quality. You are responsible for coaching, leveraging team member’s unique strengths, and managing performance to deliver on client expectations. With your growing knowledge of how business works, you play an important role in identifying opportunities that contribute to the success of our Firm. You are expected to lead with integrity and authenticity, articulating our purpose and values in a meaningful way. You embrace technology and innovation to enhance your delivery and encourage others to do the same. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Analyse and identify the linkages and interactions between the component parts of an entire system. Take ownership of projects, ensuring their successful planning, budgeting, execution, and completion. Partner with team leadership to ensure collective ownership of quality, timelines, and deliverables. Develop skills outside your comfort zone, and encourage others to do the same. Effectively mentor others. Use the review of work as an opportunity to deepen the expertise of team members. Address conflicts or issues, engaging in difficult conversations with clients, team members and other stakeholders, escalating where appropriate. Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements. Job Description Manage and direct the work streams related to IT SOX Compliance covering ITGC and IT Dependencies (ITAC, Interfaces, IPE’s). Provide technical support in the assessment, design and implementation of ITGC requirements. Thorough understanding around ITGC domains such as Logical Access, Change Management, SDLC and Computer Operations. Exposure of testing IT Application Controls (Configurable, Non-configurable), Interfaces, IPE’s, Data Migration and Platform Reviews. Review control evidence for adherence to accuracy, completeness and precision of control execution for all ITGC. Develop, implement and test controls for new acquisitions and in-scope entities. Work with control owners and operators to ensure quality, consistency and operability of new and existing controls. Collaborate and build long-term relationships with key stakeholders in a fast-paced and matrixed work environment. Review test findings, facilitate the remediation of ITGC control gaps, and escalate possible critical issues to senior management of client/Onshore teams. Plan and direct the work to team members, monitor their work, and take corrective action when necessary. Coaches, mentors, and develops direct reports, including overseeing new hire onboarding process and providing career development planning and opportunities; maintains a safe, secure, and legal work environment. Builds and maintains strong peer relationships within the team and across the organization. Coordinates work with External Auditors of the client if needed. Manage the Cyber, Risk & Regulatory (Advisory) team and client portfolio to deliver 8,000 to 12,000 of client hours. Interpersonal Skills Ability to work independently under general supervision with latitude for initiative and independent judgment. Effective verbal and written communications, including active listening skills and skill in presenting findings and recommendations. Ability to establish and maintain effective working relationships with co-workers and external contactors/auditors. Detail-oriented & comfortable working on multiple projects simultaneously. Individuals would be expected to cultivate a strong team environment and promote a positive working relationship amongst their team. Excellent communication skills, written and verbal would be expected. Ensure client service delivery in accordance with the quality guidelines & methodologies. Build and maintain client relationships by understanding and being responsive to client needs and ensuring high quality of deliverables. Contribute to people and knowledge development initiatives by developing training material and conducting training. Demonstrate strong analytical thinking and communication skills including the ability to research and understand complex processes and effectively communicate them to interested parties. Demonstrate superior relationship building and relationship management skills. Client Management Develop strong working relationships with the client and onshore teams. Maintain excellent rapport and proactive communication with the stakeholders and clients. Operational excellence Suggest ideas on improving engagement productivity and identify opportunities for improving client service. Manage engagement budgets and ensure compliance with engagement plans and internal quality & risk management procedures. People related Display teamwork, integrity and leadership. Work with team members to set goals and responsibilities for specific engagements. Foster teamwork and innovation. Utilize technology & tools to continually learn and innovate, share knowledge with team members and enhance service delivery. Conduct workshops and technical training sessions for team members. Contribute to the learning & development agenda and knowledge harnessing initiatives Mentor and coach junior team members, enabling them to meet their performance goals and successfully grow their careers. Minimum Qualifications Bachelor’s degree in Information Systems, Computer Science Engineering B.E., B. TECH, M. TECH, MCA, BCA, CA, MBA Experience of business experience in technology audit, risk management, compliance, consulting, or information security including acting in the capacity of a supervisor Excellent knowledge of IT General Controls, automated and security controls Knowledge of security measures and auditing practices within various operating systems, databases and applications Experience in auditing financial applications, cyber security practices, privacy and various infrastructure platforms such as Unix, Linus, Windows, SQL Server, Oracle Databases Knowledge and concepts of auditing of cloud platforms (AWS, Azure and Google Cloud) Experience designing continuous auditing and monitoring tools and techniques is a plus. Good understanding of CoBIT 5 Domains of Access Management, SLDC & Change and Computer Operations and Control Design and Testing of SOX IT General Controls (ITGC) and/or IT Application Controls (ITAC) Experience in identifying control gaps and communicating audit findings and control redesign recommendations to Management/Clients Knowledge of regulations impacting privacy, integrity and availability of clients PII. Functional knowledge of major ERP suites (like SAP, Dynamics, Oracle EBS, Peoplesoft) Understanding of audit concepts and regulations Required overall experience in testing/reviewing and implementation of ITGC controls, CoBit 5 and developing COSO framework Candidates with 6-8 years of relevant experience in similar role, preferably with a “Big 4” or equivalent Chartered Accountant (would be added advantage) Certification(s) Preferred CISA / CISM / CRISC / CISSP / ISO 27001 LA certifications

At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. In digital assurance at PwC, you will focus on providing assurance services over clients' digital environment, including processes and controls, cyber security measures, data and AI systems, and their associated governance, to help organisations and their stakeholders build trust in their technology while complying with relevant regulations. Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isn’t clear, you ask questions, and you use these moments as opportunities to grow. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Respond effectively to the diverse perspectives, needs, and feelings of others. Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems. Use critical thinking to break down complex concepts. Understand the broader objectives of your project or role and how your work fits into the overall strategy. Develop a deeper understanding of the business context and how it is changing. Use reflection to develop self awareness, enhance strengths and address development areas. Interpret data to inform insights and recommendations. Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements. Minimum Degree Required: Chartered Accountant or Bachelors Degree Required Fields of Study: Accounting, Finance, Management Information Systems, Computer Science, Economics, Business Administration/Management, Engineering, Mathematics, Statistics , and/or other relevant degree. Minimum Years of Experience: Four years of experience in IT auditing, auditing, consulting and/or implementing experience. Oral and written proficiency in English required. Preferred Knowledge/Skills Demonstrates thorough knowledge of providing services related to controls around the financial Reporting, Compliance And Operational Processes, Including Business Process And IT Management Controls, Which Includes a Proven Record Of Success With Facilitating And Completing Deliverables Involving The Following Financial reporting and information technology risks, processes and controls; Current and emerging technologies which may include: Oracle, SAP, Oracle Database, web development tools, virtualization, UNIX, Linux, and security technologies; COSO Framework, CoBIT and/or other leading business and IT control frameworks; and, Key domains of information technology general controls, including change management, access to programs and data, computer operations and systems development. Identifying key risks and controls, knowledge of Sarbanes Oxley readiness, controls optimization, including the configuration of controls around security, business process and within IT environments; Applying internal control principles and business/technical knowledge working experience applying professional skepticism skills; Leading the execution of a work program and practice aid, as well as perform assessments, using PwC's proprietary or other relevant tools to evaluate controls, security, SOD, and potential for optimization; Exhibiting project management skills, including developing project plans, budgets, and deliverables schedules; Creating a positive environment, monitoring workloads of the team while meeting client expectations, and respecting the work-life quality of team members. This includes providing candid, meaningful feedback in a timely manner and keeping leadership informed of progress; and, Interacting with clients on solutions and executing projects on client engagements, forming client relationships and demonstrating an understanding of the client's business.

At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. In digital assurance at PwC, you will focus on providing assurance services over clients' digital environment, including processes and controls, cyber security measures, data and AI systems, and their associated governance, to help organisations and their stakeholders build trust in their technology while complying with relevant regulations. Driven by curiosity, you are a reliable, contributing member of a team. In our fast-paced environment, you are expected to adapt to working with a variety of clients and team members, each presenting varying challenges and scope. Every experience is an opportunity to learn and grow. You are expected to take ownership and consistently deliver quality work that drives value for our clients and success as a team. As you navigate through the Firm, you build a brand for yourself, opening doors to more opportunities. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Apply a learning mindset and take ownership for your own development. Appreciate diverse perspectives, needs, and feelings of others. Adopt habits to sustain high performance and develop your potential. Actively listen, ask questions to check understanding, and clearly express ideas. Seek, reflect, act on, and give feedback. Gather information from a range of sources to analyse facts and discern patterns. Commit to understanding how the business works and building commercial awareness. Learn and apply professional and technical standards (e.g. refer to specific PwC tax and audit guidance), uphold the Firm's code of conduct and independence requirements. The Opportunity When you join PwC Acceleration Centers (ACs), you step into a pivotal role focused on actively supporting various Acceleration Center services, from Advisory to Assurance, Tax and Business Services. In our innovative hubs, you’ll engage in challenging projects and provide distinctive services to support client engagements through enhanced quality and innovation. You’ll also participate in dynamic and digitally enabled training that is designed to grow your technical and professional skills. As part of the Digital Assurance and Transparency - AC India team you are expected to provide services related to controls around the financial reporting, compliance, and operational processes. As an Associate you are expected to focus on learning and contributing to client engagement and projects while developing your skills and knowledge to deliver quality work. You are expected to be responsible for identifying key risks and controls, applying internal control principles and business/technical knowledge, and leading the execution of a work program and practice aid. Responsibilities Providing services related to controls around financial reporting, compliance, and operational processes Identifying key risks and controls Applying internal control principles and business/technical knowledge Leading the execution of a work program and practice aid Contributing to client engagement and projects Developing skills and knowledge to deliver quality work Supporting senior staff in various tasks Engaging in research and learning opportunities What You Must Have Bachelor's Degree in one of the following fields of study: Accounting, Finance, Management Information Systems, Computer and Information Science, Information Technology, Economics, Business Administration/Management, Engineering, Statistics, Management Information Systems & Accounting, Computer and Information Science & Accounting, Economics and Finance, Economics and Finance & Technology, Accounting & Technology, Mathematical Statistics, or Technology Mathematics In lieu of Bachelor Degree, Chartered Accountant 1 year of IT auditing, auditing, consulting and/or implementing experience- Oral and written proficiency in English required What Sets You Apart Knowledge of financial reporting and IT risks, processes, and controls Familiarity with Oracle, SAP, Oracle Database, web development tools Understanding of COSO Framework, CoBIT, and other IT control frameworks Proficiency in IT general controls, including change management Experience in Sarbanes Oxley readiness and controls optimization Significant project management skills, including developing project plans Creating a positive environment and monitoring team workloads Interacting with clients and forming client relationships Although a credential is not required to be hired at this level, it is required to progress to Manager

At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. In digital assurance at PwC, you will focus on providing assurance services over clients' digital environment, including processes and controls, cyber security measures, data and AI systems, and their associated governance, to help organisations and their stakeholders build trust in their technology while complying with relevant regulations. Driven by curiosity, you are a reliable, contributing member of a team. In our fast-paced environment, you are expected to adapt to working with a variety of clients and team members, each presenting varying challenges and scope. Every experience is an opportunity to learn and grow. You are expected to take ownership and consistently deliver quality work that drives value for our clients and success as a team. As you navigate through the Firm, you build a brand for yourself, opening doors to more opportunities. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Apply a learning mindset and take ownership for your own development. Appreciate diverse perspectives, needs, and feelings of others. Adopt habits to sustain high performance and develop your potential. Actively listen, ask questions to check understanding, and clearly express ideas. Seek, reflect, act on, and give feedback. Gather information from a range of sources to analyse facts and discern patterns. Commit to understanding how the business works and building commercial awareness. Learn and apply professional and technical standards (e.g. refer to specific PwC tax and audit guidance), uphold the Firm's code of conduct and independence requirements. The Opportunity When you join PwC Acceleration Centers (ACs), you step into a pivotal role focused on actively supporting various Acceleration Center services, from Advisory to Assurance, Tax and Business Services. In our innovative hubs, you’ll engage in challenging projects and provide distinctive services to support client engagements through enhanced quality and innovation. You’ll also participate in dynamic and digitally enabled training that is designed to grow your technical and professional skills. As part of the Digital Assurance and Transparency - AC India team you are expected to provide services related to controls around the financial reporting, compliance, and operational processes. As an Associate you are expected to focus on learning and contributing to client engagement and projects while developing your skills and knowledge to deliver quality work. You are expected to be responsible for identifying key risks and controls, applying internal control principles and business/technical knowledge, and leading the execution of a work program and practice aid. Responsibilities Providing services related to controls around financial reporting, compliance, and operational processes Identifying key risks and controls Applying internal control principles and business/technical knowledge Leading the execution of a work program and practice aid Contributing to client engagement and projects Developing skills and knowledge to deliver quality work Supporting senior staff in various tasks Engaging in research and learning opportunities What You Must Have Bachelor's Degree in one of the following fields of study: Accounting, Finance, Management Information Systems, Computer and Information Science, Information Technology, Economics, Business Administration/Management, Engineering, Statistics, Management Information Systems & Accounting, Computer and Information Science & Accounting, Economics and Finance, Economics and Finance & Technology, Accounting & Technology, Mathematical Statistics, or Technology Mathematics In lieu of Bachelor Degree, Chartered Accountant 1 year of IT auditing, auditing, consulting and/or implementing experience- Oral and written proficiency in English required What Sets You Apart Knowledge of financial reporting and IT risks, processes, and controls Familiarity with Oracle, SAP, Oracle Database, web development tools Understanding of COSO Framework, CoBIT, and other IT control frameworks Proficiency in IT general controls, including change management Experience in Sarbanes Oxley readiness and controls optimization Significant project management skills, including developing project plans Creating a positive environment and monitoring team workloads Interacting with clients and forming client relationships Although a credential is not required to be hired at this level, it is required to progress to Manager

This role is a global position that supports the Internal Controls and SOX Compliance Sr. Director in scoping, designing, and supporting IT related controls. You will play a key role in Herbalife's integrated internal control environment. You must possess a strong understanding of scoping and designing controls, including knowledge of COBIT, COSO, and NIST frameworks. Effective communication and collaboration skills with stakeholders across the business are essential. Your responsibilities include assisting in the annual enterprise IT risk assessment, documenting IT SOX narratives, designing IT application controls, supporting the SOX testing plan, evaluating deficiencies, and identifying compensating controls. You will work with control owners to improve processes, address internal control issues, and identify opportunities for control optimization. Providing advice on internal controls, including SOX and cybersecurity, is also part of your role. Required skills include a solid grasp of SOX testing methodologies, risk assessment practices, Oracle experience, and knowledge of COBIT, COSO, and NIST frameworks. You should be able to work effectively in cross-functional teams, analyze problems, communicate effectively, and prioritize tasks with minimal supervision. Proficiency in Excel, Word, PowerPoint, and Visio is necessary. Experience in SOX, internal or external audit, project management, and analysis is required, preferably in a Big 4 Accounting or publicly traded company setting. A Bachelor's Degree in Information Systems, Accounting, Finance, or equivalent, along with a CISA certification, is necessary for this role.,

You will be an integral part of ASEC Engineers - A Verdantas Company, serving as a highly analytical and detail-oriented technical business analyst. Your primary focus will be on IT infrastructure within the Global Infrastructure & Cloud Operations team. Your responsibilities will include collaborating with project managers, architects, and engineering teams to gather requirements, create system diagrams, and define operational processes. You will play a key role in documenting the current and future state of the IT environment, translating business requirements into functional and technical specifications. Your role will involve creating and maintaining detailed documentation of the infrastructure, including network diagrams, system architecture diagrams, data flow diagrams, and process documentation. You will also develop standard operating procedures, runbooks, and knowledge base articles while ensuring that all documentation is version-controlled and aligned with organizational standards. As a technical business analyst, you will support infrastructure and cloud-related projects by providing clear documentation and analysis. Your collaboration skills will be essential as you act as a liaison between technical teams and business stakeholders, facilitating communication and ensuring alignment on infrastructure changes and documentation needs. Additionally, you will be responsible for ensuring that all documentation meets internal quality standards and compliance requirements. You will support audits and risk assessments by providing accurate and up-to-date documentation while identifying opportunities for process improvement. To excel in this role, you are required to have a Bachelor's degree in information technology, computer science, or a related field, along with at least 5 years of experience in a technical business analyst or infrastructure documentation role. You should have a strong understanding of IT infrastructure components, proficiency with diagramming tools, excellent communication skills, and strong analytical abilities. Preferred qualifications include experience with cloud platforms, familiarity with IT governance frameworks, experience in Agile project environments, and knowledge of enterprise architecture frameworks. Key competencies for success in this role include attention to detail, technical curiosity, stakeholder management, process orientation, adaptability, and initiative. If you are ready to build the future with us at ASEC Engineers, a Verdantas Company, and make a meaningful impact professionally and environmentally, we invite you to join our visionary team driving innovation, sustainability, and transformative solutions that shape the future.,

As a Technology Risk and Control Analyst within the Infrastructure Platform Engineering (IPE) team at the London Stock Exchange Group (LSEG), you will play a crucial role in identifying, assessing, and mitigating operational, regulatory, and technology-related risks across the organization. Working under the Infrastructure and Cloud business division, your responsibilities will involve supporting the implementation and maintenance of risk and control frameworks, conducting control testing, and collaborating with various teams to ensure compliance with internal policies and external regulations. Your key responsibilities will include identifying and assessing operational, regulatory, and compliance risks within the IPE teams, supporting the Risk and Control Self-Assessment (RCA) process, designing and documenting effective control procedures in collaboration with Infrastructure and GRC teams, as well as conducting Design Effectiveness Testing (DET) and Operating Effectiveness Testing (OET) to evaluate control performance. Additionally, you will work closely with cross-functional teams across Operations, Risk, Compliance, and IT to embed robust risk management practices, provide guidance and training on risk and control frameworks, recommend continuous improvements to control processes and risk mitigation strategies, and monitor industry trends and regulatory developments to ensure the effectiveness of risk practices. To qualify for this role, you should hold a Bachelor's degree in engineering, Computer Science, or a related field, along with 8-12 years of hands-on experience in Operational risk management, internal controls, IT audit, or compliance. A strong understanding of IT Governance framework and familiarity with IT industry standards such as ISO27001 and COBIT is essential. Experience with control testing, audit practices, compliance assessments, cybersecurity principles, and enterprise IT environments will be beneficial. Professional certifications such as CISA, CRISC, CISM are preferred, while proficiency in data analysis, reporting tools, and project management software is required. Strong analytical, problem-solving, and communication skills, as well as the ability to work collaboratively and manage relationships with stakeholders at all levels, are key attributes for success in this role. As part of LSEG, a leading global financial markets infrastructure and data provider, you will be contributing to driving financial stability, empowering economies, and enabling sustainable growth. With a diverse and inclusive organizational culture, you will have the opportunity to bring your true self to work, contribute to a collaborative and creative environment, and help re-engineer the financial ecosystem to support and drive sustainable economic growth. LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days, and wellbeing initiatives to ensure the well-being and development of its employees.,

A Snapshot of Your Day: We are seeking a skilled and experienced IT Risk Professional to join our team in Gurgaon. The ideal candidate will have a strong background in IT risk management, compliance, and governance, with a proven track record of implementing risk frameworks and controls in complex IT environments. Experience in coordinating IT asset vulnerability management is essential. How You’ll Make an Impact: Develop, implement, and maintain IT risk management frameworks, policies, and procedures. Conduct risk assessments and control evaluations across IT systems and processes. Coordinate IT asset vulnerability management, including identification, tracking, and remediation of vulnerabilities. Collaborate with multi-functional teams to identify, assess, and mitigate IT risks. Monitor compliance with internal policies and external regulatory requirements. Prepare and present risk reports to senior management and collaborators. Support audits and regulatory examinations by providing vital documentation and insights. Stay updated on emerging IT risks, regulatory changes, and industry standard processes. What You Bring: Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent experience. Minimum of 7 years of overall experience in IT, with at least 4 years in IT risk management or compliance. CRISC certification is mandatory. Solid understanding of risk management frameworks (e.g., COBIT, ISO 27001, NIST). Experience with GRC tools and risk assessment methodologies. Hands-on experience with IT asset vulnerability management tools and processes. Excellent analytical, communication, and collaborator management skills. IT project management experience considered an asset. Additional certifications such as CISA, CISM, or CISSP. Experience in financial services, consulting, or regulated industries. Familiarity with data privacy regulations (e.g., GDPR, DPDP Act). Understanding of global risk and compliance frameworks and standard methodologies. Continuous learning through training, certifications, and knowledge-sharing sessions. Career advancement opportunities within a growing and forward-thinking organization. Learning from knowledgeable engineers in IT and cybersecurity. About The Team Our Corporate and Global Functions are essential in driving the company's strategic initiatives and ensuring operational excellence across various departments, business areas, and regions. These roles support our vision to become the most valued energy technology company in the world. As part of our team, you contribute to our vision by shaping the global energy transition, partnering with our internal and external stakeholders, and conducting business responsibly and in compliance with legal requirements and regulations. Who is Siemens Energy? At Siemens Energy, we are more than just an energy technology company. With ~100,000 dedicated employees in more than 90 countries, we develop the energy systems of the future, ensuring that the growing energy demand of the global community is met reliably and sustainably. The technologies created in our research departments and factories drive the energy transition and provide the base for one sixth of the world's electricity generation. Our global team is committed to making sustainable, reliable, and affordable energy a reality by pushing the boundaries of what is possible. We uphold a 150-year legacy of innovation that encourages our search for people who will support our focus on decarbonization, new technologies, and energy transformation. Find out how you can make a difference at Siemens Energy: https://www.siemens-energy.com/employeevideo Our Commitment to Diversity Lucky for us, we are not all the same. Through diversity we generate power. We run on inclusion and our combined creative energy is fueled by over 130 nationalities. Siemens Energy celebrates character – no matter what ethnic background, gender, age, religion, identity, or disability. We energize society, all of society, and we do not discriminate based on our differences. Rewards/Benefits Employees are eligible for Remote Working arrangements up to 2 days per week. Opportunities to work with a global team Opportunities to work on and lead a variety of innovative projects Medical benefits Time off/Paid holidays and parental leave Continual learning through the Learn@Siemens-Energy platform https://jobs.siemens-energy.com/jobs

Job Description TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance and employee benefits, including health insurance, retirement plans and workers’ compensation insurance. TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If you’re passionate about innovation and making an impact on the large SMB market, come join us as we power our clients’ business success with extraordinary HR. Don't meet every single requirement? Studies have shown that many potential applicants discourage themselves from applying to jobs unless they meet every single requirement. TriNet always strives to hire the most qualified candidate for a particular role, ensuring we deliver outstanding results for our small and medium-size customers. So if you're excited about this role but your past experience doesn't align perfectly with every single qualification in the job description, nobody’s perfect – and we encourage you to apply. You may just be the right candidate for this or other roles. The Manager, Security-Compliance will be responsible for assuring information security and managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes. On a day-to-day, there will be responsibility to manage activities of a team, including research, analysis and documentation, evidence gathering and documenting compliance requirements. Essential Duties/Responsibilities Establishes, implements, and maintains information assurance programs, requirements, and standards based on the analysis of user, policy, regulatory, and resource demands Conducts compliance assessments of planned and implemented information systems Aligns NIST CSF framework requirements with business company processes to assist company stakeholders with determining appropriate controls, test steps, evidence collection, and documentation of risks associated with gaps to defined controls Authors and/or updates standards or documentation to align with company and regulatory guidelines Assists in facilitating audit requests by interfacing between control owners and auditors Assists with responding to customer security questionnaires Advises security administrators on normal and exception-based processing of security authorization requests Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes Works within the information security governance process to define control recommendations that are both efficient and effective Identifies, reports, and resolves security violations Education Job Requirements and Qualifications Bachelor’s degree in Business, Computer Science, Finance, or other related business discipline preferred or equivalent work experience Training Requirements (licenses, Programs, Or Certificates) Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or equivalent are highly desirable Experience 10+ years of experience in technology / IT audit or regulatory compliance role 3+ years of management experience Other Knowledge, Skills And Abilities Knowledge of information security management frameworks (e.g., NIST CSF, NIST 800-53, HIPAA, COBIT, etc.) Ability to understand and articulate security risks, as well as propose solutions and/or mitigate controls Familiar with Microsoft suite of security tools such as Purview, Sentinel, Defender and Entra Excellent written and verbal communication skills, interpersonal and collaborative skills An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one An ability to effectively influence others to modify their opinions, plans, or behaviors, with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication Minimal travel required. Work Environment Work in a clean, pleasant, and comfortable office work setting. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable persons with disabilities to perform the essential functions. This position is 100% in office. Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Position functions and qualifications may vary depending on business necessity. TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact India.Careers@trinet.com to request such an accommodation.

Job Description Vice President - Technology Risk Management II - Chief of Operations (COPS) Officer At BNY, our culture empowers you to grow and succeed. As a leading global financial services company at the center of the world’s financial system we touch nearly 20% of the world’s investible assets. Every day around the globe, our 50,000+ employees bring the power of their perspective to the table to create solutions with our clients that benefit businesses, communities and people everywhere. We continue to be a leader in the industry, awarded as a top home for innovators and for creating an inclusive workplace. Through our unique ideas and talents, together we help make money work for the world. This is what is all about. We’re seeking a future team member for the role of Vice President - Technology Risk Management II to join our Technology Risk Management (2LOD) team. This role is located in Pune, MH Hybrid. In this role, you’ll make an impact in the following ways: Drive consistent, robust, and repeatable independent technology & cybersecurity risk and control management processes with developed centralized process documentation, templates, tooling, dashboarding, reporting and related work products Enable high-quality and consistent delivery of key independent 2LOD risk and control management activities across the broader Technology Risk Management organization to support key stakeholder deliverable work products including risk committee reporting, audit trail submissions, regulatory engagement responses, and 1LOD and Internal Audit reporting transparency Implement appropriate checks and change management capabilities to ensure broader TRM teams are challenged to produce high-quality, risk-based analysis, challenges, issues, and work products to stand-up to audit and regulatory requirements Interface collaboratively with other TRM teams including Reporting, Frameworks, Process, Automation/AI, and Functional SME teams, to ensure process efficiencies are implemented and enhanced over time To be successful in this role, we’re seeking the following: Bachelor’s degree or the equivalent combination of education and experience is required 7+ years of experience required experience with technology or financial services industry is required Sound understanding of Industry wide Technology Controls, Issue Management and Risk Management Framework Expert attention to detail, organizational and executive communication skills and experience are required Relevant professional certifications are a plus (CRISC, CISA, ITIL, ISO27001, COBIT) Technical experience with SharePoint, Tableau, PowerBI, ServiceNow is a plus Consulting and engagement with senior leadership experience is a plus At BNY, our culture speaks for itself. Here’s a few of our awards: America’s Most Innovative Companies, Fortune, 2024 World’s Most Admired Companies, Fortune 2024 Human Rights Campaign Foundation, Corporate Equality Index, 100% score, 2023-2024 Best Places to Work for Disability Inclusion , Disability: IN – 100% score, 2023-2024 “Most Just Companies”, Just Capital and CNBC, 2024 Dow Jones Sustainability Indices, Top performing company for Sustainability, 2024 Bloomberg’s Gender Equality Index (GEI), 2023 Our Benefits And Rewards BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life’s journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter. BNY is an Equal Employment Opportunity/Affirmative Action Employer - Underrepresented racial and ethnic groups/Females/Individuals with Disabilities/Protected Veterans.

As a core member of our Governance IT team, you will work with dedicated professionals to ensure our clients maintain access to their critical information assets while keeping Citco ahead of industry trends. The focus of this position will be the analysis and improvement of Citco IT Compliance. The candidate will interface with a wide range of internal Citco groups fostering stability and improvements to the IT control environment, the state of IT risk, IT regulatory compliance, IT internal audit response, and the currency of IT policies and standards. The IT Compliance Analyst will identify and implement improvement measures, track quality, risk, and compliance deliverables in an effort to foster an atmosphere of continual improvements and functional maturity. You have a college degree or relevant experience with a minimum of 3-5 years of technical IT roles. Ideal candidates should have a working knowledge of one or more of the Compliance and Controls standards (i. e. COBIT, ITIL, ISO27001, MOF, CSA, COSO, CMMI) Excellent oral and written communication skills and business acumen. Experience with various SDLC frameworks such as Waterfall, AGILE, RUP etc. Experience as a Project Manager and proficiency in using Project Management tools such as JIRA and Confluence is preferred An understanding or practical experience of Risk and Control disciplines is preferred. Demonstrated ability to engage and collaborate with colleagues across the organization to drive results Intellectually curious, with the ability to ask the "right questions" without having extensive knowledge in a particular technical area Must be able to meet deadlines and changing priorities Coordinate operational controls effectiveness testing across the IT division and with teams outside of the IT division as required. Assist OCM project managers in the development and implementation of control improvement projects and regulatory impact remediation Represent IT as advocates during Internal and external audits Support an orderly cycle of policy and procedure reviews to ensure process currency Ensure that IT quality and risk metrics are collected and compiled Support the development and execution of an annual schedule of application, control objective, and IT risk theme assessments Work with IT stakeholders to continually break down IT organizational silos and promote collaboration Responsible for communication, including status reporting, risk management, escalation of issues that cannot be resolved and missed due dates

Who youll be working with: WPP Enterprise Technology are proud technology solutions partner for WPP Corporate Functions. Our collaboration is instrumental in coordinating and assuring end-to-end change delivery, managing the IT technology lifecycle, and maintaining a robust innovation pipeline. The CRC discipline within WPP ET plays a crucial role in this partnership. We are responsible for providing advisory and support to the corporate business cluster on critical areas such as Technology Audits, Technology Risks, Control Assurance, and Technology Compliance. Our objective is to ensure that all central functions at WPP HQ operate in a safe, secure, and compliant manner. The CRC function in the Corporate Business Cluster drives compliant IT operations for WPP HQ teams, managing Legal, regulatory, and contractual obligations. As a Risk & Compliance Manager, you will play a critical role in developing and implementing a world-class technology risk and compliance program to support WPP HQ Finance Functions. You will collaborate with the WPP Chief Cyber, Risk and Compliance Officer (CCRCO), WPP CISO, Director of Cyber, Risk and Compliance, and WPP HQ Finance department heads to set the CRC functions vision and strategy, and manage escalations for technology operational risks, compliance, audit, BCP, and DR assessments. As an SME, you will lead and develop a highly effective risk and compliance function, strengthening defences and promoting a proactive, collaborative approach. You will operate in a highly complex environment with multiple risk categories, including IT operations, information security, legal, regulatory, financial and commercial with broad impacts spanning both the Corporate Cluster and the WPP Group. What youll be doing: Work closely with and assist CRC department head in developing a risk and compliance strategy for the corporate cluster that is aligned to WPP ET and CRC strategies. Establish technology risk & compliance community across the range of WPP HQ functions to drive the implementation and standardisation of agreed security governance, risk & compliance approach. Drive the Cluster s CRC strategy and approach, by closely working with Corporate CRC Director CRC Discipline Lead and other ET stakeholders. Drive BC/DR planning to the appropriate level across the Cluster and ensure BC/DR plans are updated and reviewed annually. Conduct and support Technology Risk Assessments e.g., quarterly risk landscaping - owning and driving Cluster-specific risk mitigation actions. Respond to tracking and reporting from Internal, External or Client Audit findings within the Corporate Cluster. Conduct CRC Cluster self-certification and self-monitoring of IT controls, and maintain an active liaising channel with the IT Ops function at WPP group level. Support CRC Cluster-wide input into the WPP IT Asset Register and CMDB owned by IT Ops teams. Be CRC point of contact for relevant business stakeholder escalations relating to Technology risk and compliance. Lead and oversee resolution of the most complex, critical, and impactful risk & compliance issues. Work across the CRC Cluster teams like Operational Security, Technology Operations, and Strategy and Architecture to design controls, deliver management information (KRIs) and risk mitigation plans. Drive engagement, comms and adoption for all risk, compliance and security tasks to ensure the rationale for task is understood, the mandate is embedded, and colleagues and partners are trained and can perform effectively and efficiently. Design and deliver a range of educational activities and material to embed a strong SOX Compliant culture, mindset and behaviours across the Cluster. Build strong relationships with the external stakeholders (customer, suppliers, other major bodies) as well as build a network of peers to bring innovation and insights on industry best practice, standards, frameworks, and processes to deliver a future-fit capability. Ensure that the Corporate Function remains compliant with national legislative, regulatory, contractual and WPP technology governance obligations. Support Cluster teams and functions during client pitch for winning new work by providing a compelling narrative to our prospective clients around the strength of our risk, compliance and security proposition. What youll need: A minimum of 5 to 7 years of strong and deep background in managing SOX ITGC audits in complex global organisations. Key certifications (e.g. CISA, CRISC, CISSP, CISM, Azure & Dynamic 365) desirable but not essential Degree or equivalent (i.e. BSc, BEng, MSc) desirable but not essential Comprehensive knowledge of information security risk standards, frameworks and best practices (i.e., COBIT, SOX ITGC, ISO27K1, NIST, CIS, SOC, Cyber Essentials, GDPR) Ability to provide leadership on complex and unfamiliar situations, often involving risk and emotion Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders Able to lead highly complex programmes across multiple units and geographies with high-pressure deliverable Risk and Compliance subject-matter-expert with in-depth knowledge of technology governance in the cloud and on-prem IT technologies Good understanding of managing internal and external audits (i.e., SOC:1-2, SOX) and assurance activities, including testing the design and operational effectiveness of security controls Ability to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organisational / geographical complexity A genuine desire to lead, develop, coach and mentor junior team members Who you are: Youre open : We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. Youre optimistic : We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. Youre extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day. What well give you: Passionate, inspired people We aim to create a culture in which people can do extraordinary work. Scale and opportunity We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

Vice President - Technology Risk Management I - Chief of Operations (COPS) Officer We re seeking a future team member for the role of Vice President - Technology Risk Management I to join our Technology Risk Management (2LOD) team. This role is located in Pune, MH Hybrid. In this role, you ll make an impact in the following ways: Drive consistent, robust, and repeatable independent technology cybersecurity risk and control management processes with developed centralized process documentation, templates, tooling, dashboarding, reporting and related work products Enable high-quality and consistent delivery of key independent 2LOD risk and control management activities across the broader Technology Risk Management organization to support key stakeholder deliverable work products including risk committee reporting, audit trail submissions, regulatory engagement responses, and 1LOD and Internal Audit reporting transparency Implement appropriate checks and change management capabilities to ensure broader TRM teams are challenged to produce high-quality, risk-based analysis, challenges, issues, and work products to stand-up to audit and regulatory requirements Interface collaboratively with other TRM teams including Reporting, Frameworks, Process, Automation/AI, and Functional SME teams, to ensure process efficiencies are implemented and enhanced over time To be successful in this role, we re seeking the following: Bachelor s degree or the equivalent combination of education and experience is required 7+ years of experience required experience with technology or financial services industry is required Sound understanding of Industry wide Technology Controls, Issue Management and Risk Management Framework Expert attention to detail, organizational and executive communication skills and experience are required Relevant professional certifications are a plus (CRISC, CISA, ITIL, ISO27001, COBIT) Technical experience with SharePoint, Tableau, PowerBI, ServiceNow is a plus Consulting and engagement with senior leadership experience is a plus America s Most Innovative Companies, Fortune, 2024 World s Most Admired Companies, Fortune 2024 Human Rights Campaign Foundation, Corporate Equality Index, 100% score, 2023-2024 Best Places to Work for Disability Inclusion , Disability: IN 100% score, 2023-2024 Most Just Companies , Just Capital and CNBC, 2024 Dow Jones Sustainability Indices, Top performing company for Sustainability, 2024 Bloomberg s Gender Equality Index (GEI), 2023

India s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realise your potential amongst cutting edge leaders, and organisations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile As Manager in our Cyber Team you ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities : Working knowledge in one or more security and privacy domains such as: Governance, Risk and Compliance - Information Security and Compliance management, Cryptography Governance, Risk Management. Experience in leveraging industry standards and frameworks such as PCI-DSS, ISO/IEC 17799, ISO/IEC 27001, COBIT, ITIL, etc. Demonstrates in-depth knowledge of security and risk management processes. Experience in data protection technologies such as encryption, data discovery, data masking, data redaction, etc. Desired qualifications IT education or related fields PCI-DSS, ISO 27001 LA, CISA, PRINCE 2, ITIL v3, MCSE, MCPIT- EA or equivalent certification preferred CISSP, GSEC, GCIH, CEH, LPT, CCSK certifications would be preferred Location and way of working Base location: Pune This profile involves frequent/occasional travelling to client locations Your role as Senior Analyst We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose, Senior Executive across our organization must strive to be: Inspiring - Leading with integrity to build inclusion and motivation Committed to creating purpose - Creating a sense of vision and purpose Agile - Achieving high-quality results through collaboration and Team unity Skilled at building diverse capability - Developing diverse capabilities for the future Persuasive / Influencing - Persuading and influencing stakeholders Collaborating - Partnering to build new solutions Delivering value - Showing commercial acumen Committed to expanding business - Leveraging new business opportunities Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization Effective communication Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s) Managing change - Responding to changing environment with resilience Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte Empathetic leadership and inclusivity - creating a safe and thriving environment where everyones valued for who they are, use empathy to understand others to adapt our behaviours and attitudes to become more inclusive.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. JD 3 – Risk Consulting - Protect Tech - Staff (IT audit – General skills) Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 2-3 years of related work experience At least 1-2 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX framework Implementation and Testing of internal controls such as IT general controls, IT application controls, business controls, interface controls etc Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Role Purpose : As GRC (Governance, Risk, and Compliance) Manager is responsible for overseeing and managing the risk assessment, remediation, and monitoring of information and technology process risks. This role involves ensuring that all risk and compliance activities are performed effectively by various control functions. The GRC Manager also serves as an internal consultant, providing guidance to operating functions and business lines on risk-related matters. Additionally, they are tasked with identifying, assessing, quantifying, reporting, communicating, mitigating, and monitoring process risks to ensure the organization's overall security and compliance posture. Responsibilities: Ensure strong governance on risk and compliance performed by various control functions. Manage risk assessment, remediation, and monitoring of information and technology process risks. Serve as an internal risk consultant to operating functions and business lines. Identify, assess, quantify, report, communicate, mitigate, and monitor process risks. Support the implementation of information security policies. Discuss risk closure, mitigation, and acceptance with stakeholders. Ensure periodic entitlement reviews are completed, and risks are managed to an acceptable level. Collaborate with control functions to track and mitigate identified risks. Work with technology leaders to identify control gaps. Act as a subject matter expert for risk and controls related to operations. Maintain strong working relationships with stakeholders. Review and refine policies and processes based on industry best practices. Track identified risks and ensured their closure within defined timelines. Prepare and maintain risk heat maps and risk registers. Required Skills: Excellent executive-level communication skills. Strong working relationships with team members and the ability to motivate them. Knowledge in areas such as Application Security, Data Security, Identity Access Management, Information, Infrastructure Technology, GDPR, and ISO Audits. Solid understanding of Risk Management Lifecycle and exposure to standards like SOX, COBIT, PCI-DSS, NIST Control, etc. Understanding of Security incident response aspects is desirable. Good analytical, problem-solving, and interpersonal skills. B.E in Computer Science/Information Technology or equivalent qualification with 8-12 years of experience. Industry-recognized certification in information security such as CISSP, CISM, CISA, etc.