8 Compliance Assessments Jobs

As a Senior Information Security Risk Analyst, you will lead and conduct comprehensive security risk assessments across EQ's internal systems, infrastructure, cloud platforms, third-party services, applications, mobile environments, and networks. Your role will be pivotal in identifying and evaluating potential cybersecurity threats and vulnerabilities, ensuring robust risk mitigation strategies are in place to protect EQ's data and systems. You will work cross-functionally with stakeholders to embed security best practices and ensure alignment with regulatory and organizational standards. You will review cloud architecture, deployment models, and services to identify gaps against industry best practices (e.g., CIS Benchmarks, NIST, ISO 27001) and collaborate with DevOps and Cloud Engineering teams to advise on security controls and risk mitigation strategies in AWS, Azure. Additionally, you will lead the analysis and interpretation of security data from diverse sources, including technical assessments, penetration test reports, and code reviews, to identify systemic vulnerabilities, inform strategic risk decisions, and guide enterprise-level remediation efforts. Your responsibilities will also include driving the development and strategic recommendation of risk mitigation initiatives, translating assessment findings into actionable improvements to security policies, enterprise controls, and technical architectures. You will maintain Risk records and Risk Acceptances regarding IT, Information, or Cyber Security in the Company's Risk Register/GRC tool. Furthermore, you will lead the interpretation and strategic integration of evolving cybersecurity regulations and standards (e.g., GDPR, NIST, ISO 27001, SOX, AI Act, DORA) in collaboration with Legal and Compliance to ensure enterprise-wide alignment and risk-informed decision-making. You will conduct enterprise-level compliance assessments and cybersecurity gap analyses to evaluate EQ's adherence to relevant regulations and frameworks, embedding these requirements into the broader Risk Management lifecycle to ensure systematic enforcement across all new and evolving IT systems and applications. In addition, you will conduct Risk Analysis of existing and new third-parties playing a significant role in the Company's supply chain and with access to Company or customer data or the Company's systems. You will track any significant risk issues arising to completion over agreed timescales. Your role will also involve overseeing the aggregation and analysis of enterprise-wide risk data to identify emerging threats and delivering strategic, data-driven insights and reports to Executive and senior leadership teams. You will engage with various developers and stakeholders across the business in selecting tailored security training on the training platform and participate in knowledge sharing sessions on emerging threats and security risk trends. Moreover, you will lead the evolution and governance of the enterprise Security Risk Management Framework, collaborating across IT and security teams to embed effective technical controls (e.g., firewalls, encryption, MFA) and ensure policies, standards, and procedures align with best practice and regulatory requirements. You will also advise and enable secure software development by defining secure coding standards, guiding development teams, and integrating application security testing tools into the SDLC.,

You are seeking a Senior Auditor specializing in Security Compliance and Governance, with a profound understanding of cyber security, IT systems, applications, and infrastructure. As a Cyber Security Auditor, you are required to possess exceptional problem-solving abilities, meticulous attention to detail, and a comprehensive comprehension of cybersecurity trends. Your primary responsibilities will include evaluating internal IT controls, analyzing operational effectiveness, assessing risk exposure, and formulating remediation strategies. You will be tasked with responding to system or network security breaches, conducting audits, and preparing detailed reports for clients. Moreover, your role will involve hands-on experience in cyber risk management, vendor/3rd party security risk management, compliance assessments, and policy lifecycle. A strong grasp of Linux, Windows, Firewalls, VPN, IDS/IPS, and Security Audits is essential, along with proficiency in ISO27001, PCI-DSS, and other compliance standards. To excel in this role, you must hold a degree in Cyber Security or relevant certifications such as Security+, ISO 27001 LA, or CISA. A minimum of 3 years of experience as an IT Auditor is required, alongside a deep understanding of network security, infrastructure security, and various technical controls. Expertise in Firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, and Security Audits is crucial. You should be well-versed in IT audit methodologies and possess the ability to work efficiently under pressure in a dynamic environment. Your analytical mindset, keen attention to detail, and exceptional problem-solving skills will be key assets in fulfilling the responsibilities of this role.,

As a Senior Consultant in the Cyber Security department located in Gurugram, you will be responsible for various tasks and possess a range of skills and experiences. Your role will involve working on programming languages used for storing and processing raw data, having knowledge of operating systems such as Windows, macOS, Linux, UNIX, and other OSs, conducting penetration testing, understanding ethical hacking and coding practices, mastering advanced persistent threat management, ensuring firewall safety and management, utilizing encryption techniques and capabilities, conducting compliance assessments, and working with frameworks like COBIT and ITIL. You should have at least 5 years of relevant experience in cybersecurity, IT systems operation, and IT solutions development and maintenance. You must be well-versed in configuring and troubleshooting vulnerability management platforms like Tenable or Qualys, as well as patch management control platforms such as Microsoft MECM/SCCM. Experience in supporting patch management, vulnerability management, or configuration management programs is crucial, along with troubleshooting patch deployment and installation through log analysis and investigation. Your expertise should include knowledge of OWASP top 10 and other network security frameworks, hands-on experience in VAPT for application and network security, skills in configuration review, policy review, hardening of systems and networks, endpoint review, application code review, and testing tools. You should possess excellent communication and analytical skills to interact with clients directly, experience in Mobile AppSEC for Android and iOS, API testing, willingness to travel, good presentation and report-making skills, research knowledge in cyber security for consulting and customizing services, and hands-on working knowledge of tools like Burp, Nessus, Nmap, Qualys, Acunetix, Metasploit, and other relevant tools. Additionally, you should have knowledge of SIEM/SOAR, DLP, EDR/EPP, Firewall/IPS, Web Servers, and basic scripting knowledge in any language would be advantageous. Your role will also involve being willing to travel and actively participating in pre-sales activities, ensuring the highest level of security for clients and their systems.,

As a Senior Associate for the Responsible AI Office with 10 to 18 years of experience, you will play a crucial role in supporting the development and market success of responsible AI initiatives. Your responsibilities will involve collaborating with technical teams, business functions, and external stakeholders to ensure that AI offerings meet customer needs and regulatory requirements. This position offers a unique opportunity to work at the intersection of AI technology, commercial strategy, and regulatory compliance, allowing you to contribute to the development, positioning, and delivery of responsible AI capabilities in the market. Your key responsibilities will include: - Supporting the development of market-ready responsible AI tools, frameworks, and assessment methodologies with clear commercial value propositions - Assisting in RFP responses by providing technical content, governance frameworks, and compliance documentation - Contributing to customer presentations and sales conversations by preparing technical briefings and responsible AI positioning materials - Conducting market research and competitive analysis to identify opportunities for RAI offerings and understand customer requirements - Supporting business case development, pricing strategy, and customer needs assessment for responsible AI products and services - Helping develop customer education materials, case studies, and thought leadership content that demonstrate commercial value - Supporting partnership development by identifying potential collaborators and preparing partnership materials - Contributing to go-to-market strategy development, market segmentation, and customer journey mapping In addition, you will be responsible for providing project management support for cross-functional responsible AI initiatives, coordinating meetings, managing calendars, and maintaining project documentation. You will also support industry standards engagement, external partnerships, internal governance policies, and business enablement activities. To be successful in this role, you should have a Bachelor's degree in Computer Science, Engineering, Business, Economics, or a related field, along with 3-4 years of experience in technology, consulting, business strategy, or related fields. Strong analytical and research skills, excellent communication abilities, and a demonstrated interest in AI and technology commercialization are essential. You should also have a good understanding of technology business models, AI/ML concepts, enterprise sales processes, compliance, and governance frameworks. This position offers valuable experience at the intersection of AI technology and business strategy, providing a foundation for career growth in product management, business development, or specialized AI governance roles. You will have the opportunity to build cross-functional skills, contribute to industry standards work, and develop a professional network in the AI and technology sector.,

As an AI Discovery & Inventory Support at Randstad, you will be a crucial part of the global legal team, working towards developing and implementing a governance program for the ethical and responsible use of artificial intelligence (AI) within the organization. Your role will involve identifying AI systems, tools, and use-cases within Randstad, ensuring compliance assessments for high-risk AI systems, and administering these assessments through Randstad's Governance, Risk and Compliance tool for AI governance (Onetrust). Additionally, you will be responsible for supporting the reporting on Randstad's AI landscape and compliance status, collaborating with external vendors, and raising awareness of the responsible AI team's role in supporting business strategies. Working closely with various departments within Randstad, including IT, information security, data protection, and colleagues across markets and global businesses, you will be the primary point of contact for all AI discovery and inventory-related queries. Your role will also involve assisting the responsible AI team with ad hoc requests, including the preparation of presentations and training materials. To excel in this role, you should possess strong organizational and accuracy skills, a sense of ownership of Randstad's AI inventory, and the ability to work independently while focusing on practical solutions. A university of applied science level qualification, experience using privacy, security, and data governance platforms like OneTrust or Trustworks, and proficiency in English language are essential requirements for this position. Your collaborative nature, stakeholder engagement skills, client focus, and affinity for working in an international environment will be key to your success in this role. Randstad values leadership competencies such as delighting people, performing today, leading change, securing the future, strategic mindset, creating clarity, and courage to challenge. If you identify with these competencies and the profile outlined above, we encourage you to apply for this role and take the first step towards becoming a part of our dynamic and diverse team. For more information, please contact our recruitment business partner at swathi.burugu@randstad.com. The recruitment process for this role includes a screening, at least two interviews, an (online) assessment, and a job offer conversation. We look forward to receiving your application and potentially welcoming you to the Randstad family.,

As a Technology Risk and Control Analyst within the Infrastructure Platform Engineering (IPE) team at the London Stock Exchange Group (LSEG), you will play a crucial role in identifying, assessing, and mitigating operational, regulatory, and technology-related risks across the organization. Working under the Infrastructure and Cloud business division, your responsibilities will involve supporting the implementation and maintenance of risk and control frameworks, conducting control testing, and collaborating with various teams to ensure compliance with internal policies and external regulations. Your key responsibilities will include identifying and assessing operational, regulatory, and compliance risks within the IPE teams, supporting the Risk and Control Self-Assessment (RCA) process, designing and documenting effective control procedures in collaboration with Infrastructure and GRC teams, as well as conducting Design Effectiveness Testing (DET) and Operating Effectiveness Testing (OET) to evaluate control performance. Additionally, you will work closely with cross-functional teams across Operations, Risk, Compliance, and IT to embed robust risk management practices, provide guidance and training on risk and control frameworks, recommend continuous improvements to control processes and risk mitigation strategies, and monitor industry trends and regulatory developments to ensure the effectiveness of risk practices. To qualify for this role, you should hold a Bachelor's degree in engineering, Computer Science, or a related field, along with 8-12 years of hands-on experience in Operational risk management, internal controls, IT audit, or compliance. A strong understanding of IT Governance framework and familiarity with IT industry standards such as ISO27001 and COBIT is essential. Experience with control testing, audit practices, compliance assessments, cybersecurity principles, and enterprise IT environments will be beneficial. Professional certifications such as CISA, CRISC, CISM are preferred, while proficiency in data analysis, reporting tools, and project management software is required. Strong analytical, problem-solving, and communication skills, as well as the ability to work collaboratively and manage relationships with stakeholders at all levels, are key attributes for success in this role. As part of LSEG, a leading global financial markets infrastructure and data provider, you will be contributing to driving financial stability, empowering economies, and enabling sustainable growth. With a diverse and inclusive organizational culture, you will have the opportunity to bring your true self to work, contribute to a collaborative and creative environment, and help re-engineer the financial ecosystem to support and drive sustainable economic growth. LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days, and wellbeing initiatives to ensure the well-being and development of its employees.,

Title: OT Operation and Security Consultant Job Title: Senior Consultant/ Assistant Manager OT (Operational Technology) Security & Consulting Location: Anywhere in India (Any Protiviti office) Travel: Up to 70% travel to the Middle East (UAE, KSA, Oman, Qatar, Kuwait, Bahrain etc.) Experience: 8+ Years Preferred Certificate: ISA/IEC 62443 Certification (any level), CISA, CRISC, CEH Employment Type: Full-time | Auditing & Consulting | Client-facing Position Summary: We are looking for a highly skilled Senior Consultant/ Assistant Manager OT Security & Consulting to join our Audit and Risk Advisory practice. The role requires hands-on experience in Operational Technology (OT) environments, focusing on Operational aspects, security assessments, governance reviews, and regulatory compliance audits for critical infrastructure. This role will be based in India, with frequent travel to client sites across the Middle East (up to 70%). The ideal candidate will bring deep domain knowledge in OT/ICS cybersecurity, solid audit experience, and the ability to work across industrial sectors including Oil & Gas, Utilities, Aviation, and Telecom. Key Responsibilities: OT Security Assessments Perform security audits of OT environments, including SCADA, PLC, DCS systems, and IIoT integrations. Review OT-specific policies and procedures for access management, configuration baselines, and asset inventories. Assess implementation of network segmentation, firewalls, and endpoint protection mechanisms in OT infrastructure. Evaluate OT vulnerability management, patching practices, and secure configurations. Assess backup & disaster recovery mechanisms for OT systems with focus on RTO/RPO alignment. Conduct OT-specific incident response readiness reviews, including logging, alerting, and simulation exercises. Review logging and monitoring practices using SIEM or similar tools for OT systems. OT Governance & Strategic Alignment Review OT strategy documents and validate alignment with business objectives and regional regulations (e.g., GACAR, ICAO). Evaluate OT governance structures including roles, responsibilities, and oversight mechanisms. Assess integration of cybersecurity risk into strategic planning. Review OT-related stakeholder engagement and communication mechanisms. Regulatory & Compliance Perform compliance assessments against global and regional standards: IEC 62443, NIST 800-82, NCA ECC, ISO 27019, GACAR, ICAO. Develop detailed audit reports, control gap analyses, and risk treatment recommendations. Support development of risk and control matrices (RCMs) and minimum baseline security standards. Experience: Minimum of 8+ years in OT/ICS cybersecurity, consulting, or auditing roles. Strong hands-on exposure to OT protocols (Modbus, DNP3, OPC, etc.), SCADA/DCS/PLC systems. Experience with risk assessment, control testing, and policy development in industrial environments. Prior consulting experience in sectors such as Energy, Utilities, Oil & Gas, Aviation, or Manufacturing is highly preferred. Certifications (Mandatory: One or more recent): GICSP – GIAC Global Industrial Cyber Security Professional ISA/IEC 62443 Certification (any level) CISM or CISSP (preferred) CISA – Certified Information Systems Auditor (audit-focused candidates) ISO 27001:2022 Lead Auditor CRISC – Certified in Risk and Information Systems Control (desirable) Interested candidates can directly share their updated resumes at kirti.goyal@protivitiglobal.in

Skill & Experience Governance, Risk Management & Compliance (GRC) Compliance Assessments Date Privacy NIST 800-53 Privacy Compliance Security Compliance Payment Card Industry Data Security Standard (PCI DSS) Bachelor's degree from an accredited college or university in information technology, decision and information sciences, computer science, or related discipline, or equivalent work experience Deep understanding of one more cybersecurity domain (e.g., identity and access management, infrastructure/cloud security, applications security) Experience with controls architecture and design, and testing Good verbal and written communication skills Technical acumen to drive conversations with stakeholders that bring little security/compliance experience on regulatory requirements and how to satisfy them Knowledge on NIST SP 800-53, CMS MARS-E 2.2, FedRAMP, HIPAA, PCI, State RAMP, SOC 2 Type II, and other relevant industry and government cyber security compliance standards and frameworks Understanding of GRC solutions.