44 Crisc Jobs - Page 2

Identifying, assessing, and solving complex business problems for area of responsibility, where analysis of situations or data requires an in-depth evaluation of variable factors Overseeing the development of Security solutions, architecture, design, asset documentation etc. Experience in assessment and implementation of security industry and regulatory compliance standards like ISO 27001, NIST, HIPAA, GDPR, CSA STAR compliance, PCI DSS, GDPR, CCPA, HITRUST Drafting policies, procedures and assist with security process development Experience in cloud assurance. Building security strategy, security operating model for cloud- based solutions, deployments, or migration Leading Security RFP response and security solutioning specific to client needs Experience in Gap, risk and maturity Assessments, Remediation recommendations and drafting To-Be Security architecture for clients Exposure to risk management, risk quantification Helping solve key business problems and challenges by enabling a security architecture transformation, painting a picture of, and charting a journey from the current state to a "to-be" enterprise environment Experience in participating in client presentations & orals for proposal defense etc. Implementing programs/interventions that prepare the organization for the implementation of new business processes Assisting our clients to build the required capabilities for growth and innovation to sustain high performance Managing multi-disciplinary teams to shape, sell, communicate, and implement programs Provide thought leadership to the downstream teams for developing offerings and assets Mentoring and developing our people Professional certifications like CISSP, CISA, CISM, CEH, ISO27001, CRISC, CCSK Qualifications TBC

We are hiring for a tech-enabled global consulting firm specializing in ESG, Accounting, and Reporting Consulting (ARC) . We leverage top global talent to provide expert solutions in governance, risk, compliance, sustainability, and financial reporting . Our focus on cutting-edge technology and deep industry expertise enables businesses to navigate complex regulations and drive sustainable growth. Job Title: Manager / AM / Consultant Governance, Risk, and Compliance (GRC) Location: Gurgaon, Bangalore, Mumbai and Chennai Job Type: Full-time / Consulting Job Overview: We seek an experienced Manager / AM / Consultant GRC to lead risk management, compliance, and governance initiatives. The role involves advising clients on regulatory frameworks, conducting risk assessments, and implementing GRC strategies. Key Responsibilities: Develop & implement GRC frameworks, policies, and controls. Ensure compliance with ISO 27001, NIST, GDPR, SOX, HIPAA, PCI-DSS & other regulations. Conduct risk assessments, internal audits, and compliance gap analyses . Advise on enterprise risk management (ERM) and business continuity strategies. Lead GRC consulting projects, stakeholder engagement, and training sessions. Recommend and implement GRC tools (Archer, ServiceNow, OneTrust). Qualifications & Skills: 8+ years in GRC, risk advisory, compliance, or cybersecurity. Strong knowledge of risk frameworks, regulatory compliance, and industry standards . Experience with GRC tools & process automation . Preferred certifications : CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor . Excellent analytical, leadership, and communication skills . Why Join Us? Lead high-impact GRC projects. Competitive salary & growth opportunities. Work in a dynamic consulting environment. If youre a seasoned GRC professional , wed love to hear from you! Please share resumes- casamenteroconsulting@gmail.com

Who You Are Who You Are Youre good at what you do and possess the required experience to prove it. However, equally as important you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused someone who prioritizes customer success in their work. And finally, youre open and borderless naturally inclusive in how you work with others. Required Skills and Experience Mastery of security tools and technologies, such as firewalls, intrusion detection/prevention systems, endpoint security, , and SIEM solutions 6-7 years of experience in deploying and configure WAF solutions in various environments (cloud, on-premises, hybrid).Monitor and tune WAF rules and policies to optimize performance and security.(preferably-F5), IPS and DDOS knowledge Analyze security logs and incidents to identify potential threats and vulnerabilities. Collaborate with the incident response team to investigate and remediate security incidents. Proven experience with WAF solutions (F5 on-prem, Azure Application Gateway, F5, Imperva, etc.). Strong understanding of web application vulnerabilities (e.g., OWASP Top Ten). Proficiency in security protocols, firewalls, intrusion detection systems, and network security. Familiarity with scripting languages (e.g., Python, Bash) for automation tasks. Excellent analytical and problem-solving skills. Preferred Skills and Experience Valid and current certification in: CRISC Certified in Risk and Information System Controls ; CGEIT Certified in the Governance of Enterprise IT ; CERA Chartered Enterprise Risk Analyst; CISM Certified Information Security Manager; CISA Certified Information Security Auditor; CISSP Statistical analysis and models Basic skills in network, compute, cloud computing Understanding and daily use of Microsoft Office 365 Suite and other productivity tools (e.g., Excel, Word, PowerPoint, SharePoint) to accomplish audit and compliance related tasks Experience with project management and ability to manage security initiatives or projects

The Role Are you passionate about security architecture and driven to protect against the latest threats? We are seeking a Security Architect who will join our team and take the lead on developing, implementing, and maintaining our security strategy within our Service Provider organization. As our Security Architect, you will work closely with our leadership team to design and implement effective security solutions that not only protect our business objectives and regulatory requirements, but also provide innovative solutions to stay ahead of emerging threats. You will conduct risk assessments and threat modeling to identify and prioritize risks to our business and IT assets, using your extensive experience in security architecture design and implementation within a Service Provider environment to create a cutting-edge security architecture framework. You will also work to maintain policies, standards, and guidelines related to information security within our organization, collaborating with cross-functional teams to implement security controls and technologies such as encryption, authentication, and authorization solutions. Your role will also involve conducting security reviews of vendors and third-party partners to ensure they meet our rigorous security standards, as well as performing regular security and risk reviews of our Service Provider environment to identify vulnerabilities and recommend remediation activities. At the forefront of security trends and technologies, you will advise our senior leadership team on the latest security best practices, and stay ahead of emerging security threats, always keeping our organization one step ahead. Join us on this exciting journey of securing our Service Provider organization and protecting our customers assets. Who You Are Youre good at what you do and possess the required experience to prove it. However, equally as important you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused someone who prioritizes customer success in their work. And finally, youre open and borderless naturally inclusive in how you work with others. Required Skills and Experience Strong expertise in IT risk management, risk assessment, and mitigation strategies. Experience in conducting risk analysis for business requests, new applications, and projects. Ability to register Risk Acceptance Forms (RAF) and follow up on action plans. Hands-on experience in supplier security assessments and security exception validation. Expertise in IT security compliance frameworks such as ISO 27001, GDPR, and other relevant regulations. Incident management skills, including the ability to investigate, document, and resolve security incidents. Proficiency in developing and enforcing IT risk management policies and procedures. Experience in monitoring IT systems for potential risks and vulnerabilities. Excellent analytical and problem-solving skills. Ability to create risk reports and communicate findings to senior management effectively. Preferred Technical & Professional Experience Hands-on experience in responding to customer security RFPs and reviewing security clauses. Experience in supplier security assessment and third-party risk management (TPRM). Relevant cybersecurity certifications such as CISSP, CISM, or CRISC. Strong communication and interpersonal skills to collaborate with cross-functional teams including IT, legal, and business teams. Experience in delivering training programs on IT risk management best practices.

Join Amgen’s Mission of Serving Patients At Amgen, if you feel like you are part of something bigger, it’s because you are. Our shared mission—to serve patients living with serious illnesses—drives all that we do. Since 1980, we’ve helped pioneer the world of biotech in our fight against the world’s toughest diseases. With our focus on four therapeutic areas –Oncology, Inflammation, General Medicine, and Rare Disease– we reach millions of patients each year. As a member of the Amgen team, you’ll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives. Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, you’ll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career. What you will do Let’s do this. Let’s change the world. In this vital role you will be responsible for identifying, analyzing, and mitigating IT-related risks to the organization. This role will involve working closely with various groups to ensure that risk controls are in place, policies are adhered to, and security standards are met. The IT Risk Analyst will assist in developing and maintaining risk management frameworks, performing assessments, and supporting regulatory compliance efforts. Roles & Responsibilities Risk Identification and Assessment : Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies. Assist in the identification and evaluation of risks associated with third-party vendors and partners. Maintain the IT risk register, documenting risks, issues, and remediation actions. Risk Mitigation and Monitoring : Recommend risk mitigation strategies and implement risk management controls across IT infrastructure. Collaborate with IT, cybersecurity, and business teams to track and resolve identified risks and vulnerabilities. Monitor and report on the effectiveness of existing IT risk controls and recommend enhancements as needed. Compliance and Regulatory Support: Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, SOX, PCI-DSS, NIST). Assist in the preparation for audits by internal and external parties, providing documentation and evidence of IT risk management practices. Support the development and implementation of IT governance, risk, and compliance frameworks. Vendor Risk Management : Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies. Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications Education: Bachelor’s degree in information technology, Cybersecurity, Risk Management, or a related field. Certifications such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional) are highly desirable. Experience: 2 - 4 years of experience in IT risk management, IT auditing, or information security. Hands-on experience with risk management tools and frameworks (e.g., ISO 27001, NIST, COBIT). Skills and Competencies: Solid understanding of IT infrastructure, systems, and security standard processes. Ability to assess technical and business risk related to information systems. Excellent problem-solving, analytical, and communication skills. Ability to communicate complex risk concepts to non-technical collaborators. Ability to assess and interpret security-related clauses in third-party contracts, such as Security Requirements Schedules (SRS). Familiarity with regulatory frameworks and compliance standards (e.g., GDPR, HIPAA, SOX, PCI-DSS). Technical Knowledge: Proficiency with risk management tools, GRC (Governance, Risk, and Compliance) software, and security incident management tools. Experience with security controls related to networks, databases, and cloud environments. Soft Skills: Excellent analytical and fixing skills. Strong verbal and written communication skills. Ability to work effectively with global, virtual teams . High degree of initiative and self-motivation. Ability to manage multiple priorities. Team oriented, with a focus on achieving team goals. Strong presentation and public speaking skills. Collaboration with distributed team. What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

If you are interested in Information Risk Management (IRM) and desire to sit into the drivers seat where we provide assurance to the organization on the risks we carry in IT world, IDT Assurance Services (IAS) is the team you would want to be in. Join our IAS team, where it is a great opportunity for those looking to develop IT Risk review/audit skills. This role is in the CISO / IDT Assurance / IDT Assurance Services organization. What's the role As a Snr IDT Assurance Advisor, your role is pivotal in fortifying the IT risk environment. You will conduct comprehensive risk management reviews, identify gaps and meticulously track remediation progress. Your key responsibilities include: Conducting Assurance Reviews : Perform thorough assurance reviews on projects and topics to enhance risk management practices. Regulatory Monitoring : Stay vigilant about new regulatory requirements and changes, proposing necessary adjustments to current risk reviews to ensure management receives accurate assurance. Risk Management Advisory : Provide expert advice to IT operations on risk management and contribute to the development of remediation plans for any identified control deficiencies. Collaboration with BIRMs/Business Focals : Work closely with Business Information Risk Managers (BIRMs) and business focal points to identify, assess, and review risks. ESSA Initiatives : Lead ESSA (Enterprise Security and Systems Assurance) initiatives related to assurance services, ensuring regular and accurate reporting. Oversight of Tools and Reports : Oversee the accuracy and relevance of tools and reports used by the team and stakeholders, making updates based on evolving business needs. Adherence to Assurance Plan : Ensure strict adherence to the approved assurance plan and provide detailed reporting on its execution. What you'll be doing This role demands a high level of expertise in IT security and risk management, with a focus on proactive risk management and continuous improvement. Responsibilities : Provide comprehensive assurance to the organization regarding IT risks. Continuously monitor new regulatory requirements and develop a robust assurance plan for the organization. Define and establish criteria for assessing information risks. Support the ITGC Testing Lead, especially during peak periods, to ensure seamless operations. Collaborate with cross-functional teams to enhance the overall risk management framework. Communicate effectively with stakeholders to ensure understanding and alignment with assurance processes and risk management strategies. Stay updated with industry best practices and integrate them into the organization's assurance strategies. Opportunity : Leadership and Influence : Youll be in a pivotal position to shape the organizations approach to IT risk management, providing assurance and influencing key decisions. Broad Scope : Beyond IT General Controls (ITGCs), youll have the chance to identify and mitigate risks in various areas, broadening your expertise and impact. Regulatory Insight : By continuously monitoring new regulatory requirements, youll stay at the forefront of industry standards and help the organization remain compliant and competitive. Strategic Development : Youll define and establish criteria for assessing information risks, contributing to the strategic development of the organizations risk management framework. Collaboration : Working with cross-functional teams will enhance your collaborative skills and allow you to contribute to a comprehensive risk management strategy. Support and Mentorship : Supporting the ITGC Testing Lead, especially during peak periods, will provide opportunities for mentorship and leadership within the team. Overall, this role offers a dynamic and impactful career path in Information Risk Management, with opportunities to lead, innovate, and collaborate across the organization. As the energy industry transitions to cleaner forms of energy, Shell is actively leveraging technology across its business. This exposes us to risk in Information security and regulatory requirements that come along with it. Snr. IDT Assurance Advisor plays a vital role in ensuring compliance with IRM policies and standards. This role involves delivering Assurance services and driving improvement projects, and developing assurance capabilities. Effective collaboration with stakeholders, managing impact from Shell-wide projects, and staying informed about internal policies and external risks are key challenges. What you bring Experience : 8+ years' experience in IT audits, ITGC testing, or conducting risk assessments/reviews. Monitoring regulatory changes, assessing organizational readiness, and providing assurance to management. Education : Academic Background : Bachelors Degree in Technology is required; a postgraduate degree is highly desirable. Certifications : Preferred certifications include those in IT security and Risk Management. Technical Skills : Comprehensive knowledge of information risk management and related processes. General knowledge of IT security standards (e.g., ISO 27001, COBIT). Certifications: ISO 27001, CISA, CRISC. Familiarity with widely used applications (e.g., SAP, Power Platform, Cloud). Continuous improvement mindset and project management experience. Soft Skills : Proactive problem-solving : Identify upcoming challenges and propose solutions. Learner Mindset : Professional curiosity and eagerness to learn. Highly motivated team player : Volunteer support and collaborate effectively. Prioritization skills : Handle multiple tasks simultaneously. Interpersonal skills : Communicate clearly and build relationships across stakeholders.

Join Amgen’s Mission of Serving Patients At Amgen, if you feel like you are part of something bigger, it’s because you are. Our shared mission—to serve patients living with serious illnesses—drives all that we do. Since 1980, we’ve helped pioneer the world of biotech in our fight against the world’s toughest diseases. With our focus on four therapeutic areas –Oncology, Inflammation, General Medicine, and Rare Disease– we reach millions of patients each year. As a member of the Amgen team, you’ll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives. Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, you’ll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career. What you will do Let’s do this. Let’s change the world. In this vital role you will be responsible for identifying, analyzing, and mitigating IT-related risks to the organization. This role will involve working closely with various groups to ensure that risk controls are in place, policies are adhered to, and security standards are met. The IT Risk Analyst will assist in developing and maintaining risk management frameworks, performing assessments, and supporting regulatory compliance efforts. Roles & Responsibilities Risk Identification and Assessment : Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies. Assist in the identification and evaluation of risks associated with third-party vendors and partners. Maintain the IT risk register, documenting risks, issues, and remediation actions. Risk Mitigation and Monitoring : Recommend risk mitigation strategies and implement risk management controls across IT infrastructure. Collaborate with IT, cybersecurity, and business teams to track and resolve identified risks and vulnerabilities. Monitor and report on the effectiveness of existing IT risk controls and recommend enhancements as needed. Compliance and Regulatory Support: Ensure compliance with relevant industry standards and regulatory requirements (e.g., GDPR, SOX, PCI-DSS, NIST). Assist in the preparation for audits by internal and external parties, providing documentation and evidence of IT risk management practices. Support the development and implementation of IT governance, risk, and compliance frameworks. Vendor Risk Management : Conduct vendor risk assessments, ensuring third-party services and products align with internal risk and security policies. Regularly review vendor performance and risk exposure, working with procurement and legal teams as necessary. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications Education: Bachelor’s degree in information technology, Cybersecurity, Risk Management, or a related field. Certifications such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional) are highly desirable. Experience: 2 - 4 years of experience in IT risk management, IT auditing, or information security. Hands-on experience with risk management tools and frameworks (e.g., ISO 27001, NIST, COBIT). Skills and Competencies: Solid understanding of IT infrastructure, systems, and security standard processes. Ability to assess technical and business risk related to information systems. Excellent problem-solving, analytical, and communication skills. Ability to communicate complex risk concepts to non-technical collaborators. Ability to assess and interpret security-related clauses in third-party contracts, such as Security Requirements Schedules (SRS). Familiarity with regulatory frameworks and compliance standards (e.g., GDPR, HIPAA, SOX, PCI-DSS). Technical Knowledge: Proficiency with risk management tools, GRC (Governance, Risk, and Compliance) software, and security incident management tools. Experience with security controls related to networks, databases, and cloud environments. Soft Skills: Excellent analytical and fixing skills. Strong verbal and written communication skills. Ability to work effectively with global, virtual teams . High degree of initiative and self-motivation. Ability to manage multiple priorities. Team oriented, with a focus on achieving team goals. Strong presentation and public speaking skills. Collaboration with distributed team. What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Roles and Responsibilities: The GRC Analyst assesses and prioritizes information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics. • A Lead implementer and internal auditor who is responsible for supporting the ISMS & Information Security audit team in the organization. • Candidate must have implemented ISO policies and procedures across a corporate company. • Must handle Client compliance and Security Assessment, Client Security control implementation in the facility, ISO/IEC 27001:2013, SOC 1 Type 2, SOC 2 TYPE 2. • Preparing the organization for ISO certification, delivering meetings and submits audit report at the end of quarter or year and prepares the audit plan. • Conducting regular internal audits on Information Security Management System (ISMS), SOC and support the team on tracking the NCs to closure effectively is the main responsibility of a lead auditor and that needs to be done daily. • Hands-on experience in preparing Information Security awareness, Incident prevention. • Report Review knowledge on VAPT Assessments. • Evaluating the Business Continuity Plan (BCP) test results based on the test objectives. • Responsible for standard upgradation from ISO 27001:2013 to ISO 27001:2022 and coordinating with internal and external stakeholders during audits. • Participating in the project team for information security requirements. • Conduct monthly assessments for security policies for all employees. • Real-time experience with leading external audits. Job Title: GRC Analyst Location: Tiruchirappalli (Onsite) Shift: 06:30 PM IST TO 03:30 AM IST Qualifications: • Bachelor's degree in information technology or other related field. • Minimum of 2+ years of experience • Skills in documenting risk and compliance activities. • Information security related training or certifications such as CISSP or CRISC.

We are hiring for a tech-enabled global consulting firm specializing in ESG, Accounting, and Reporting Consulting (ARC) . We leverage top global talent to provide expert solutions in governance, risk, compliance, sustainability, and financial reporting . Our focus on cutting-edge technology and deep industry expertise enables businesses to navigate complex regulations and drive sustainable growth. Job Title: Senior Manager Governance, Risk, and Compliance (GRC) Location: Gurgaon, Bangalore, Mumbai and Chennai Job Type: Full-time / Consulting Job Overview: We seek an experienced Senior Manager GRC to lead risk management, compliance, and governance initiatives. The role involves advising clients on regulatory frameworks, conducting risk assessments, and implementing GRC strategies. Key Responsibilities: Develop & implement GRC frameworks, policies, and controls. Ensure compliance with ISO 27001, NIST, GDPR, SOX, HIPAA, PCI-DSS & other regulations. Conduct risk assessments, internal audits, and compliance gap analyses . Advise on enterprise risk management (ERM) and business continuity strategies. Lead GRC consulting projects, stakeholder engagement, and training sessions. Recommend and implement GRC tools (Archer, ServiceNow, OneTrust). Qualifications & Skills: 8+ years in GRC, risk advisory, compliance, or cybersecurity. Strong knowledge of risk frameworks, regulatory compliance, and industry standards . Experience with GRC tools & process automation . Preferred certifications : CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor . Excellent analytical, leadership, and communication skills . Why Join Us? Lead high-impact GRC projects. Competitive salary & growth opportunities. Work in a dynamic consulting environment. If youre a seasoned GRC professional , wed love to hear from you! Please share resumes- casamenteroconsulting@gmail.com

Role Summary & Key Responsibilities Lead the design and architecture of GRC solutions that integrate risk assessments, DR planning, privacy controls, and regulatory compliance measures. Oversee technical teams to develop standardized processes and deliver high quality compliance outputs. Ensure that technical solutions align with Boeings regulatory and operational requirements. Key Skills & Qualifications Over 10 16 years experience in cybersecurity architecture and governance. Strong technical expertise in compliance frameworks (e.g., NIST, SOX, DFARS) and familiarity with ITSM and risk management tools. Demonstrated leadership and project management skills; relevant certifications such as CISSP, CISM, or CRISC are highly preferred

Role Summary & Key Responsibilities Lead the design and architecture of GRC solutions that integrate risk assessments, DR planning, privacy controls, and regulatory compliance measures. Oversee technical teams to develop standardized processes and deliver high quality compliance outputs. Ensure that technical solutions align with Boeings regulatory and operational requirements. Key Skills & Qualifications Over 10 16 years experience in cybersecurity architecture and governance. Strong technical expertise in compliance frameworks (e.g., NIST, SOX, DFARS) and familiarity with ITSM and risk management tools. Demonstrated leadership and project management skills; relevant certifications such as CISSP, CISM, or CRISC are highly preferred.

The Information Protection Associate Advisor is responsible for providing general technical, operational and review support to Cigna's Information Protection (CIP) Organization. This role will support in enforcing standard information protection controls through infrastructure, application and third-party security assessments . You will work with development teams to ensure they are using the appropriate application security tooling correctly through their SSDLC . Balance multiple project priorities appropriately. Work with the Cigna Information Protection team as required to support reviews, product implementations and security audits. Support the Management team (Regional Information Security Officer and Senior Manager) on dashboard reporting, coordination of incident responses, risk assessments and CIP led initiatives. Job Description: Infrastructure / Application reviews: Partners with the enterprise to implement standard security solutions and capabilities that are aligned with business, technology and threat drivers Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends enhancements Communicates risk assessment findings to information security customers, or business partners. Explore risk mitigation controls Serves as an information security expert and trusted advisor to partners in IT and the business Evaluate compliance of operation processes with Information Protection policies and related government regulations Identifies and implements appropriate controls to effectively manage information risks as needed Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing residual risk Maintains strong working relationships with individuals and groups involved in managing information risks across the organization Stays abreast of current and emerging security threats and designs security architectures to mitigate them Service Partner Security Assessment: Perform general walkthrough evaluations of new applications and processes under consideration. Provide recommendation to business. Meet with vendors and employees to resolve or track compliance issues. Attend demonstrations of applications and prepare reports on potential for data leakage or infrastructure security issues. Review any regular security reports for abnormality. Work with supplier chain management on contracts to include security terms. Escalation to the fellow CIP team on security issues related to service partners. Provide development teams with application security vulnerability validation and remediation guidance from various application security tooling (SAST, SCA, IAC, DAST, MAST, etc) Support the Management team (Regional Information Security Officer and Senior Manager): Work with individual local security teams assigned to ensure security controls applied are compliant to CIP policies and standards Work with the RISO on managing security incidents Regular risk & activity reporting Issue tracking with local security teams Review and approval of application/infrastructure changes in terms of security Coordinate CIP initiatives with other countries as required Maintain strong working relationships with individuals and groups involved in managing information risks across the organization Partner with the CIP and IT teams to implement standard security solutions and capabilities that are aligned with business, technology and threat drivers Stay abreast of current and emerging security threats and security architectures to mitigate the threats Skills Needed: Health Insurance or Health Care Industry experience preferred Ability to multitask and timely execute Ability to grasp and understand complicated relationships Proven Communication skills, able to write and verbally communicate effectively Organizational courage to escalate and resolve risk issues Flexible can adapt to changing organization changing business needs, technological advances and agile methodology Demonstrates technical skills in infrastructure, application and third party security assessments. Self-starter and shows empathy towards business requirements and able to influence changes to facilitate security Experience with assessing and mitigating risk Experience with contracting and negotiations Travel required, approximately 10% Qualifications: BS degree or equivalent experience CISSP, CISA, CISM, CRISC or similar certifications preferred Broad high level knowledge, hands-on experience, and exposure to a wide range of IT subject areas, business, application security Strong written and spoken English skills Qualified candidates will typically have 8 to 11+ years of professional IT experience work experience, and 4 years in information security Experience with process and change management, reporting and incident handling. Demonstrated ability to communicate at high levels, both verbally and in reporting Excellent problem identification, solving and critical reasoning skills. Ability to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment. Techno Functional role Cyber security Analysts SDLC must have At least 1+ yrs of working experience SAST, DAST, MAST, SCA: Application Security scanning Tools must have Check vulnerability assessments. Help Developers to check if the integration process is aligned with the results. Check if the team is using the right tools and review the results. Threat Model & Programming languages is good to have not mandate. Software Development Lifecycle

Role: 1.Develop Data Governance Framework: Design and implement a comprehensive data governance framework that aligns with the bank's overall data strategy and regulatory requirements. 2. Data Quality and Security: Ensure data quality and security by developing and implementing data validation rules, data encryption standards, and access controls. 3. Data Compliance: Ensure compliance with regulatory requirements, such as GDPR, CCPA, and BCBS 239, by developing and implementing data governance policies and procedures. 4. Data Governance Training: Develop and deliver data governance training programs to ensure that employees understand their roles and responsibilities in maintaining data quality and security. 5. Data Governance Metrics: Develop and track data governance metrics to measure the effectiveness of the data governance framework and identify areas for improvement. 6. Collaboration with Stakeholders: Collaborate with stakeholders, including business leaders, data owners, and technical teams, to ensure that data governance policies and procedures are aligned with business requirements. 7. Data Governance Tools: Evaluate, recommend and implement data governance tools and technologies to support the data governance framework. 8. Risk Management: Identify and mitigate data-related risks, including data breaches, data loss, and data corruption. Expereince : 13+ years of experience in data governance, risk, or compliance, preferably in a banking or financial services organization Strong knowledge of data governance frameworks, data quality, data security, and data compliance. Experience with data governance tools and technologies, such as Alation, Collibra, Informatica, or Talend Certification in data governance, risk, or compliance, such as CDPSE, CGEIT, or CRISC. Strong understanding of banking and financial services business operations and regulatory requirements Excellent communication, leadership, and collaboration skills. Ability to work effectively with stakeholders at all levels of the organization

Role Summary & Key Responsibilities: • Lead the design and architecture of GRC solutions that integrate risk assessments, DR planning, privacy controls, and regulatory compliance measures. • Oversee technical teams to develop standardized processes and deliver high-quality compliance outputs. • Ensure that technical solutions align with Boeings regulatory and operational requirements. Key Skills & Qualifications: • Over 10- 16 years experience in cybersecurity architecture and governance. • Strong technical expertise in compliance frameworks (e.g., NIST, SOX, DFARS) and familiarity with ITSM and risk management tools. • Demonstrated leadership and project management skills; relevant certifications such as CISSP, CISM, or CRISC are highly preferred

Role & responsibilities Role Summary & Key Responsibilities: • Lead the design and architecture of GRC solutions that integrate risk assessments, DR planning, privacy controls, and regulatory compliance measures. • Oversee technical teams to develop standardized processes and deliver high-quality compliance outputs. • Ensure that technical solutions align with Boeings regulatory and operational requirements. Key Skills & Qualifications: • Over 10- 16 years experience in cybersecurity architecture and governance. • Strong technical expertise in compliance frameworks (e.g., NIST, SOX, DFARS) and familiarity with ITSM and risk management tools. • Demonstrated leadership and project management skills; relevant certifications such as CISSP, CISM, or CRISC are highly preferred.

Divisional Risk and Control Analyst TDI Controls Testing & Assurance, AS Role Description Infrastructure Chief Operating Office (COO) is responsible for the effective operation of the infrastructure functions, driving operational efficiency whilst supporting the effective delivery of infrastructure services in line with business objectives and control requirements. It also includes oversight of Infrastructure Divisional Control Office (DCO) and Trade Settlement and Confirmations Operations (TSCO). Infrastructure Divisional Control Office (IDCO) as part of Infrastructure COO, provides services to multiple functions in infrastructure. The IDCO function is a dedicated risk, control, and regulatory oversight function, with prime responsibility for managing and proactively mitigating risk across the full breadth of the Technology and Infrastructure organization. Function also provides a consolidated view and central coordination of (non-financial) risks, as well as effective, efficient, and consistent standards and policies. (Technology Data & Innovation) TDI Control Testing & Assurance team part of IDCO identifies, tracks and reports control testing & assurance activities, conducts independent controls testing (design and operating effectiveness) on different risk types in line with the Control Testing Standards. The team also focuses on regulatory and risk-based assurance requirements. This role is within TDI Control Testing & Assurance team. Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Flexible working arrangements Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Perform Control Testing in line with Control Testing methodology/minimum standard Identify control deficiencies (findings), risks related to elements of controls, participate in findings agreement with stakeholders, escalate potential issues and exception items noted during the testing to senior management for discussion and further investigation, if deemed necessary Prepare Control Testing workpapers for senior management detailing testing results, document findings with highest quality Track Control Testing identified findings, perform required follow-up on open findings Consider regulatory and internal firm policy requirements as well as established best practices for control assurance. Support controls assurance activities Support in monitoring Control testing teams adherence to Control Testing methodology/minimum standards Support, contribute in managing Control Testing vendor resources, where applicable Track testing related effort/budget Plan Vs. Actuals throughout the testing lifecycle Build and maintain solid working relationships with key stakeholders such as within the DCO, IDCO, TSCO, GTI and other Testing Teams including Divisions/sub-divisions, 2 LoD and Group Audit (GA) Your skills and experience University degree preferably in Computer Science, Mathematics, Engineering or a related subject or equivalent qualification in the areas of information security. Professional/industry recognized qualifications e.g., CISA, CISSP, CISM, CRISC are beneficial. Experience in Cloud Security audit/testing, GCP (Google Cloud Platforms) or Professional/industry recognized qualifications e.g., CCSP, CCSK will be an advantage Good knowledge of auditing IT application controls, e.g., from IT audits or IT risk management. Understanding of the relationship between IT risk and underlying business process risk. Knowledge of regulations governing financial institutions is beneficial. Strong written and verbal communication skills and the ability to communicate effectively in conflict situations. Strong organizational skills and attention to detail. Ability to work under pressure, multi-task and prioritize workload. Strong analytical skills and structured thought process with the ability to clearly articulate control deficiencies and related risk Flexible, proactive, and innovative mind set with strong organizational skills to take ownership and responsibility for agreed targets and to meet them within budget to enable a timely and efficient completion of projects. This is an IC (individual contributor) role.

ROLE SUMMARY: The Associate Director of Technology Risk Advisory (TRA) will lead and oversee the development and growth of a high-performing Technology Risk Advisory practice. The role involves strategic planning, team building, client engagement, and service delivery while ensuring excellence in Cybersecurity, Governance, Risk, and Compliance (GRC), Technology Operations (TechOps), Security Operations (SecOps), and Global Privacy Regulations. This leader will focus on delivering client-centric solutions and building a robust practice. JOB DESCRIPTION : Practice Management : Operations : Develop a strategic roadmap to build and scale the Technology Risk Advisory practice. Design service offerings in Cybersecurity GRC, TechOps, SecOps, and Privacy Advisory. Establish robust frameworks, methodologies, and tools for delivering advisory services. Develop and implement cybersecurity frameworks based on ISO 27001, NIST CSF, COBIT, and other standards. Guide security operations, including SIEM, threat intelligence, and incident response. Offer advisory on technology operations, including IT infrastructure optimization and Dev SecOps integration. Ensure compliance with global privacy regulations (GDPR, CCPA, HIPAA, etc.). Design privacy programs, data protection mechanisms, and compliance monitoring systems. Maintain a strong understanding of emerging regulations and their impact on clients. Sign off on client cybersecurity strategies, encompassing threat management, incident response planning, business continuity, and disaster recovery. Ensure the effective execution of multiple projects simultaneously, adhering to project timelines, scope, and budget requirements. Profitability/Revenue Management : Increase topline revenue for the Practice as per predefined goals, while maintaining the practice gross margin. Budget management & optimization. Take responsibility for the IT Governance, Risk Management and Compliance budget. Business Relationship Management for IT Governance and Risk - this role will be a critical interface between the Firm's Leadership and the TRA team and will be required to present to the Leadership and the Executive teams periodically. Identify, prioritize, define and refine the Information Security strategy through the evaluation of new approaches and solutions in collaboration with the Managing Committee. Sales & Marketing Support : Drive growth through business development, partnerships, and client acquisition strategies. Identify market trends and position the practice as a thought leader in the industry. Develop marketing strategies, including whitepapers, webinars, and industry events. Support the Sales teams for deal closures Create visibility for the practice on various platforms and among a larger network Provide technical support to the sales & marketing team on practice service verticals Support the business development process, including proposal development, client pitches, and contribution to marketing efforts. Development of the Practice and promotion of the the Firm's brand name via articles in publications, regular update management for clients, speaker at seminars, etc. People Management: Ensure that personal and team objectives and strategy are aligned to departmental and organizational goals, and actively tracked and reported on across the year. Build and manage a team including recruitment, appraisals, developing training material, providing training to team members, and technically guiding the teams in completing their assigned deliverables Review of efficient and effective planning, selection and team management of all resources throughout the year including temporary resource redeployment within team/with other departments, Build and mentor a high-performing team with a blend of technical and advisory expertise. Retention of existing employees and measurable attrition management Address issues at emotional/infrastructural level at work being faced by teams, take responsibility for team building and career development of the team. Identify training needs of teams and assist in skill building wherever required. Ensure strategic resource planning, coupled to long term forecasting via the Annual Business Plan and 3/5 year plans, and in collaboration with HR. Succession planning for all critical roles within the team. Client Management & Quality Client Management: Act as a trusted advisor to clients, providing expert insights into technology risk management. Develop solutions aligned with client needs, industry standards, and regulatory requirements. Drive impactful outcomes, engage with senior client stakeholders, including CXOs and board members. Serve as the primary point of contact for key clients, managing expectations, building long-term relationships, and understanding their evolving technology risk needs. Provide thought leadership and expert guidance to clients on industry trends, regulatory developments, and emerging cybersecurity threats. Be part of critical client presentations and discussions to communicate project outcomes, cybersecurity vulnerabilities, and remediation strategies in a clear and actionable manner. Proactively identify opportunities to expand service offerings and assist clients in achieving their cybersecurity objectives. Manage current and developing new relationships and alliances. Quality: Maintain quality across all projects and seek active feedback on the same from all internal/external stakeholders. DESIRED CANDIDATE PROFILE: To be tailor-fit for the above skillsets, you need to have the following, Qualifications: Bachelors/masters degree in computer science, Information Security, or a related field. Professional certifications (CISSP, CISM, CRISC, CISA, or equivalent). Advanced certifications in privacy (CIPM, CIPT, or equivalent) preferred. Experience : 12-14 years of experience in Cybersecurity GRC, TechOps, and SecOps, with at least 5 years in a leadership role. Proven track record of building and scaling advisory practices, preferably in a global context. Intermediate knowledge of global privacy regulations and related compliance requirements. Experience in performing/overseeing IT audits, control assessments, and developing cybersecurity strategies and risk management frameworks. Knowledge of ethical hacking techniques, threat modelling, and exploitation of security vulnerabilities. Prior business development, sales, client management and practice management experience. Experience of handling a large client portfolio with a strong professional network/presence. Strong experience in leading large teams and managing complex client engagements. Skills : Advanced expertise in Cybersecurity frameworks, risk management, and operational security. Deep understanding of regulatory environments and privacy laws globally. Excellent leadership, communication, and stakeholder management skills. Strong business acumen, with the ability to identify and capitalize on market opportunities. In-depth knowledge of IT Governance, Risk, and Compliance (ITGRC) frameworks such as ISO 27001, NIST, COBIT, PCI DSS, and GDPR.

Role Description Divisional Risk and Control is responsible for non-financial risk and control management for the relevant operating Division or Infrastructure function or Dedicated Central Control Unit for the bank. Work includes: Defining the risk management framework Developing process and procedures to report on, manage, and mitigate risks to acceptable levels Maintaining operational control and discipline across the organizational unit Ensuring that business is conducted in accordance with applicable laws, regulations and in adherence to the bank's internal policies Providing thought-leadership around business specific risk taxonomies, assessment methodologies, process and control implementation Developing, tailoring and testing the control infrastructure for the business Communicating regulatory development and implications to the business Executing certain risk-related processes and draft first like risk procedures (e.g. product reviews, issue capture, regulatory change management, vendor management etc.) Managing Risk and Compliance data and information for both first and second lines Coordinating execution of risk and control self-assessment (RCSA) process Driving messaging and information from second line to first line (e.g., policies, procedures, training) Providing a consolidated view of non-financial risks Developing a positive risk culture, whilst assuring strategy alignment among various organizational levels Your key responsibilities Responsible to ensure compliance with the Information Security Policy and the subordinate documents within area of responsibility Establish and document roles/entitlements for each of the application together with the Role owners. Ensure any changes to the roles are supported by documented valid justification/s along with an Impact and Risk assessment as part of business decisions Execute IS Risk assessment and compliance evaluations for assigned IT assets with support from BSO community Review and address quality issues within ISO scope of responsibilities Ensure execution of Information Security risk management in line with DB Information Security Policy/ Guidelines including 1) InfoSec controls 2) Mitigating Control weakness 3) End user access review and recertification 4) provide InfoSec advisory on vendor relationships 5) Support BCM and DR exercise from ISO perspective 6) Providing guidance on control implementation Support Chief ISO delegate on relevant actions and initiatives. Create Segregation of Duties (SoD) rules for IT , assess SoD Rule violations and make exception decisions Participate in Information Security initiatives and programmes, as relevant; Review and assess severity of information security breaches and recommend appropriate follow-up actions, where necessary Advise local business and other partners on CSO solutions and facilitate service adoption in cooperation with Central CSO teams Support in the review and assessment of data leakage incidents relevant to PB Booking Centre. Your skills and experience Education & Experience: Proven experience of working within Information Security / Information Technology environment ideally in Banking Environment Experience working on small to medium scale projects at least within a global environment Professional certification including ISO27001 Lead Auditor/ Lead Implementer, CISM, CRISC University degree. Competencies: Outstanding problem solving, analytical and project management skills Proficiency with Microsoft Office programs; e.g. Excel , Word and PowerPoint Ability to work in pressurised situations Strong work ethic, commitment to excel and proven capacity to work effectively with minimum supervision Strong communication (written and verbal) and relationship skills with excellent command of the English language Very good influencing and management skills to liaise effectively with Business and control functions Personal Characteristics: Proactive attitude and self-initiative Ability to think laterally. Strong Team Player skills as well as working independently Eagerness to learn and adapt to new situations and processes Delivery-focused, able to manage multiple deliverables to deadlines Flexibility with respect to new tasks and the ability to work diligently in stressful situations Ability to learn quickly Driven and able to handle day-to-day routine as well as cope with shifting priorities and changing responsibilities to meet needs and demands.

Identifying, assessing, and solving complex business problems for area of responsibility, where analysis of situations or data requires an in-depth evaluation of variable factors Overseeing the development of Security solutions, architecture, design, asset documentation etc. Experience in assessment and implementation of security industry and regulatory compliance standards like ISO 27001, NIST, HIPAA, GDPR, CSA STAR compliance, PCI DSS, GDPR, CCPA, HITRUST Drafting policies, procedures and assist with security process development Experience in cloud assurance. Building security strategy, security operating model for cloud- based solutions, deployments, or migration Leading Security RFP response and security solutioning specific to client needs Experience in Gap, risk and maturity Assessments, Remediation recommendations and drafting To-Be Security architecture for clients Exposure to risk management, risk quantification Helping solve key business problems and challenges by enabling a security architecture transformation, painting a picture of, and charting a journey from the current state to a "to-be" enterprise environment Experience in participating in client presentations & orals for proposal defense etc. Implementing programs/interventions that prepare the organization for the implementation of new business processes Assisting our clients to build the required capabilities for growth and innovation to sustain high performance Managing multi-disciplinary teams to shape, sell, communicate, and implement programs Provide thought leadership to the downstream teams for developing offerings and assets Mentoring and developing our people Professional certifications like CISSP, CISA, CISM, CEH, ISO27001, CRISC, CCSK Qualifications TBC